@blamejs/exceptd-skills 0.15.12 → 0.15.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +5 -5
- package/data/attack-techniques.json +13 -6
- package/data/cve-catalog.json +198 -71
- package/data/zeroday-lessons.json +456 -150
- package/manifest.json +44 -44
- package/package.json +1 -1
- package/sbom.cdx.json +18 -18
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.15.14 — 2026-05-29
|
|
4
|
+
|
|
5
|
+
Draft-curation pass 12 — legacy Microsoft client-side RCEs. Six CISA KEV-listed older Microsoft document / browser / font-parsing RCEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: Office (CVE-2009-0238), PowerPoint (CVE-2009-0556), Excel (CVE-2007-0671), Internet Explorer (CVE-2010-3962 — a landmark IE zero-day from the Operation Aurora era), Windows TrueType font parsing (CVE-2011-3402 — the Duqu zero-day), and Windows InformationCardSigninHelper ActiveX (CVE-2013-3918). All map T1203 (Exploitation for Client Execution). The lessons frame these as long-tail KEV re-listings — the patch landed years ago, but CISA re-lists because unpatched legacy estates remain exposed; centralized patch management plus Office hardening (Protected View, ASR rules) are the load-bearing controls.
|
|
6
|
+
|
|
7
|
+
## 0.15.13 — 2026-05-29
|
|
8
|
+
|
|
9
|
+
Draft-curation pass 11 — Citrix. Six CISA KEV-listed Citrix CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: four NetScaler ADC/Gateway appliance flaws (CVE-2026-3055 and CVE-2025-5777 — the CitrixBleed-class out-of-bounds reads that disclose authenticated session material; CVE-2025-7775 and CVE-2025-6543 memory-corruption buffer flaws) and two Session Recording flaws (CVE-2024-8069 deserialization RCE and CVE-2024-8068 privilege escalation). The CitrixBleed entries map T1552 alongside T1190 to surface session-token theft, and the lessons stress session termination + secret rotation (memory-disclosure class) and appliance rebuild (RCE class) as required steps beyond the patch.
|
|
10
|
+
|
|
3
11
|
## 0.15.12 — 2026-05-29
|
|
4
12
|
|
|
5
13
|
Draft-curation pass 10 — Zimbra mail server. Seven CISA KEV-listed Synacor Zimbra Collaboration Suite (ZCS) CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: the cross-site scripting cluster (CVE-2025-48700, CVE-2025-66376, CVE-2025-27915, CVE-2024-27443), the server-side request forgery pair (CVE-2020-7796, CVE-2019-9621), and the PHP remote-file-inclusion RCE (CVE-2025-68645). The lessons note ZCS is a recurring mass-exploited mail-server target where web-shell hunting and session-secret rotation are needed beyond the patch.
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-29T20:
|
|
3
|
+
"generated_at": "2026-05-29T20:50:15.179Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 54,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
7
|
+
"manifest.json": "07a6b22fe3f85de5ff139faa70278981d59d6eeec0c465fb0a8559724df50617",
|
|
8
8
|
"data/atlas-ttps.json": "878b4a08bb73c8d20396d85cf433a88f2bc5e7a8cbf7f6ab773ce7ede0a11251",
|
|
9
|
-
"data/attack-techniques.json": "
|
|
10
|
-
"data/cve-catalog.json": "
|
|
9
|
+
"data/attack-techniques.json": "523e511ea16852804bb9c5a7b898b64d39180164e3a3eb09a88df10c84d46bf2",
|
|
10
|
+
"data/cve-catalog.json": "f2ea8df743747001bd8ba86b6353fc76dbd5cb1a8bf8b99d7f9ac8e0addccec3",
|
|
11
11
|
"data/cwe-catalog.json": "0fd275c2a61754958d68cea03a92794a67cf1c1d4d609f81a5728334df013ee3",
|
|
12
12
|
"data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
|
|
13
13
|
"data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
