@blamejs/exceptd-skills 0.14.27 → 0.14.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +11 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +3 -3
- package/data/_indexes/catalog-summaries.json +8 -8
- package/data/_indexes/chains.json +514 -0
- package/data/_indexes/frequency.json +1 -0
- package/data/attack-techniques.json +11 -1
- package/data/cve-catalog.json +421 -0
- package/data/cwe-catalog.json +31 -0
- package/data/framework-control-gaps.json +28 -0
- package/data/zeroday-lessons.json +280 -0
- package/manifest.json +44 -44
- package/package.json +1 -1
- package/sbom.cdx.json +22 -22
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,16 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.14.28 — 2026-05-28
|
|
4
|
+
|
|
5
|
+
Catalog expansion — 2025 actively-exploited perimeter and file-transfer RCE cluster. Four CISA KEV-listed, ransomware-associated entries are now fully curated with RWEP scoring, IOCs, zero-day lessons, and reverse-referenced CWE/ATT&CK/framework mappings:
|
|
6
|
+
|
|
7
|
+
- **CVE-2025-0282** — Ivanti Connect Secure stack-overflow preauth RCE, exploited as a zero-day with the SPAWN malware ecosystem (RWEP 85). Patch alone is insufficient on compromised appliances — factory reset is required.
|
|
8
|
+
- **CVE-2025-22457** — Ivanti Connect Secure stack-overflow RCE, initially mis-triaged as a low-risk DoS and patched as such, then weaponized to RCE (RWEP 83). Demonstrates the severity-mis-triage failure mode for perimeter preauth flaws.
|
|
9
|
+
- **CVE-2025-31324** — SAP NetWeaver Visual Composer Metadata Uploader, unauthenticated file upload to RCE via JSP web shell, CVSS 10.0 (RWEP 78). Complements the existing NetWeaver deserialization entry it was chained with.
|
|
10
|
+
- **CVE-2025-31161** — CrushFTP HTTP authorization-header authentication bypass to crushadmin takeover (RWEP 76).
|
|
11
|
+
|
|
12
|
+
Adds CWE-305 (Authentication Bypass by Primary Weakness) to the CWE catalog as the authoritative mapping for the CrushFTP entry.
|
|
13
|
+
|
|
3
14
|
## 0.14.27 — 2026-05-28
|
|
4
15
|
|
|
5
16
|
Catalog expansion — CI/CD and IDE-extension supply-chain compromise cluster. Three CISA KEV-listed, actively-exploited CWE-506 (embedded malicious code) entries are now curated with full RWEP scoring, IOCs, zero-day lessons, and reverse-referenced technique/CWE/framework mappings:
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,21 +1,21 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-
|
|
3
|
+
"generated_at": "2026-05-28T22:39:58.047Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 54,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
7
|
+
"manifest.json": "1497a0bf6249faeabaa1e797ff2e7cec028351ddd4c27bda6721c95ff1e57d9c",
|
|
8
8
|
"data/atlas-ttps.json": "878b4a08bb73c8d20396d85cf433a88f2bc5e7a8cbf7f6ab773ce7ede0a11251",
|
|
9
|
-
"data/attack-techniques.json": "
|
|
10
|
-
"data/cve-catalog.json": "
|
|
11
|
-
"data/cwe-catalog.json": "
|
|
9
|
+
"data/attack-techniques.json": "57b8a1b4e1c3f524a76b4bded09b3082b36b783db3df116f863892072e0f65e9",
|
|
10
|
+
"data/cve-catalog.json": "5849b48dd5489ba6d10cbd3b0b25c9d8412e3932e0ae2304364ec95cf254ec97",
|
|
11
|
+
"data/cwe-catalog.json": "0fd275c2a61754958d68cea03a92794a67cf1c1d4d609f81a5728334df013ee3",
|
|
