@blamejs/exceptd-skills 0.14.26 → 0.14.27
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +10 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +3 -3
- package/data/_indexes/catalog-summaries.json +7 -7
- package/data/_indexes/chains.json +1125 -0
- package/data/_indexes/frequency.json +2 -0
- package/data/atlas-ttps.json +29 -17
- package/data/attack-techniques.json +43 -36
- package/data/cve-catalog.json +321 -2
- package/data/cwe-catalog.json +22 -19
- package/data/framework-control-gaps.json +197 -116
- package/data/playbooks/framework.json +1 -0
- package/data/playbooks/sbom.json +1 -0
- package/data/zeroday-lessons.json +211 -0
- package/manifest.json +44 -44
- package/package.json +1 -1
- package/sbom.cdx.json +28 -28
|
@@ -7,6 +7,1061 @@
|
|
|
7
7
|
"CWE"
|
|
8
8
|
]
|
|
9
9
|
},
|
|
10
|
+
"CVE-2025-30066": {
|
|
11
|
+
"name": "tj-actions/changed-files GitHub Action Supply-Chain Compromise (secret exfiltration to workflow logs)",
|
|
12
|
+
"rwep": 78,
|
|
13
|
+
"cvss": 8.6,
|
|
14
|
+
"cisa_kev": true,
|
|
15
|
+
"epss_score": 0.9183,
|
|
16
|
+
"referencing_skills": [
|
|
17
|
+
"mcp-agent-trust",
|
|
18
|
+
"supply-chain-integrity",
|
|
19
|
+
"identity-assurance",
|
|
20
|
+
"sector-healthcare",
|
|
21
|
+
"sector-federal-government",
|
|
22
|
+
"cloud-security",
|
|
23
|
+
"container-runtime-security",
|
|
24
|
+
"mlops-security",
|
|
25
|
+
"age-gates-child-safety"
|
|
26
|
+
],
|
|
27
|
+
"chain": {
|
|
28
|
+
"cwes": [
|
|
29
|
+
{
|
|
30
|
+
"id": "CWE-1188",
|
|
31
|
+
"name": "Initialization of a Resource with an Insecure Default",
|
|
32
|
+
"category": "Configuration"
|
|
33
|
+
},
|
|
34
|
+
{
|
|
35
|
+
"id": "CWE-1357",
|
|
36
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
37
|
+
"category": "Supply Chain"
|
|
38
|
+
},
|
|
39
|
+
{
|
|
40
|
+
"id": "CWE-1395",
|
|
41
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
42
|
+
"category": "Supply Chain"
|
|
43
|
+
},
|
|
44
|
+
{
|
|
45
|
+
"id": "CWE-1426",
|
|
46
|
+
"name": "Improper Validation of Generative AI Output",
|
|
47
|
+
"category": "AI/ML"
|
|
48
|
+
},
|
|
49
|
+
{
|
|
50
|
+
"id": "CWE-200",
|
|
51
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
52
|
+
"category": "Information Exposure"
|
|
53
|
+
},
|
|
54
|
+
{
|
|
55
|
+
"id": "CWE-22",
|
|
56
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
57
|
+
"category": "Path/Resource"
|
|
58
|
+
},
|
|
59
|
+
{
|
|
60
|
+
"id": "CWE-269",
|
|
61
|
+
"name": "Improper Privilege Management",
|
|
62
|
+
"category": "Authorization"
|
|
63
|
+
},
|
|
64
|
+
{
|
|
65
|
+
"id": "CWE-287",
|
|
66
|
+
"name": "Improper Authentication",
|
|
67
|
+
"category": "Authentication"
|
|
68
|
+
},
|
|
69
|
+
{
|
|
70
|
+
"id": "CWE-306",
|
|
71
|
+
"name": "Missing Authentication for Critical Function",
|
|
72
|
+
"category": "Authentication"
|
|
73
|
+
},
|
|
74
|
+
{
|
|
75
|
+
"id": "CWE-345",
|
|
76
|
+
"name": "Insufficient Verification of Data Authenticity",
|
|
77
|
+
"category": "Authenticity / Supply Chain"
|
|
78
|
+
},
|
|
79
|
+
{
|
|
80
|
+
"id": "CWE-352",
|
|
81
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
82
|
+
"category": "Session"
|
|
83
|
+
},
|
|
84
|
+
{
|
|
85
|
+
"id": "CWE-434",
|
|
86
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
87
|
+
"category": "File Handling"
|
|
88
|
+
},
|
|
89
|
+
{
|
|
90
|
+
"id": "CWE-494",
|
|
91
|
+
"name": "Download of Code Without Integrity Check",
|
|
92
|
+
"category": "Supply Chain"
|
|
93
|
+
},
|
|
94
|
+
{
|
|
95
|
+
"id": "CWE-502",
|
|
96
|
+
"name": "Deserialization of Untrusted Data",
|
|
97
|
+
"category": "Serialization"
|
|
98
|
+
},
|
|
99
|
+
{
|
|
100
|
+
"id": "CWE-732",
|
|
101
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
102
|
+
"category": "Authorization"
|
|
103
|
+
},
|
|
104
|
+
{
|
|
105
|
+
"id": "CWE-77",
|
|
106
|
+
"name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
|
|
107
|
+
"category": "Injection"
|
|
108
|
+
},
|
|
109
|
+
{
|
|
110
|
+
"id": "CWE-787",
|
|
111
|
+
"name": "Out-of-bounds Write",
|
|
112
|
+
"category": "Memory Safety"
|
|
113
|
+
},
|
|
114
|
+
{
|
|
115
|
+
"id": "CWE-798",
|
|
116
|
+
"name": "Use of Hard-coded Credentials",
|
|
117
|
+
"category": "Credentials"
|
|
118
|
+
},
|
|
119
|
+
{
|
|
120
|
+
"id": "CWE-829",
|
|
121
|
+
"name": "Inclusion of Functionality from Untrusted Control Sphere",
|
|
122
|
+
"category": "Supply Chain"
|
|
123
|
+
},
|
|
124
|
+
{
|
|
125
|
+
"id": "CWE-862",
|
|
126
|
+
"name": "Missing Authorization",
|
|
127
|
+
"category": "Authorization"
|
|
128
|
+
},
|
|
129
|
+
{
|
|
130
|
+
"id": "CWE-863",
|
|
131
|
+
"name": "Incorrect Authorization",
|
|
132
|
+
"category": "Authorization"
|
|
133
|
+
},
|
|
134
|
+
{
|
|
135
|
+
"id": "CWE-918",
|
|
136
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
137
|
+
"category": "Network"
|
|
138
|
+
},
|
|
139
|
+
{
|
|
140
|
+
"id": "CWE-94",
|
|
141
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
142
|
+
"category": "Injection"
|
|
143
|
+
}
|
|
144
|
+
],
|
|
145
|
+
"atlas": [
|
|
146
|
+
{
|
|
147
|
+
"id": "AML.T0010",
|
|
148
|
+
"name": "ML Supply Chain Compromise",
|
|
149
|
+
"tactic": "Initial Access"
|
|
150
|
+
},
|
|
151
|
+
{
|
|
152
|
+
"id": "AML.T0016",
|
|
153
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
154
|
+
"tactic": "Resource Development"
|
|
155
|
+
},
|
|
156
|
+
{
|
|
157
|
+
"id": "AML.T0017",
|
|
158
|
+
"name": "Discover ML Model Ontology",
|
|
159
|
+
"tactic": "Discovery"
|
|
160
|
+
},
|
|
161
|
+
{
|
|
162
|
+
"id": "AML.T0018",
|
|
163
|
+
"name": "Backdoor ML Model",
|
|
164
|
+
"tactic": "Persistence"
|
|
165
|
+
},
|
|
166
|
+
{
|
|
167
|
+
"id": "AML.T0020",
|
|
168
|
+
"name": "Poison Training Data",
|
|
169
|
+
"tactic": "ML Attack Staging"
|
|
170
|
+
},
|
|
171
|
+
{
|
|
172
|
+
"id": "AML.T0043",
|
|
173
|
+
"name": "Craft Adversarial Data",
|
|
174
|
+
"tactic": "ML Attack Staging"
|
|
175
|
+
},
|
|
176
|
+
{
|
|
177
|
+
"id": "AML.T0051",
|
|
178
|
+
"name": "LLM Prompt Injection",
|
|
179
|
+
"tactic": "Execution"
|
|
180
|
+
},
|
|
181
|
+
{
|
|
182
|
+
"id": "AML.T0096",
|
|
183
|
+
"name": "AI API as Covert C2 Channel",
|
|
184
|
+
"tactic": "Command and Control"
|
|
185
|
+
}
|
|
186