"data/framework-control-gaps.json": "29e7b6aa841ddf2530ca5971bdb60d7a715684b2f6264141ad49f0de9a039d78",
|
|
16
16
|
"data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
|
|
17
17
|
"data/rfc-references.json": "b21d03b948c41bc8a854e2f057948ecf844bd8c105848aeb141d1eadf8192c31",
|
|
18
|
-
"data/zeroday-lessons.json": "
|
|
18
|
+
"data/zeroday-lessons.json": "4a5cb953b7645f0d8cf5463f9aa7abea1dc56bca8293e5148458e7d047c0ea18",
|
|
19
19
|
"skills/kernel-lpe-triage/skill.md": "0f79c641cef6e5f4a942eb94f43c460562bf83dfb67ae112d146c39c6b320fb0",
|
|
20
20
|
"skills/ai-attack-surface/skill.md": "2880499993e0e69e3897a9d02b5e83aa0462c86a4dd2c1988b9968e375704a1f",
|
|
21
21
|
"skills/mcp-agent-trust/skill.md": "0752834acde0303d6d1e36be4b320eac3d34fde715bb8d71f3ad9e801d701482",
|
|
@@ -298,6 +298,7 @@
|
|
|
298
298
|
"CVE-2024-4889",
|
|
299
299
|
"CVE-2024-50050",
|
|
300
300
|
"CVE-2024-5565",
|
|
301
|
+
"CVE-2024-8069",
|
|
301
302
|
"CVE-2025-10164",
|
|
302
303
|
"CVE-2025-1094",
|
|
303
304
|
"CVE-2025-11837",
|
|
@@ -897,16 +898,10 @@
|
|
|
897
898
|
"name": "Exploit Public-Facing Application",
|
|
898
899
|
"version": "v19",
|
|
899
900
|
"cve_refs": [
|
|
900
|
-
"CVE-2007-0671",
|
|
901
901
|
"CVE-2008-0015",
|
|
902
|
-
"CVE-2009-0238",
|
|
903
|
-
"CVE-2009-0556",
|
|
904
902
|
"CVE-2010-3765",
|
|
905
|
-
"CVE-2010-3962",
|
|
906
|
-
"CVE-2011-3402",
|
|
907
903
|
"CVE-2012-1854",
|
|
908
904
|
"CVE-2013-3893",
|
|
909
|
-
"CVE-2013-3918",
|
|
910
905
|
"CVE-2014-6278",
|
|
911
906
|
"CVE-2016-10033",
|
|
912
907
|
"CVE-2016-7836",
|
|
@@ -965,6 +960,7 @@
|
|
|
965
960
|
"CVE-2024-57726",
|
|
966
961
|
"CVE-2024-6587",
|
|
967
962
|
"CVE-2024-7694",
|
|
963
|
+
"CVE-2024-8068",
|
|
968
964
|
"CVE-2024-8069",
|
|
969
965
|
"CVE-2025-0282",
|
|
970
966
|
"CVE-2025-10035",
|
|
@@ -1053,6 +1049,7 @@
|
|
|
1053
1049
|
"CVE-2025-55177",
|
|
1054
1050
|
"CVE-2025-55182",
|
|
1055
1051
|
"CVE-2025-56520",
|
|
1052
|
+
"CVE-2025-5777",
|
|
1056
1053
|
"CVE-2025-57819",
|
|
1057
1054
|
"CVE-2025-58034",
|
|
1058
1055
|
"CVE-2025-58360",
|
|
@@ -1073,6 +1070,7 @@
|
|
|
1073
1070
|
"CVE-2025-64446",
|
|
1074
1071
|
"CVE-2025-64496",
|
|
1075
1072
|
"CVE-2025-64513",
|
|
1073
|
+
"CVE-2025-6543",
|
|
1076
1074
|
"CVE-2025-6554",
|
|
1077
1075
|
"CVE-2025-6558",
|
|
1078
1076
|
"CVE-2025-66376",
|
|
@@ -1130,6 +1128,7 @@
|
|
|
1130
1128
|
"CVE-2026-25108",
|
|
1131
1129
|
"CVE-2026-26015",
|
|
1132
1130
|
"CVE-2026-26190",
|
|
1131
|
+
"CVE-2026-3055",
|
|
1133
1132
|
"CVE-2026-3059",
|
|
1134
1133
|
"CVE-2026-3060",
|
|
1135
1134
|
"CVE-2026-30616",
|
|
@@ -1296,10 +1295,16 @@
|
|
|
1296
1295
|
"name": "Exploitation for Client Execution",
|
|
1297
1296
|
"version": "v19",
|
|
1298
1297
|
"cve_refs": [
|
|
1298
|
+
"CVE-2007-0671",
|
|
1299
|
+
"CVE-2009-0238",
|
|
1300
|
+
"CVE-2009-0556",
|
|
1299
1301
|
"CVE-2009-1537",
|
|
1300
1302
|
"CVE-2009-3459",
|
|
1301
1303
|
"CVE-2010-0249",
|
|
1302
1304
|
"CVE-2010-0806",
|
|
1305
|
+
"CVE-2010-3962",
|
|
1306
|
+
"CVE-2011-3402",
|
|
1307
|
+
"CVE-2013-3918",
|
|
1303
1308
|
"CVE-2014-3931",
|
|
1304
1309
|
"CVE-2018-14634",
|
|
1305
1310
|
"CVE-2020-9715",
|
|
@@ -1656,10 +1661,12 @@
|
|
|
1656
1661
|
"CVE-2024-12450",
|
|
1657
1662
|
"CVE-2025-30066",
|
|
1658
1663
|
"CVE-2025-30154",
|
|
1664
|
+
"CVE-2025-5777",
|
|
1659
1665
|
"CVE-2025-68664",
|
|
1660
1666
|
"CVE-2025-68665",
|
|
1661
1667
|
"CVE-2026-20128",
|
|
1662
1668
|
"CVE-2026-22219",
|
|
1669
|
+
"CVE-2026-3055",
|
|
1663
1670
|
"CVE-2026-48027",
|
|
1664
1671
|
"MAL-2025-PYPI-COLORAMA-SOLANA-STEALER",
|
|
1665
1672
|
"MAL-2026-RUBYGEMS-BUFFERZONECORP-SLEEPER"
|