12
12
|
"data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
|
|
13
13
|
"data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
|
|
14
14
|
"data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
|
|
15
|
-
"data/framework-control-gaps.json": "
|
|
15
|
+
"data/framework-control-gaps.json": "29e7b6aa841ddf2530ca5971bdb60d7a715684b2f6264141ad49f0de9a039d78",
|
|
16
16
|
"data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
|
|
17
17
|
"data/rfc-references.json": "b21d03b948c41bc8a854e2f057948ecf844bd8c105848aeb141d1eadf8192c31",
|
|
18
|
-
"data/zeroday-lessons.json": "
|
|
18
|
+
"data/zeroday-lessons.json": "f12a823e8546785833a06ae69089d87640480f6d28dcff1265ed43d38ebec0ed",
|
|
19
19
|
"skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
|
|
20
20
|
"skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
|
|
21
21
|
"skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
|
|
@@ -72,8 +72,8 @@
|
|
|
72
72
|
"dlp_refs": 0
|
|
73
73
|
},
|
|
74
74
|
"trigger_table_entries": 538,
|
|
75
|
-
"chains_cve_entries":
|
|
76
|
-
"chains_cwe_entries":
|
|
75
|
+
"chains_cve_entries": 416,
|
|
76
|
+
"chains_cwe_entries": 173,
|
|
77
77
|
"jurisdictions_indexed": 29,
|
|
78
78
|
"handoff_dag_nodes": 42,
|
|
79
79
|
"summary_cards": 42,
|
|
@@ -98,7 +98,7 @@
|
|
|
98
98
|
"artifact": "data/cwe-catalog.json",
|
|
99
99
|
"path": "data/cwe-catalog.json",
|
|
100
100
|
"schema_version": "1.0.0",
|
|
101
|
-
"entry_count":
|
|
101
|
+
"entry_count": 173
|
|
102
102
|
},
|
|
103
103
|
{
|
|
104
104
|
"date": "2026-05-19",
|
|
@@ -149,7 +149,7 @@
|
|
|
149
149
|
"artifact": "data/cve-catalog.json",
|
|
150
150
|
"path": "data/cve-catalog.json",
|
|
151
151
|
"schema_version": "1.0.0",
|
|
152
|
-
"entry_count":
|
|
152
|
+
"entry_count": 427
|
|
153
153
|
},
|
|
154
154
|
{
|
|
155
155
|
"date": "2026-05-18",
|
|
@@ -165,7 +165,7 @@
|
|
|
165
165
|
"artifact": "data/zeroday-lessons.json",
|
|
166
166
|
"path": "data/zeroday-lessons.json",
|
|
167
167
|
"schema_version": "1.1.0",
|
|
168
|
-
"entry_count":
|
|
168
|
+
"entry_count": 422
|
|
169
169
|
},
|
|
170
170
|
{
|
|
171
171
|
"date": "2026-05-17",
|
|
@@ -62,13 +62,13 @@
|
|
|
62
62
|
"rebuild_after_days": 365,
|
|
63
63
|
"note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
|
|
64
64
|
},
|
|
65
|
-
"entry_count":
|
|
65
|
+
"entry_count": 427,
|
|
66
66
|
"sample_keys": [
|
|
67
|
-
"CVE-2025-
|
|
68
|
-
"CVE-2025-
|
|
69
|
-
"CVE-
|
|
70
|
-
"CVE-2025-
|
|
71
|
-
"CVE-
|
|
67
|
+
"CVE-2025-0282",
|
|
68
|
+
"CVE-2025-22457",
|
|
69
|
+
"CVE-2025-31324",
|
|
70
|
+
"CVE-2025-31161",
|
|
71
|
+
"CVE-2025-30066"
|
|
72
72
|
]
|
|
73
73
|
},
|
|
74
74
|
"cwe-catalog.json": {
|
|
@@ -84,7 +84,7 @@
|
|
|
84
84
|
"rebuild_after_days": 365,
|
|
85
85
|
"note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
|
|
86
86
|
},
|
|
87
|
-
"entry_count":
|
|
87
|
+
"entry_count": 173,
|
|
88
88
|
"sample_keys": [
|
|
89
89
|
"CWE-20",
|
|
90
90
|
"CWE-22",
|
|
@@ -238,7 +238,7 @@
|
|
|
238
238
|
"rebuild_after_days": 365,
|
|
239
239
|
"note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
|
|
240
240
|
},
|
|
241
|
-
"entry_count":
|
|
241
|
+
"entry_count": 422,
|
|
242
242
|
"sample_keys": [
|
|
243
243
|
"CVE-2026-31431",
|
|
244
244
|
"CVE-2025-53773",
|