|
+
],
|
|
187
|
+
"d3fend": [
|
|
188
|
+
{
|
|
189
|
+
"id": "D3-CBAN",
|
|
190
|
+
"name": "Certificate-based Authentication",
|
|
191
|
+
"tactic": "Harden"
|
|
192
|
+
},
|
|
193
|
+
{
|
|
194
|
+
"id": "D3-CSPP",
|
|
195
|
+
"name": "Client-server Payload Profiling",
|
|
196
|
+
"tactic": "Detect"
|
|
197
|
+
},
|
|
198
|
+
{
|
|
199
|
+
"id": "D3-EAL",
|
|
200
|
+
"name": "Executable Allowlisting",
|
|
201
|
+
"tactic": "Harden"
|
|
202
|
+
},
|
|
203
|
+
{
|
|
204
|
+
"id": "D3-EHB",
|
|
205
|
+
"name": "Executable Hashbased Allowlist",
|
|
206
|
+
"tactic": "Harden"
|
|
207
|
+
},
|
|
208
|
+
{
|
|
209
|
+
"id": "D3-MFA",
|
|
210
|
+
"name": "Multi-factor Authentication",
|
|
211
|
+
"tactic": "Harden"
|
|
212
|
+
}
|
|
213
|
+
],
|
|
214
|
+
"framework_gaps": [
|
|
215
|
+
{
|
|
216
|
+
"id": "ALL-MCP-TOOL-TRUST",
|
|
217
|
+
"framework": "ALL",
|
|
218
|
+
"control_name": "MCP/Agent Tool Trust Boundaries"
|
|
219
|
+
},
|
|
220
|
+
{
|
|
221
|
+
"id": "CMMC-2.0-Level-2",
|
|
222
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
223
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
224
|
+
},
|
|
225
|
+
{
|
|
226
|
+
"id": "CycloneDX-v1.6-SBOM",
|
|
227
|
+
"framework": "CycloneDX v1.6 (OWASP SBOM standard)",
|
|
228
|
+
"control_name": "Software Bill of Materials"
|
|
229
|
+
},
|
|
230
|
+
{
|
|
231
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
232
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
233
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
234
|
+
},
|
|
235
|
+
{
|
|
236
|
+
"id": "HIPAA-Security-Rule-164.312(a)(1)",
|
|
237
|
+
"framework": "HIPAA Security Rule (45 CFR § 164.312)",
|
|
238
|
+
"control_name": "Access control standard (technical safeguards)"
|
|
239
|
+
},
|
|
240
|
+
{
|
|
241
|
+
"id": "HITRUST-CSF-v11.4-09.l",
|
|
242
|
+
"framework": "HITRUST CSF v11.4",
|
|
243
|
+
"control_name": "Outsourced services management"
|
|
244
|
+
},
|
|
245
|
+
{
|
|
246
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
247
|
+
"framework": "ISO/IEC 27001:2022",
|
|
248
|
+
"control_name": "Secure coding"
|
|
249
|
+
},
|
|
250
|
+
{
|
|
251
|
+
"id": "ISO-27001-2022-A.8.30",
|
|
252
|
+
"framework": "ISO/IEC 27001:2022",
|
|
253
|
+
"control_name": "Outsourced development"
|
|
254
|
+
},
|
|
255
|
+
{
|
|
256
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
257
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
258
|
+
"control_name": "AI risk assessment"
|
|
259
|
+
},
|
|
260
|
+
{
|
|
261
|
+
"id": "NIST-800-218-SSDF",
|
|
262
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
263
|
+
"control_name": "Secure Software Development Framework"
|
|
264
|
+
},
|
|
265
|
+
{
|
|
266
|
+
"id": "NIST-800-53-AC-2",
|
|
267
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
268
|
+
"control_name": "Account Management"
|
|
269
|
+
},
|
|
270
|
+
{
|
|
271
|
+
"id": "NIST-800-53-CM-7",
|
|
272
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
273
|
+
"control_name": "Least Functionality"
|
|
274
|
+
},
|
|
275
|
+
{
|
|
276
|
+
"id": "NIST-800-53-SA-12",
|
|
277
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
278
|
+
"control_name": "Supply Chain Protection"
|
|
279
|
+
},
|
|
280
|
+
{
|
|
281
|
+
"id": "NIST-800-63B-rev4",
|
|
282
|
+
"framework": "NIST SP 800-63B Rev 4 (Digital Identity Guidelines — Authentication & Lifecycle Mgmt)",
|
|
283
|
+
"control_name": "Authentication and Lifecycle Management (AAL/IAL/FAL)"
|
|
284
|
+
},
|
|
285
|
+
{
|
|
286
|
+
"id": "NIST-AI-RMF-MEASURE-2.5",
|
|
287
|
+
"framework": "NIST AI RMF 1.0",
|
|
288
|
+
"control_name": "AI system to human interaction evaluation"
|
|
289
|
+
},
|
|
290
|
+
{
|
|
291
|
+
"id": "OWASP-LLM-Top-10-2025-LLM06",
|
|
292
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
293
|
+
"control_name": "Excessive Agency"
|
|
294
|
+
},
|
|
295
|
+
{
|
|
296
|
+
"id": "OWASP-LLM-Top-10-2025-LLM08",
|
|
297
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
298
|
+
"control_name": "Vector and Embedding Weaknesses"
|
|
299
|
+
},
|
|
300
|
+
{
|
|
301
|
+
"id": "PSD2-RTS-SCA",
|
|
302
|
+
"framework": "EU PSD2 Regulatory Technical Standards on Strong Customer Authentication (Commission Delegated Regulation (EU) 2018/389)",
|
|
303
|
+
"control_name": "Strong Customer Authentication and Common and Secure Communication"
|
|
304
|
+
},
|
|
305
|
+
{
|
|
306
|
+
"id": "SLSA-v1.0-Build-L3",
|
|
307
|
+
"framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
|
|
308
|
+
"control_name": "Hardened build platform with non-falsifiable provenance"
|
|
309
|
+
},
|
|
310
|
+
{
|
|
311
|
+
"id": "SOC2-CC6-logical-access",
|
|
312
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
313
|
+
"control_name": "Logical and Physical Access Controls"
|
|
314
|
+
},
|
|
315
|
+
{
|
|
316
|
+
"id": "SOC2-CC9-vendor-management",
|
|
317
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
318
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
319
|
+
},
|
|
320
|
+
{
|
|
321
|
+
"id": "SPDX-v3.0-SBOM",
|
|
322
|
+
"framework": "SPDX v3.0 (ISO/IEC 5962-aligned SBOM standard)",
|
|
323
|
+
"control_name": "Software Package Data Exchange — SBOM"
|
|
324
|
+
},
|
|
325
|
+
{
|
|
326
|
+
"id": "SWIFT-CSCF-v2026-1.1",
|
|
327
|
+
"framework": "SWIFT Customer Security Controls Framework v2026",
|
|
328
|
+
"control_name": "SWIFT Environment Protection"
|
|
329
|
+
},
|
|
330
|
+
{
|
|
331
|
+
"id": "VEX-CSAF-v2.1",
|
|
332
|
+
"framework": "VEX via OASIS CSAF 2.1 (Common Security Advisory Framework)",
|
|
333
|
+
"control_name": "Vulnerability Exploitability eXchange profile"
|
|
334
|
+
}
|
|
335
|
+
],
|
|
336
|
+
"attack_refs": [
|
|
337
|
+
"T1059",
|
|
338
|
+
"T1068",
|
|
339
|
+
"T1078",
|
|
340
|
+
"T1110",
|
|
341
|
+
"T1190",
|
|
342
|
+
"T1195.001",
|
|
343
|
+
"T1195.002",
|
|
344
|
+
"T1530",
|
|
345
|
+
"T1552",
|
|
346
|
+
"T1554",
|
|
347
|
+
"T1556",
|
|
348
|
+
"T1565",
|
|
349
|
+
"T1567",
|
|
350
|
+
"T1610",
|
|
351
|
+
"T1611"
|
|
352
|
+
],
|
|
353
|
+
"rfc_refs": [
|
|
354
|
+
"RFC-6749",
|
|
355
|
+
"RFC-7519",
|
|
356
|
+
"RFC-8032",
|
|
357
|
+
"RFC-8446",
|
|
358
|
+
"RFC-8725",
|
|
359
|
+
"RFC-9114",
|
|
360
|
+
"RFC-9180",
|
|
361
|
+
"RFC-9421",
|
|
362
|
+
"RFC-9700"
|
|
363
|
+
]
|
|
364
|
+
}
|
|
365
|
+
},
|
|
366
|
+
"CVE-2025-30154": {
|
|
367
|
+
"name": "reviewdog/action-setup GitHub Action Supply-Chain Compromise (secret exfiltration to workflow logs)",
|
|
368
|
+
"rwep": 72,
|
|
369
|
+
"cvss": 8.6,
|
|
370
|
+
"cisa_kev": true,
|
|
371
|
+
"epss_score": 0.34556,
|
|
372
|
+
"referencing_skills": [
|
|
373
|
+
"mcp-agent-trust",
|
|
374
|
+
"supply-chain-integrity",
|
|
375
|
+
"identity-assurance",
|
|
376
|
+
"sector-healthcare",
|
|
377
|
+
"sector-federal-government",
|
|
378
|
+
"cloud-security",
|
|
379
|
+
"container-runtime-security",
|
|
380
|
+
"mlops-security",
|
|
381
|
+
"age-gates-child-safety"
|
|
382
|
+
],
|
|
383
|
+
"chain": {
|
|
384
|
+
"cwes": [
|
|
385
|
+
{
|
|
386
|
+
"id": "CWE-1188",
|
|
387
|
+
"name": "Initialization of a Resource with an Insecure Default",
|
|
388
|
+
"category": "Configuration"
|
|
389
|
+
},
|
|
390
|
+
{
|
|
391
|
+
"id": "CWE-1357",
|
|
392
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
393
|
+
"category": "Supply Chain"
|
|
394
|
+
},
|
|
395
|
+
{
|
|
396
|
+
"id": "CWE-1395",
|
|
397
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
398
|
+
"category": "Supply Chain"
|
|
399
|
+
},
|
|
400
|
+
{
|
|
401
|
+
"id": "CWE-1426",
|
|
402
|
+
"name": "Improper Validation of Generative AI Output",
|
|
403
|
+
"category": "AI/ML"
|
|
404
|
+
},
|
|
405
|
+
{
|
|
406
|
+
"id": "CWE-200",
|
|
407
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
408
|
+
"category": "Information Exposure"
|
|
409
|
+
},
|
|
410
|
+
{
|
|
411
|
+
"id": "CWE-22",
|
|
412
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
413
|
+
"category": "Path/Resource"
|
|
414
|
+
},
|
|
415
|
+
{
|
|
416
|
+
"id": "CWE-269",
|
|
417
|
+
"name": "Improper Privilege Management",
|
|
418
|
+
"category": "Authorization"
|
|
419
|
+
},
|
|
420
|
+
{
|
|
421
|
+
"id": "CWE-287",
|
|
422
|
+
"name": "Improper Authentication",
|
|
423
|
+
"category": "Authentication"
|
|
424
|
+
},
|
|
425
|
+
{
|
|
426
|
+
"id": "CWE-306",
|
|
427
|
+
"name": "Missing Authentication for Critical Function",
|
|
428
|
+
"category": "Authentication"
|
|
429
|
+
},
|
|
430
|
+
{
|
|
431
|
+
"id": "CWE-345",
|
|
432
|
+
"name": "Insufficient Verification of Data Authenticity",
|
|
433
|
+
"category": "Authenticity / Supply Chain"
|
|
434
|
+
},
|
|
435
|
+
{
|
|
436
|
+
"id": "CWE-352",
|
|
437
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
438
|
+
"category": "Session"
|
|
439
|
+
},
|
|
440
|
+
{
|
|
441
|
+
"id": "CWE-434",
|
|
442
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
443
|
+
"category": "File Handling"
|
|
444
|
+
},
|
|
445
|
+
{
|
|
446
|
+
"id": "CWE-494",
|
|
447
|
+
"name": "Download of Code Without Integrity Check",
|
|
448
|
+
"category": "Supply Chain"
|
|
449
|
+
},
|
|
450
|
+
{
|
|
451
|
+
"id": "CWE-502",
|
|
452
|
+
"name": "Deserialization of Untrusted Data",
|
|
453
|
+
"category": "Serialization"
|
|
454
|
+
},
|
|
455
|
+
{
|
|
456
|
+
"id": "CWE-732",
|
|
457
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
458
|
+
"category": "Authorization"
|
|
459
|
+
},
|
|
460
|
+
{
|
|
461
|
+
"id": "CWE-77",
|
|
462
|
+
"name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
|
|
463
|
+
"category": "Injection"
|
|
464
|
+
},
|
|
465
|
+
{
|
|
466
|
+
"id": "CWE-787",
|
|
467
|
+
"name": "Out-of-bounds Write",
|
|
468
|
+
"category": "Memory Safety"
|
|
469
|
+
},
|
|
470
|
+
{
|
|
471
|
+
"id": "CWE-798",
|
|
472
|
+
"name": "Use of Hard-coded Credentials",
|
|
473
|
+
"category": "Credentials"
|
|
474
|
+
},
|
|
475
|
+
{
|
|
476
|
+
"id": "CWE-829",
|
|
477
|
+
"name": "Inclusion of Functionality from Untrusted Control Sphere",
|
|
478
|
+
"category": "Supply Chain"
|
|
479
|
+
},
|
|
480
|
+
{
|
|
481
|
+
"id": "CWE-862",
|
|
482
|
+
"name": "Missing Authorization",
|
|
483
|
+
"category": "Authorization"
|
|
484
|
+
},
|
|
485
|
+
{
|
|
486
|
+
"id": "CWE-863",
|
|
487
|
+
"name": "Incorrect Authorization",
|
|
488
|
+
"category": "Authorization"
|
|
489
|
+
},
|
|
490
|
+
{
|
|
491
|
+
"id": "CWE-918",
|
|
492
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
493
|
+
"category": "Network"
|
|
494
|
+
},
|
|
495
|
+
{
|
|
496
|
+
"id": "CWE-94",
|
|
497
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
498
|
+
"category": "Injection"
|
|
499
|
+
}
|
|
500
|
+
],
|
|
501
|
+
"atlas": [
|
|
502
|
+
{
|
|
503
|
+
"id": "AML.T0010",
|
|
504
|
+
"name": "ML Supply Chain Compromise",
|
|
505
|
+
"tactic": "Initial Access"
|
|
506
|
+
},
|
|
507
|
+
{
|
|
508
|
+
"id": "AML.T0016",
|
|
509
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
510
|
+
"tactic": "Resource Development"
|
|
511
|
+
},
|
|
512
|
+
{
|
|
513
|
+
"id": "AML.T0017",
|
|
514
|
+
"name": "Discover ML Model Ontology",
|
|
515
|
+
"tactic": "Discovery"
|
|
516
|
+
},
|
|
517
|
+
{
|
|
518
|
+
"id": "AML.T0018",
|
|
519
|
+
"name": "Backdoor ML Model",
|
|
520
|
+
"tactic": "Persistence"
|
|
521
|
+
},
|
|
522
|
+
{
|
|
523
|
+
"id": "AML.T0020",
|
|
524
|
+
"name": "Poison Training Data",
|
|
525
|
+
"tactic": "ML Attack Staging"
|
|
526
|
+
},
|
|
527
|
+
{
|
|
528
|
+
"id": "AML.T0043",
|
|
529
|
+
"name": "Craft Adversarial Data",
|
|
530
|
+
"tactic": "ML Attack Staging"
|
|
531
|
+
},
|
|
532
|
+
{
|
|
533
|
+
"id": "AML.T0051",
|
|
534
|
+
"name": "LLM Prompt Injection",
|
|
535
|
+
"tactic": "Execution"
|
|
536
|
+
},
|
|
537
|
+
{
|
|
538
|
+
"id": "AML.T0096",
|
|
539
|
+
"name": "AI API as Covert C2 Channel",
|
|
540
|
+
"tactic": "Command and Control"
|
|
541
|
+
}
|
|
542
|
+
],
|
|
543
|
+
"d3fend": [
|
|
544
|
+
{
|
|
545
|
+
"id": "D3-CBAN",
|
|
546
|
+
"name": "Certificate-based Authentication",
|
|
547
|
+
"tactic": "Harden"
|
|
548
|
+
},
|
|
549
|
+
{
|
|
550
|
+
"id": "D3-CSPP",
|
|
551
|
+
"name": "Client-server Payload Profiling",
|
|
552
|
+
"tactic": "Detect"
|
|
553
|
+
},
|
|
554
|
+
{
|
|
555
|
+
"id": "D3-EAL",
|
|
556
|
+
"name": "Executable Allowlisting",
|
|
557
|
+
"tactic": "Harden"
|
|
558
|
+
},
|
|
559
|
+
{
|
|
560
|
+
"id": "D3-EHB",
|
|
561
|
+
"name": "Executable Hashbased Allowlist",
|
|
562
|
+
"tactic": "Harden"
|
|
563
|
+
},
|
|
564
|
+
{
|
|
565
|
+
"id": "D3-MFA",
|
|
566
|
+
"name": "Multi-factor Authentication",
|
|
567
|
+
"tactic": "Harden"
|
|
568
|
+
}
|
|
569
|
+
],
|
|
570
|
+
"framework_gaps": [
|
|
571
|
+
{
|
|
572
|
+
"id": "ALL-MCP-TOOL-TRUST",
|
|
573
|
+
"framework": "ALL",
|
|
574
|
+
"control_name": "MCP/Agent Tool Trust Boundaries"
|
|
575
|
+
},
|
|
576
|
+
{
|
|
577
|
+
"id": "CMMC-2.0-Level-2",
|
|
578
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
579
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
580
|
+
},
|
|
581
|
+
{
|
|
582
|
+
"id": "CycloneDX-v1.6-SBOM",
|
|
583
|
+
"framework": "CycloneDX v1.6 (OWASP SBOM standard)",
|
|
584
|
+
"control_name": "Software Bill of Materials"
|
|
585
|
+
},
|
|
586
|
+
{
|
|
587
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
588
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
589
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
590
|
+
},
|
|
591
|
+
{
|
|
592
|
+
"id": "HIPAA-Security-Rule-164.312(a)(1)",
|
|
593
|
+
"framework": "HIPAA Security Rule (45 CFR § 164.312)",
|
|
594
|
+
"control_name": "Access control standard (technical safeguards)"
|
|
595
|
+
},
|
|
596
|
+
{
|
|
597
|
+
"id": "HITRUST-CSF-v11.4-09.l",
|
|
598
|
+
"framework": "HITRUST CSF v11.4",
|
|
599
|
+
"control_name": "Outsourced services management"
|
|
600
|
+
},
|
|
601
|
+
{
|
|
602
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
603
|
+
"framework": "ISO/IEC 27001:2022",
|
|
604
|
+
"control_name": "Secure coding"
|
|
605
|
+
},
|
|
606
|
+
{
|
|
607
|
+
"id": "ISO-27001-2022-A.8.30",
|
|
608
|
+
"framework": "ISO/IEC 27001:2022",
|
|
609
|
+
"control_name": "Outsourced development"
|
|
610
|
+
},
|
|
611
|
+
{
|
|
612
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
613
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
614
|
+
"control_name": "AI risk assessment"
|
|
615
|
+
},
|
|
616
|
+
{
|
|
617
|
+
"id": "NIST-800-218-SSDF",
|
|
618
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
619
|
+
"control_name": "Secure Software Development Framework"
|
|
620
|
+
},
|
|
621
|
+
{
|
|
622
|
+
"id": "NIST-800-53-AC-2",
|
|
623
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
624
|
+
"control_name": "Account Management"
|
|
625
|
+
},
|
|
626
|
+
{
|
|
627
|
+
"id": "NIST-800-53-CM-7",
|
|
628
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
629
|
+
"control_name": "Least Functionality"
|
|
630
|
+
},
|
|
631
|
+
{
|
|
632
|
+
"id": "NIST-800-53-SA-12",
|
|
633
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
634
|
+
"control_name": "Supply Chain Protection"
|
|
635
|
+
},
|
|
636
|
+
{
|
|
637
|
+
"id": "NIST-800-63B-rev4",
|
|
638
|
+
"framework": "NIST SP 800-63B Rev 4 (Digital Identity Guidelines — Authentication & Lifecycle Mgmt)",
|
|
639
|
+
"control_name": "Authentication and Lifecycle Management (AAL/IAL/FAL)"
|
|
640
|
+
},
|
|
641
|
+
{
|
|
642
|
+
"id": "NIST-AI-RMF-MEASURE-2.5",
|
|
643
|
+
"framework": "NIST AI RMF 1.0",
|
|
644
|
+
"control_name": "AI system to human interaction evaluation"
|
|
645
|
+
},
|
|
646
|
+
{
|
|
647
|
+
"id": "OWASP-LLM-Top-10-2025-LLM06",
|
|
648
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
649
|
+
"control_name": "Excessive Agency"
|
|
650
|
+
},
|
|
651
|
+
{
|
|
652
|
+
"id": "OWASP-LLM-Top-10-2025-LLM08",
|
|
653
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
654
|
+
"control_name": "Vector and Embedding Weaknesses"
|
|
655
|
+
},
|
|
656
|
+
{
|
|
657
|
+
"id": "PSD2-RTS-SCA",
|
|
658
|
+
"framework": "EU PSD2 Regulatory Technical Standards on Strong Customer Authentication (Commission Delegated Regulation (EU) 2018/389)",
|
|
659
|
+
"control_name": "Strong Customer Authentication and Common and Secure Communication"
|
|
660
|
+
},
|
|
661
|
+
{
|
|
662
|
+
"id": "SLSA-v1.0-Build-L3",
|
|
663
|
+
"framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
|
|
664
|
+
"control_name": "Hardened build platform with non-falsifiable provenance"
|
|
665
|
+
},
|
|
666
|
+
{
|
|
667
|
+
"id": "SOC2-CC6-logical-access",
|
|
668
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
669
|
+
"control_name": "Logical and Physical Access Controls"
|
|
670
|
+
},
|
|
671
|
+
{
|
|
672
|
+
"id": "SOC2-CC9-vendor-management",
|
|
673
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
674
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
675
|
+
},
|
|
676
|
+
{
|
|
677
|
+
"id": "SPDX-v3.0-SBOM",
|
|
678
|
+
"framework": "SPDX v3.0 (ISO/IEC 5962-aligned SBOM standard)",
|
|
679
|
+
"control_name": "Software Package Data Exchange — SBOM"
|
|
680
|
+
},
|
|
681
|
+
{
|
|
682
|
+
"id": "SWIFT-CSCF-v2026-1.1",
|
|
683
|
+
"framework": "SWIFT Customer Security Controls Framework v2026",
|
|
684
|
+
"control_name": "SWIFT Environment Protection"
|
|
685
|
+
},
|
|
686
|
+
{
|
|
687
|
+
"id": "VEX-CSAF-v2.1",
|
|
688
|
+
"framework": "VEX via OASIS CSAF 2.1 (Common Security Advisory Framework)",
|
|
689
|
+
"control_name": "Vulnerability Exploitability eXchange profile"
|
|
690
|
+
}
|
|
691
|
+
],
|
|
692
|
+
"attack_refs": [
|
|
693
|
+
"T1059",
|
|
694
|
+
"T1068",
|
|
695
|
+
"T1078",
|
|
696
|
+
"T1110",
|
|
697
|
+
"T1190",
|
|
698
|
+
"T1195.001",
|
|
699
|
+
"T1195.002",
|
|
700
|
+
"T1530",
|
|
701
|
+
"T1552",
|
|
702
|
+
"T1554",
|
|
703
|
+
"T1556",
|
|
704
|
+
"T1565",
|
|
705
|
+
"T1567",
|
|
706
|
+
"T1610",
|
|
707
|
+
"T1611"
|
|
708
|
+
],
|
|
709
|
+
"rfc_refs": [
|
|
710
|
+
"RFC-6749",
|
|
711
|
+
"RFC-7519",
|
|
712
|
+
"RFC-8032",
|
|
713
|
+
"RFC-8446",
|
|
714
|
+
"RFC-8725",
|
|
715
|
+
"RFC-9114",
|
|
716
|
+
"RFC-9180",
|
|
717
|
+
"RFC-9421",
|
|
718
|
+
"RFC-9700"
|
|
719
|
+
]
|
|
720
|
+
}
|
|
721
|
+
},
|
|
722
|
+
"CVE-2026-48027": {
|
|
723
|
+
"name": "Nx Console IDE Extension Supply-Chain Compromise (malicious marketplace version)",
|
|
724
|
+
"rwep": 74,
|
|
725
|
+
"cvss": 9.8,
|
|
726
|
+
"cisa_kev": true,
|
|
727
|
+
"epss_score": null,
|
|
728
|
+
"referencing_skills": [
|
|
729
|
+
"kernel-lpe-triage",
|
|
730
|
+
"mcp-agent-trust",
|
|
731
|
+
"identity-assurance",
|
|
732
|
+
"coordinated-vuln-disclosure",
|
|
733
|
+
"sector-healthcare",
|
|
734
|
+
"cloud-security",
|
|
735
|
+
"age-gates-child-safety"
|
|
736
|
+
],
|
|
737
|
+
"chain": {
|
|
738
|
+
"cwes": [
|
|
739
|
+
{
|
|
740
|
+
"id": "CWE-1188",
|
|
741
|
+
"name": "Initialization of a Resource with an Insecure Default",
|
|
742
|
+
"category": "Configuration"
|
|
743
|
+
},
|
|
744
|
+
{
|
|
745
|
+
"id": "CWE-125",
|
|
746
|
+
"name": "Out-of-bounds Read",
|
|
747
|
+
"category": "Memory Safety"
|
|
748
|
+
},
|
|
749
|
+
{
|
|
750
|
+
"id": "CWE-1357",
|
|
751
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
752
|
+
"category": "Supply Chain"
|
|
753
|
+
},
|
|
754
|
+
{
|
|
755
|
+
"id": "CWE-1426",
|
|
756
|
+
"name": "Improper Validation of Generative AI Output",
|
|
757
|
+
"category": "AI/ML"
|
|
758
|
+
},
|
|
759
|
+
{
|
|
760
|
+
"id": "CWE-200",
|
|
761
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
762
|
+
"category": "Information Exposure"
|
|
763
|
+
},
|
|
764
|
+
{
|
|
765
|
+
"id": "CWE-22",
|
|
766
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
767
|
+
"category": "Path/Resource"
|
|
768
|
+
},
|
|
769
|
+
{
|
|
770
|
+
"id": "CWE-269",
|
|
771
|
+
"name": "Improper Privilege Management",
|
|
772
|
+
"category": "Authorization"
|
|
773
|
+
},
|
|
774
|
+
{
|
|
775
|
+
"id": "CWE-287",
|
|
776
|
+
"name": "Improper Authentication",
|
|
777
|
+
"category": "Authentication"
|
|
778
|
+
},
|
|
779
|
+
{
|
|
780
|
+
"id": "CWE-306",
|
|
781
|
+
"name": "Missing Authentication for Critical Function",
|
|
782
|
+
"category": "Authentication"
|
|
783
|
+
},
|
|
784
|
+
{
|
|
785
|
+
"id": "CWE-345",
|
|
786
|
+
"name": "Insufficient Verification of Data Authenticity",
|
|
787
|
+
"category": "Authenticity / Supply Chain"
|
|
788
|
+
},
|
|
789
|
+
{
|
|
790
|
+
"id": "CWE-352",
|
|
791
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
792
|
+
"category": "Session"
|
|
793
|
+
},
|
|
794
|
+
{
|
|
795
|
+
"id": "CWE-362",
|
|
796
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
797
|
+
"category": "Concurrency"
|
|
798
|
+
},
|
|
799
|
+
{
|
|
800
|
+
"id": "CWE-416",
|
|
801
|
+
"name": "Use After Free",
|
|
802
|
+
"category": "Memory Safety"
|
|
803
|
+
},
|
|
804
|
+
{
|
|
805
|
+
"id": "CWE-434",
|
|
806
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
807
|
+
"category": "File Handling"
|
|
808
|
+
},
|
|
809
|
+
{
|
|
810
|
+
"id": "CWE-494",
|
|
811
|
+
"name": "Download of Code Without Integrity Check",
|
|
812
|
+
"category": "Supply Chain"
|
|
813
|
+
},
|
|
814
|
+
{
|
|
815
|
+
"id": "CWE-672",
|
|
816
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
817
|
+
"category": "Memory Safety"
|
|
818
|
+
},
|
|
819
|
+
{
|
|
820
|
+
"id": "CWE-732",
|
|
821
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
822
|
+
"category": "Authorization"
|
|
823
|
+
},
|
|
824
|
+
{
|
|
825
|
+
"id": "CWE-77",
|
|
826
|
+
"name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
|
|
827
|
+
"category": "Injection"
|
|
828
|
+
},
|
|
829
|
+
{
|
|
830
|
+
"id": "CWE-787",
|
|
831
|
+
"name": "Out-of-bounds Write",
|
|
832
|
+
"category": "Memory Safety"
|
|
833
|
+
},
|
|
834
|
+
{
|
|
835
|
+
"id": "CWE-798",
|
|
836
|
+
"name": "Use of Hard-coded Credentials",
|
|
837
|
+
"category": "Credentials"
|
|
838
|
+
},
|
|
839
|
+
{
|
|
840
|
+
"id": "CWE-862",
|
|
841
|
+
"name": "Missing Authorization",
|
|
842
|
+
"category": "Authorization"
|
|
843
|
+
},
|
|
844
|
+
{
|
|
845
|
+
"id": "CWE-863",
|
|
846
|
+
"name": "Incorrect Authorization",
|
|
847
|
+
"category": "Authorization"
|
|
848
|
+
},
|
|
849
|
+
{
|
|
850
|
+
"id": "CWE-918",
|
|
851
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
852
|
+
"category": "Network"
|
|
853
|
+
},
|
|
854
|
+
{
|
|
855
|
+
"id": "CWE-94",
|
|
856
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
857
|
+
"category": "Injection"
|
|
858
|
+
}
|
|
859
|
+
],
|
|
860
|
+
"atlas": [
|
|
861
|
+
{
|
|
862
|
+
"id": "AML.T0010",
|
|
863
|
+
"name": "ML Supply Chain Compromise",
|
|
864
|
+
"tactic": "Initial Access"
|
|
865
|
+
},
|
|
866
|
+
{
|
|
867
|
+
"id": "AML.T0016",
|
|
868
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
869
|
+
"tactic": "Resource Development"
|
|
870
|
+
},
|
|
871
|
+
{
|
|
872
|
+
"id": "AML.T0017",
|
|
873
|
+
"name": "Discover ML Model Ontology",
|
|
874
|
+
"tactic": "Discovery"
|
|
875
|
+
},
|
|
876
|
+
{
|
|
877
|
+
"id": "AML.T0051",
|
|
878
|
+
"name": "LLM Prompt Injection",
|
|
879
|
+
"tactic": "Execution"
|
|
880
|
+
},
|
|
881
|
+
{
|
|
882
|
+
"id": "AML.T0096",
|
|
883
|
+
"name": "AI API as Covert C2 Channel",
|
|
884
|
+
"tactic": "Command and Control"
|
|
885
|
+
}
|
|
886
|
+
],
|
|
887
|
+
"d3fend": [
|
|
888
|
+
{
|
|
889
|
+
"id": "D3-ASLR",
|
|
890
|
+
"name": "Address Space Layout Randomization",
|
|
891
|
+
"tactic": "Harden"
|
|
892
|
+
},
|
|
893
|
+
{
|
|
894
|
+
"id": "D3-CBAN",
|
|
895
|
+
"name": "Certificate-based Authentication",
|
|
896
|
+
"tactic": "Harden"
|
|
897
|
+
},
|
|
898
|
+
{
|
|
899
|
+
"id": "D3-CSPP",
|
|
900
|
+
"name": "Client-server Payload Profiling",
|
|
901
|
+
"tactic": "Detect"
|
|
902
|
+
},
|
|
903
|
+
{
|
|
904
|
+
"id": "D3-EAL",
|
|
905
|
+
"name": "Executable Allowlisting",
|
|
906
|
+
"tactic": "Harden"
|
|
907
|
+
},
|
|
908
|
+
{
|
|
909
|
+
"id": "D3-EHB",
|
|
910
|
+
"name": "Executable Hashbased Allowlist",
|
|
911
|
+
"tactic": "Harden"
|
|
912
|
+
},
|
|
913
|
+
{
|
|
914
|
+
"id": "D3-MFA",
|
|
915
|
+
"name": "Multi-factor Authentication",
|
|
916
|
+
"tactic": "Harden"
|
|
917
|
+
},
|
|
918
|
+
{
|
|
919
|
+
"id": "D3-PHRA",
|
|
920
|
+
"name": "Process Hardware Resource Access",
|
|
921
|
+
"tactic": "Isolate"
|
|
922
|
+
},
|
|
923
|
+
{
|
|
924
|
+
"id": "D3-PSEP",
|
|
925
|
+
"name": "Process Segment Execution Prevention",
|
|
926
|
+
"tactic": "Harden"
|
|
927
|
+
}
|
|
928
|
+
],
|
|
929
|
+
"framework_gaps": [
|
|
930
|
+
{
|
|
931
|
+
"id": "ALL-MCP-TOOL-TRUST",
|
|
932
|
+
"framework": "ALL",
|
|
933
|
+
"control_name": "MCP/Agent Tool Trust Boundaries"
|
|
934
|
+
},
|
|
935
|
+
{
|
|
936
|
+
"id": "CIS-Controls-v8-Control7",
|
|
937
|
+
"framework": "CIS Controls v8",
|
|
938
|
+
"control_name": "Continuous Vulnerability Management"
|
|
939
|
+
},
|
|
940
|
+
{
|
|
941
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
942
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
943
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
944
|
+
},
|
|
945
|
+
{
|
|
946
|
+
"id": "HIPAA-Security-Rule-164.312(a)(1)",
|
|
947
|
+
"framework": "HIPAA Security Rule (45 CFR § 164.312)",
|
|
948
|
+
"control_name": "Access control standard (technical safeguards)"
|
|
949
|
+
},
|
|
950
|
+
{
|
|
951
|
+
"id": "HITRUST-CSF-v11.4-09.l",
|
|
952
|
+
"framework": "HITRUST CSF v11.4",
|
|
953
|
+
"control_name": "Outsourced services management"
|
|
954
|
+
},
|
|
955
|
+
{
|
|
956
|
+
"id": "ISO-27001-2022-A.8.30",
|
|
957
|
+
"framework": "ISO/IEC 27001:2022",
|
|
958
|
+
"control_name": "Outsourced development"
|
|
959
|
+
},
|
|
960
|
+
{
|
|
961
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
962
|
+
"framework": "ISO/IEC 27001:2022",
|
|
963
|
+
"control_name": "Management of technical vulnerabilities"
|
|
964
|
+
},
|
|
965
|
+
{
|
|
966
|
+
"id": "NIS2-Art21-patch-management",
|
|
967
|
+
"framework": "EU NIS2 Directive",
|
|
968
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
969
|
+
},
|
|
970
|
+
{
|
|
971
|
+
"id": "NIST-800-218-SSDF",
|
|
972
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
973
|
+
"control_name": "Secure Software Development Framework"
|
|
974
|
+
},
|
|
975
|
+
{
|
|
976
|
+
"id": "NIST-800-53-AC-2",
|
|
977
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
978
|
+
"control_name": "Account Management"
|
|
979
|
+
},
|
|
980
|
+
{
|
|
981
|
+
"id": "NIST-800-53-CM-7",
|
|
982
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
983
|
+
"control_name": "Least Functionality"
|
|
984
|
+
},
|
|
985
|
+
{
|
|
986
|
+
"id": "NIST-800-53-SA-12",
|
|
987
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
988
|
+
"control_name": "Supply Chain Protection"
|
|
989
|
+
},
|
|
990
|
+
{
|
|
991
|
+
"id": "NIST-800-53-SC-8",
|
|
992
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
993
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
994
|
+
},
|
|
995
|
+
{
|
|
996
|
+
"id": "NIST-800-53-SI-2",
|
|
997
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
998
|
+
"control_name": "Flaw Remediation"
|
|
999
|
+
},
|
|
1000
|
+
{
|
|
1001
|
+
"id": "NIST-800-63B-rev4",
|
|
1002
|
+
"framework": "NIST SP 800-63B Rev 4 (Digital Identity Guidelines — Authentication & Lifecycle Mgmt)",
|
|
1003
|
+
"control_name": "Authentication and Lifecycle Management (AAL/IAL/FAL)"
|
|
1004
|
+
},
|
|
1005
|
+
{
|
|
1006
|
+
"id": "OWASP-LLM-Top-10-2025-LLM06",
|
|
1007
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
1008
|
+
"control_name": "Excessive Agency"
|
|
1009
|
+
},
|
|
1010
|
+
{
|
|
1011
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
1012
|
+
"framework": "PCI DSS 4.0",
|
|
1013
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
1014
|
+
},
|
|
1015
|
+
{
|
|
1016
|
+
"id": "PSD2-RTS-SCA",
|
|
1017
|
+
"framework": "EU PSD2 Regulatory Technical Standards on Strong Customer Authentication (Commission Delegated Regulation (EU) 2018/389)",
|
|
1018
|
+
"control_name": "Strong Customer Authentication and Common and Secure Communication"
|
|
1019
|
+
},
|
|
1020
|
+
{
|
|
1021
|
+
"id": "SOC2-CC6-logical-access",
|
|
1022
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
1023
|
+
"control_name": "Logical and Physical Access Controls"
|
|
1024
|
+
},
|
|
1025
|
+
{
|
|
1026
|
+
"id": "SOC2-CC9-vendor-management",
|
|
1027
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
1028
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
1029
|
+
},
|
|
1030
|
+
{
|
|
1031
|
+
"id": "SWIFT-CSCF-v2026-1.1",
|
|
1032
|
+
"framework": "SWIFT Customer Security Controls Framework v2026",
|
|
1033
|
+
"control_name": "SWIFT Environment Protection"
|
|
1034
|
+
}
|
|
1035
|
+
],
|
|
1036
|
+
"attack_refs": [
|
|
1037
|
+
"T1059",
|
|
1038
|
+
"T1068",
|
|
1039
|
+
"T1078",
|
|
1040
|
+
"T1110",
|
|
1041
|
+
"T1190",
|
|
1042
|
+
"T1195.001",
|
|
1043
|
+
"T1530",
|
|
1044
|
+
"T1548.001",
|
|
1045
|
+
"T1552",
|
|
1046
|
+
"T1556",
|
|
1047
|
+
"T1567"
|
|
1048
|
+
],
|
|
1049
|
+
"rfc_refs": [
|
|
1050
|
+
"RFC-4301",
|
|
1051
|
+
"RFC-4303",
|
|
1052
|
+
"RFC-6749",
|
|
1053
|
+
"RFC-7296",
|
|
1054
|
+
"RFC-7519",
|
|
1055
|
+
"RFC-8032",
|
|
1056
|
+
"RFC-8446",
|
|
1057
|
+
"RFC-8725",
|
|
1058
|
+
"RFC-9114",
|
|
1059
|
+
"RFC-9180",
|
|
1060
|
+
"RFC-9421",
|
|
1061
|
+
"RFC-9700"
|
|
1062
|
+
]
|
|
1063
|
+
}
|
|
1064
|
+
},
|
|
10
1065
|
"CVE-2025-53773": {
|
|
11
1066
|
"name": "GitHub Copilot / VS Code 'YOLO mode' Prompt Injection RCE",
|
|
12
1067
|
"rwep": 30,
|
|
@@ -77537,6 +78592,8 @@
|
|
|
77537
78592
|
"CVE-2025-23254",
|
|
77538
78593
|
"CVE-2025-23266",
|
|
77539
78594
|
"CVE-2025-27520",
|
|
78595
|
+
"CVE-2025-30066",
|
|
78596
|
+
"CVE-2025-30154",
|
|
77540
78597
|
"CVE-2025-30165",
|
|
77541
78598
|
"CVE-2025-30202",
|
|
77542
78599
|
"CVE-2025-32434",
|
|
@@ -77594,6 +78651,7 @@
|
|
|
77594
78651
|
"CVE-2026-45829",
|
|
77595
78652
|
"CVE-2026-46300",
|
|
77596
78653
|
"CVE-2026-46333",
|
|
78654
|
+
"CVE-2026-48027",
|
|
77597
78655
|
"CVE-2026-5760",
|
|
77598
78656
|
"CVE-2026-9082",
|
|
77599
78657
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
@@ -77793,6 +78851,8 @@
|
|
|
77793
78851
|
"CVE-2025-10164",
|
|
77794
78852
|
"CVE-2025-1094",
|
|
77795
78853
|
"CVE-2025-27520",
|
|
78854
|
+
"CVE-2025-30066",
|
|
78855
|
+
"CVE-2025-30154",
|
|
77796
78856
|
"CVE-2025-3248",
|
|
77797
78857
|
"CVE-2025-3466",
|
|
77798
78858
|
"CVE-2025-49844",
|
|
@@ -77811,6 +78871,7 @@
|
|
|
77811
78871
|
"CVE-2026-39884",
|
|
77812
78872
|
"CVE-2026-42208",
|
|
77813
78873
|
"CVE-2026-45321",
|
|
78874
|
+
"CVE-2026-48027",
|
|
77814
78875
|
"CVE-2026-5760",
|
|
77815
78876
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
77816
78877
|
"MAL-2026-3083",
|
|
@@ -78801,6 +79862,8 @@
|
|
|
78801
79862
|
"CVE-2025-23266",
|
|
78802
79863
|
"CVE-2025-25297",
|
|
78803
79864
|
"CVE-2025-27520",
|
|
79865
|
+
"CVE-2025-30066",
|
|
79866
|
+
"CVE-2025-30154",
|
|
78804
79867
|
"CVE-2025-30165",
|
|
78805
79868
|
"CVE-2025-30202",
|
|
78806
79869
|
"CVE-2025-32434",
|
|
@@ -78860,6 +79923,7 @@
|
|
|
78860
79923
|
"CVE-2026-42208",
|
|
78861
79924
|
"CVE-2026-45321",
|
|
78862
79925
|
"CVE-2026-45829",
|
|
79926
|
+
"CVE-2026-48027",
|
|
78863
79927
|
"CVE-2026-5760",
|
|
78864
79928
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
78865
79929
|
"MAL-2026-3083",
|
|
@@ -79338,6 +80402,7 @@
|
|
|
79338
80402
|
"CVE-2026-45829",
|
|
79339
80403
|
"CVE-2026-46300",
|
|
79340
80404
|
"CVE-2026-46333",
|
|
80405
|
+
"CVE-2026-48027",
|
|
79341
80406
|
"CVE-2026-5281",
|
|
79342
80407
|
"CVE-2026-6973",
|
|
79343
80408
|
"CVE-2026-9082",
|
|
@@ -79592,6 +80657,8 @@
|
|
|
79592
80657
|
"CVE-2025-23266",
|
|
79593
80658
|
"CVE-2025-25297",
|
|
79594
80659
|
"CVE-2025-27520",
|
|
80660
|
+
"CVE-2025-30066",
|
|
80661
|
+
"CVE-2025-30154",
|
|
79595
80662
|
"CVE-2025-30202",
|
|
79596
80663
|
"CVE-2025-32444",
|
|
79597
80664
|
"CVE-2025-3248",
|
|
@@ -79622,6 +80689,7 @@
|
|
|
79622
80689
|
"CVE-2026-42897",
|
|
79623
80690
|
"CVE-2026-43284",
|
|
79624
80691
|
"CVE-2026-45321",
|
|
80692
|
+
"CVE-2026-48027",
|
|
79625
80693
|
"CVE-2026-5760",
|
|
79626
80694
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
79627
80695
|
"MAL-2026-3083",
|
|
@@ -80009,6 +81077,8 @@
|
|
|
80009
81077
|
"CVE-2025-23254",
|
|
80010
81078
|
"CVE-2025-23266",
|
|
80011
81079
|
"CVE-2025-27520",
|
|
81080
|
+
"CVE-2025-30066",
|
|
81081
|
+
"CVE-2025-30154",
|
|
80012
81082
|
"CVE-2025-30165",
|
|
80013
81083
|
"CVE-2025-30202",
|
|
80014
81084
|
"CVE-2025-32434",
|
|
@@ -80066,6 +81136,7 @@
|
|
|
80066
81136
|
"CVE-2026-45829",
|
|
80067
81137
|
"CVE-2026-46300",
|
|
80068
81138
|
"CVE-2026-46333",
|
|
81139
|
+
"CVE-2026-48027",
|
|
80069
81140
|
"CVE-2026-5760",
|
|
80070
81141
|
"CVE-2026-9082",
|
|
80071
81142
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
@@ -80671,6 +81742,8 @@
|
|
|
80671
81742
|
"CVE-2025-23254",
|
|
80672
81743
|
"CVE-2025-23266",
|
|
80673
81744
|
"CVE-2025-27520",
|
|
81745
|
+
"CVE-2025-30066",
|
|
81746
|
+
"CVE-2025-30154",
|
|
80674
81747
|
"CVE-2025-30165",
|
|
80675
81748
|
"CVE-2025-30202",
|
|
80676
81749
|
"CVE-2025-32434",
|
|
@@ -80728,6 +81801,7 @@
|
|
|
80728
81801
|
"CVE-2026-45829",
|
|
80729
81802
|
"CVE-2026-46300",
|
|
80730
81803
|
"CVE-2026-46333",
|
|
81804
|
+
"CVE-2026-48027",
|
|
80731
81805
|
"CVE-2026-5760",
|
|
80732
81806
|
"CVE-2026-9082",
|
|
80733
81807
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
@@ -80956,6 +82030,8 @@
|
|
|
80956
82030
|
"CVE-2025-1753",
|
|
80957
82031
|
"CVE-2025-23254",
|
|
80958
82032
|
"CVE-2025-23266",
|
|
82033
|
+
"CVE-2025-30066",
|
|
82034
|
+
"CVE-2025-30154",
|
|
80959
82035
|
"CVE-2025-30165",
|
|
80960
82036
|
"CVE-2025-30202",
|
|
80961
82037
|
"CVE-2025-32434",
|
|
@@ -80999,6 +82075,7 @@
|
|
|
80999
82075
|
"CVE-2026-45829",
|
|
81000
82076
|
"CVE-2026-46300",
|
|
81001
82077
|
"CVE-2026-46333",
|
|
82078
|
+
"CVE-2026-48027",
|
|
81002
82079
|
"CVE-2026-9082",
|
|
81003
82080
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
81004
82081
|
"MAL-2026-3083"
|
|
@@ -81408,6 +82485,8 @@
|
|
|
81408
82485
|
"CVE-2024-3154",
|
|
81409
82486
|
"CVE-2024-5565",
|
|
81410
82487
|
"CVE-2025-27520",
|
|
82488
|
+
"CVE-2025-30066",
|
|
82489
|
+
"CVE-2025-30154",
|
|
81411
82490
|
"CVE-2025-3248",
|
|
81412
82491
|
"CVE-2025-3466",
|
|
81413
82492
|
"CVE-2025-49844",
|
|
@@ -81417,6 +82496,7 @@
|
|
|
81417
82496
|
"CVE-2026-31230",
|
|
81418
82497
|
"CVE-2026-33017",
|
|
81419
82498
|
"CVE-2026-45321",
|
|
82499
|
+
"CVE-2026-48027",
|
|
81420
82500
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
81421
82501
|
"MAL-2026-3083",
|
|
81422
82502
|
"MAL-2026-NODE-IPC-STEALER"
|
|
@@ -81689,6 +82769,8 @@
|
|
|
81689
82769
|
"CVE-2025-23254",
|
|
81690
82770
|
"CVE-2025-23266",
|
|
81691
82771
|
"CVE-2025-27520",
|
|
82772
|
+
"CVE-2025-30066",
|
|
82773
|
+
"CVE-2025-30154",
|
|
81692
82774
|
"CVE-2025-30165",
|
|
81693
82775
|
"CVE-2025-30202",
|
|
81694
82776
|
"CVE-2025-32434",
|
|
@@ -81746,6 +82828,7 @@
|
|
|
81746
82828
|
"CVE-2026-45829",
|
|
81747
82829
|
"CVE-2026-46300",
|
|
81748
82830
|
"CVE-2026-46333",
|
|
82831
|
+
"CVE-2026-48027",
|
|
81749
82832
|
"CVE-2026-5760",
|
|
81750
82833
|
"CVE-2026-9082",
|
|
81751
82834
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
@@ -82225,6 +83308,7 @@
|
|
|
82225
83308
|
"CVE-2026-45829",
|
|
82226
83309
|
"CVE-2026-46300",
|
|
82227
83310
|
"CVE-2026-46333",
|
|
83311
|
+
"CVE-2026-48027",
|
|
82228
83312
|
"CVE-2026-5281",
|
|
82229
83313
|
"CVE-2026-6973",
|
|
82230
83314
|
"CVE-2026-9082",
|
|
@@ -82690,6 +83774,7 @@
|
|
|
82690
83774
|
"CVE-2026-45829",
|
|
82691
83775
|
"CVE-2026-46300",
|
|
82692
83776
|
"CVE-2026-46333",
|
|
83777
|
+
"CVE-2026-48027",
|
|
82693
83778
|
"CVE-2026-5281",
|
|
82694
83779
|
"CVE-2026-6973",
|
|
82695
83780
|
"CVE-2026-9082",
|
|
@@ -82954,6 +84039,8 @@
|
|
|
82954
84039
|
"CVE-2025-23254",
|
|
82955
84040
|
"CVE-2025-23266",
|
|
82956
84041
|
"CVE-2025-27520",
|
|
84042
|
+
"CVE-2025-30066",
|
|
84043
|
+
"CVE-2025-30154",
|
|
82957
84044
|
"CVE-2025-30165",
|
|
82958
84045
|
"CVE-2025-30202",
|
|
82959
84046
|
"CVE-2025-32434",
|
|
@@ -83011,6 +84098,7 @@
|
|
|
83011
84098
|
"CVE-2026-45829",
|
|
83012
84099
|
"CVE-2026-46300",
|
|
83013
84100
|
"CVE-2026-46333",
|
|
84101
|
+
"CVE-2026-48027",
|
|
83014
84102
|
"CVE-2026-5760",
|
|
83015
84103
|
"CVE-2026-9082",
|
|
83016
84104
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
@@ -83214,6 +84302,8 @@
|
|
|
83214
84302
|
"CVE-2024-3154",
|
|
83215
84303
|
"CVE-2024-5565",
|
|
83216
84304
|
"CVE-2025-27520",
|
|
84305
|
+
"CVE-2025-30066",
|
|
84306
|
+
"CVE-2025-30154",
|
|
83217
84307
|
"CVE-2025-3248",
|
|
83218
84308
|
"CVE-2025-3466",
|
|
83219
84309
|
"CVE-2025-49844",
|
|
@@ -83223,6 +84313,7 @@
|
|
|
83223
84313
|
"CVE-2026-31230",
|
|
83224
84314
|
"CVE-2026-33017",
|
|
83225
84315
|
"CVE-2026-45321",
|
|
84316
|
+
"CVE-2026-48027",
|
|
83226
84317
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
83227
84318
|
"MAL-2026-3083",
|
|
83228
84319
|
"MAL-2026-NODE-IPC-STEALER",
|
|
@@ -83425,6 +84516,8 @@
|
|
|
83425
84516
|
"CVE-2025-10164",
|
|
83426
84517
|
"CVE-2025-1094",
|
|
83427
84518
|
"CVE-2025-27520",
|
|
84519
|
+
"CVE-2025-30066",
|
|
84520
|
+
"CVE-2025-30154",
|
|
83428
84521
|
"CVE-2025-3248",
|
|
83429
84522
|
"CVE-2025-3466",
|
|
83430
84523
|
"CVE-2025-51480",
|
|
@@ -84078,6 +85171,7 @@
|
|
|
84078
85171
|
"CVE-2026-45829",
|
|
84079
85172
|
"CVE-2026-46300",
|
|
84080
85173
|
"CVE-2026-46333",
|
|
85174
|
+
"CVE-2026-48027",
|
|
84081
85175
|
"CVE-2026-5281",
|
|
84082
85176
|
"CVE-2026-6973",
|
|
84083
85177
|
"CVE-2026-9082",
|
|
@@ -84406,6 +85500,8 @@
|
|
|
84406
85500
|
"CVE-2025-23254",
|
|
84407
85501
|
"CVE-2025-23266",
|
|
84408
85502
|
"CVE-2025-27520",
|
|
85503
|
+
"CVE-2025-30066",
|
|
85504
|
+
"CVE-2025-30154",
|
|
84409
85505
|
"CVE-2025-30165",
|
|
84410
85506
|
"CVE-2025-30202",
|
|
84411
85507
|
"CVE-2025-32434",
|
|
@@ -84463,6 +85559,7 @@
|
|
|
84463
85559
|
"CVE-2026-45829",
|
|
84464
85560
|
"CVE-2026-46300",
|
|
84465
85561
|
"CVE-2026-46333",
|
|
85562
|
+
"CVE-2026-48027",
|
|
84466
85563
|
"CVE-2026-5760",
|
|
84467
85564
|
"CVE-2026-9082",
|
|
84468
85565
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
@@ -84840,6 +85937,8 @@
|
|
|
84840
85937
|
"CVE-2025-27915",
|
|
84841
85938
|
"CVE-2025-27920",
|
|
84842
85939
|
"CVE-2025-29635",
|
|
85940
|
+
"CVE-2025-30066",
|
|
85941
|
+
"CVE-2025-30154",
|
|
84843
85942
|
"CVE-2025-30165",
|
|
84844
85943
|
"CVE-2025-30202",
|
|
84845
85944
|
"CVE-2025-30397",
|
|
@@ -85045,6 +86144,7 @@
|
|
|
85045
86144
|
"CVE-2026-45829",
|
|
85046
86145
|
"CVE-2026-46300",
|
|
85047
86146
|
"CVE-2026-46333",
|
|
86147
|
+
"CVE-2026-48027",
|
|
85048
86148
|
"CVE-2026-5281",
|
|
85049
86149
|
"CVE-2026-5760",
|
|
85050
86150
|
"CVE-2026-6973",
|
|
@@ -85379,6 +86479,8 @@
|
|
|
85379
86479
|
"CVE-2025-23254",
|
|
85380
86480
|
"CVE-2025-23266",
|
|
85381
86481
|
"CVE-2025-27520",
|
|
86482
|
+
"CVE-2025-30066",
|
|
86483
|
+
"CVE-2025-30154",
|
|
85382
86484
|
"CVE-2025-30165",
|
|
85383
86485
|
"CVE-2025-30202",
|
|
85384
86486
|
"CVE-2025-32434",
|
|
@@ -85428,6 +86530,7 @@
|
|
|
85428
86530
|
"CVE-2026-45829",
|
|
85429
86531
|
"CVE-2026-46300",
|
|
85430
86532
|
"CVE-2026-46333",
|
|
86533
|
+
"CVE-2026-48027",
|
|
85431
86534
|
"CVE-2026-9082",
|
|
85432
86535
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
85433
86536
|
"MAL-2026-3083"
|
|
@@ -85544,6 +86647,8 @@
|
|
|
85544
86647
|
},
|
|
85545
86648
|
"related_cves": [
|
|
85546
86649
|
"CVE-2024-3094",
|
|
86650
|
+
"CVE-2025-30066",
|
|
86651
|
+
"CVE-2025-30154",
|
|
85547
86652
|
"CVE-2026-30615",
|
|
85548
86653
|
"CVE-2026-45321",
|
|
85549
86654
|
"MAL-2026-3083",
|
|
@@ -85745,6 +86850,8 @@
|
|
|
85745
86850
|
"CVE-2025-10164",
|
|
85746
86851
|
"CVE-2025-1094",
|
|
85747
86852
|
"CVE-2025-27520",
|
|
86853
|
+
"CVE-2025-30066",
|
|
86854
|
+
"CVE-2025-30154",
|
|
85748
86855
|
"CVE-2025-3248",
|
|
85749
86856
|
"CVE-2025-3466",
|
|
85750
86857
|
"CVE-2025-49844",
|
|
@@ -85763,6 +86870,7 @@
|
|
|
85763
86870
|
"CVE-2026-39884",
|
|
85764
86871
|
"CVE-2026-42208",
|
|
85765
86872
|
"CVE-2026-45321",
|
|
86873
|
+
"CVE-2026-48027",
|
|
85766
86874
|
"CVE-2026-5760",
|
|
85767
86875
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
85768
86876
|
"MAL-2026-3083",
|
|
@@ -86052,6 +87160,8 @@
|
|
|
86052
87160
|
"CVE-2025-10164",
|
|
86053
87161
|
"CVE-2025-1094",
|
|
86054
87162
|
"CVE-2025-27520",
|
|
87163
|
+
"CVE-2025-30066",
|
|
87164
|
+
"CVE-2025-30154",
|
|
86055
87165
|
"CVE-2025-3248",
|
|
86056
87166
|
"CVE-2025-3466",
|
|
86057
87167
|
"CVE-2025-51480",
|
|
@@ -86069,6 +87179,7 @@
|
|
|
86069
87179
|
"CVE-2026-39884",
|
|
86070
87180
|
"CVE-2026-42208",
|
|
86071
87181
|
"CVE-2026-45321",
|
|
87182
|
+
"CVE-2026-48027",
|
|
86072
87183
|
"CVE-2026-5760",
|
|
86073
87184
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
86074
87185
|
"MAL-2026-3083",
|
|
@@ -86419,6 +87530,8 @@
|
|
|
86419
87530
|
"CVE-2025-23254",
|
|
86420
87531
|
"CVE-2025-23266",
|
|
86421
87532
|
"CVE-2025-27520",
|
|
87533
|
+
"CVE-2025-30066",
|
|
87534
|
+
"CVE-2025-30154",
|
|
86422
87535
|
"CVE-2025-30165",
|
|
86423
87536
|
"CVE-2025-30202",
|
|
86424
87537
|
"CVE-2025-32434",
|
|
@@ -86476,6 +87589,7 @@
|
|
|
86476
87589
|
"CVE-2026-45829",
|
|
86477
87590
|
"CVE-2026-46300",
|
|
86478
87591
|
"CVE-2026-46333",
|
|
87592
|
+
"CVE-2026-48027",
|
|
86479
87593
|
"CVE-2026-5760",
|
|
86480
87594
|
"CVE-2026-9082",
|
|
86481
87595
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
@@ -87019,6 +88133,8 @@
|
|
|
87019
88133
|
"CVE-2025-10164",
|
|
87020
88134
|
"CVE-2025-1094",
|
|
87021
88135
|
"CVE-2025-27520",
|
|
88136
|
+
"CVE-2025-30066",
|
|
88137
|
+
"CVE-2025-30154",
|
|
87022
88138
|
"CVE-2025-3248",
|
|
87023
88139
|
"CVE-2025-3466",
|
|
87024
88140
|
"CVE-2025-49844",
|
|
@@ -87037,6 +88153,7 @@
|
|
|
87037
88153
|
"CVE-2026-39884",
|
|
87038
88154
|
"CVE-2026-42208",
|
|
87039
88155
|
"CVE-2026-45321",
|
|
88156
|
+
"CVE-2026-48027",
|
|
87040
88157
|
"CVE-2026-5760",
|
|
87041
88158
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
87042
88159
|
"MAL-2026-3083",
|
|
@@ -87340,6 +88457,8 @@
|
|
|
87340
88457
|
"CVE-2025-27915",
|
|
87341
88458
|
"CVE-2025-27920",
|
|
87342
88459
|
"CVE-2025-29635",
|
|
88460
|
+
"CVE-2025-30066",
|
|
88461
|
+
"CVE-2025-30154",
|
|
87343
88462
|
"CVE-2025-30165",
|
|
87344
88463
|
"CVE-2025-30202",
|
|
87345
88464
|
"CVE-2025-30397",
|
|
@@ -87519,6 +88638,7 @@
|
|
|
87519
88638
|
"CVE-2026-45829",
|
|
87520
88639
|
"CVE-2026-46300",
|
|
87521
88640
|
"CVE-2026-46333",
|
|
88641
|
+
"CVE-2026-48027",
|
|
87522
88642
|
"CVE-2026-5281",
|
|
87523
88643
|
"CVE-2026-9082",
|
|
87524
88644
|
"MAL-2026-3083",
|
|
@@ -87787,6 +88907,8 @@
|
|
|
87787
88907
|
"CVE-2025-23254",
|
|
87788
88908
|
"CVE-2025-23266",
|
|
87789
88909
|
"CVE-2025-27520",
|
|
88910
|
+
"CVE-2025-30066",
|
|
88911
|
+
"CVE-2025-30154",
|
|
87790
88912
|
"CVE-2025-30165",
|
|
87791
88913
|
"CVE-2025-30202",
|
|
87792
88914
|
"CVE-2025-32434",
|
|
@@ -88150,6 +89272,8 @@
|
|
|
88150
89272
|
"CVE-2025-23266",
|
|
88151
89273
|
"CVE-2025-25297",
|
|
88152
89274
|
"CVE-2025-27520",
|
|
89275
|
+
"CVE-2025-30066",
|
|
89276
|
+
"CVE-2025-30154",
|
|
88153
89277
|
"CVE-2025-30165",
|
|
88154
89278
|
"CVE-2025-30202",
|
|
88155
89279
|
"CVE-2025-32434",
|
|
@@ -88211,6 +89335,7 @@
|
|
|
88211
89335
|
"CVE-2026-43284",
|
|
88212
89336
|
"CVE-2026-45321",
|
|
88213
89337
|
"CVE-2026-45829",
|
|
89338
|
+
"CVE-2026-48027",
|
|
88214
89339
|
"CVE-2026-5760",
|
|
88215
89340
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
88216
89341
|
"MAL-2026-3083",
|