@blamejs/exceptd-skills 0.15.17 → 0.15.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +5 -5
- package/data/attack-techniques.json +16 -7
- package/data/cve-catalog.json +249 -90
- package/data/zeroday-lessons.json +582 -197
- package/manifest.json +44 -44
- package/package.json +1 -1
- package/sbom.cdx.json +18 -18
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.15.19 — 2026-05-29
|
|
4
|
+
|
|
5
|
+
Draft-curation pass 17 — enterprise server-side applications. Eight CISA KEV-listed unauthenticated CVEs across manufacturing-operations, file-sharing, and remote-management software are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: Dassault Systèmes DELMIA Apriso (CVE-2025-6204 code injection, CVE-2025-5086 deserialization, CVE-2025-6205 missing authorization), Gladinet CentreStack/Triofox (CVE-2025-14611 hard-coded cryptographic key, CVE-2025-11371 file disclosure leaking the machine key, CVE-2025-12480 improper access control), and ConnectWise ScreenConnect (CVE-2024-1708 path traversal, CVE-2025-3935 authentication bypass). All map T1190, with per-class T1059, T1078, T1552 (key disclosure/forgery), or T1505.003. The lessons stress that key-disclosure and authentication-bypass flaws require cryptographic-key rotation — not just patching — and that RMM/file-sharing/MES compromise extends the blast radius to downstream and OT-adjacent systems.
|
|
6
|
+
|
|
7
|
+
## 0.15.18 — 2026-05-29
|
|
8
|
+
|
|
9
|
+
Draft-curation pass 16 — non-Windows kernel/driver LPE. Seven CISA KEV-listed local-privilege-escalation CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: Qualcomm Adreno GPU / chipset flaws (CVE-2026-21385 integer overflow, CVE-2025-21479 and CVE-2025-21480 incorrect-authorization GPU flaws used in Android targeted chains, CVE-2025-27038 use-after-free) and Linux kernel flaws (CVE-2018-14634 "Mutagen Astronomy" integer overflow, CVE-2021-22555 netfilter heap out-of-bounds write, CVE-2023-0386 OverlayFS ownership). All map T1068 (Exploitation for Privilege Escalation). The lessons give platform-correct remediation — Android Security Bulletin OTA updates and MDM-enforced SLAs for the chipset entries, distribution kernel updates or live-patching plus kernel hardening for the Linux entries — and frame these as the escalation half of the attack chain.
|
|
10
|
+
|
|
3
11
|
## 0.15.17 — 2026-05-29
|
|
4
12
|
|
|
5
13
|
Draft-curation pass 15 — Chromium browser zero-days. Five CISA KEV-listed Google Chromium client-side CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: V8 JavaScript engine flaws (CVE-2025-13223 and CVE-2025-6554 type confusion, CVE-2025-5419 out-of-bounds read/write), a CSS use-after-free (CVE-2026-2441), and an ANGLE/GPU sandbox escape (CVE-2025-6558). All map T1203 (Exploitation for Client Execution); the sandbox-escape entry also maps T1068. The lessons stress same-day Chrome component-updater rollout — not gating browser updates behind a managed change window — as the load-bearing control, since these are weaponized within days in targeted-spyware and watering-hole chains.
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-
|
|
3
|
+
"generated_at": "2026-05-29T22:34:17.490Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 54,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
7
|
+
"manifest.json": "f4ca112722a595daef5938c0815358502506f83f15c035e3c7be3298d5d3badb",
|
|
8
8
|
"data/atlas-ttps.json": "878b4a08bb73c8d20396d85cf433a88f2bc5e7a8cbf7f6ab773ce7ede0a11251",
|
|
9
|
-
"data/attack-techniques.json": "
|
|
10
|
-
"data/cve-catalog.json": "
|
|
9
|
+
"data/attack-techniques.json": "abb27bf3358a35d4e955bd133244bccdf64f633681b62f0714ec8ecfe1595261",
|
|
10
|
+
"data/cve-catalog.json": "9b096af370a99c08ddbfe79285793a8d5d86b995c453361dd89e15511ec9feeb",
|
|
11
11
|
"data/cwe-catalog.json": "0fd275c2a61754958d68cea03a92794a67cf1c1d4d609f81a5728334df013ee3",
|
|
12
12
|
"data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
|
|
13
13
|
"data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
"data/framework-control-gaps.json": "29e7b6aa841ddf2530ca5971bdb60d7a715684b2f6264141ad49f0de9a039d78",
|
|
16
16
|
"data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
|
|
17
17
|
"data/rfc-references.json": "b21d03b948c41bc8a854e2f057948ecf844bd8c105848aeb141d1eadf8192c31",
|
|
18
|
-
"data/zeroday-lessons.json": "
|
|
18
|
+
"data/zeroday-lessons.json": "99bb6d869f97f52f726ebc50e3fa8c787824212b129e4903fb18a9c46a57b017",
|
|
19
19
|
"skills/kernel-lpe-triage/skill.md": "0f79c641cef6e5f4a942eb94f43c460562bf83dfb67ae112d146c39c6b320fb0",
|
|
20
20
|
"skills/ai-attack-surface/skill.md": "2880499993e0e69e3897a9d02b5e83aa0462c86a4dd2c1988b9968e375704a1f",
|
|
21
21
|
"skills/mcp-agent-trust/skill.md": "0752834acde0303d6d1e36be4b320eac3d34fde715bb8d71f3ad9e801d701482",
|
|
@@ -324,12 +324,14 @@
|
|
|
324
324
|
"CVE-2025-49113",
|
|
325
325
|
"CVE-2025-49596",
|
|
326
326
|
"CVE-2025-49704",
|
|
327
|
+
"CVE-2025-5086",
|
|
327
328
|
"CVE-2025-51480",
|
|
328
329
|
"CVE-2025-53773",
|
|
329
330
|
"CVE-2025-54136",
|
|
330
331
|
"CVE-2025-55319",
|
|
331
332
|
"CVE-2025-58034",
|
|
332
333
|
"CVE-2025-60455",
|
|
334
|
+
"CVE-2025-6204",
|
|
333
335
|
"CVE-2025-64496",
|
|
334
336
|
"CVE-2025-68645",
|
|
335
337
|
"CVE-2025-68664",
|
|
@@ -482,19 +484,25 @@
|
|
|
482
484
|
"version": "v19",
|
|
483
485
|
"cve_refs": [
|
|
484
486
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
487
|
+
"CVE-2018-14634",
|
|
485
488
|
"CVE-2020-17103-REREGRESSION-2026",
|
|
489
|
+
"CVE-2021-22555",
|
|
486
490
|
"CVE-2021-30952",
|
|
487
491
|
"CVE-2021-43226",
|
|
492
|
+
"CVE-2023-0386",
|
|
488
493
|
"CVE-2023-36424",
|
|
489
494
|
"CVE-2023-41974",
|
|
490
495
|
"CVE-2023-43000",
|
|
491
496
|
"CVE-2024-0769",
|
|
492
497
|
"CVE-2024-8068",
|
|
493
498
|
"CVE-2025-10725",
|
|
499
|
+
"CVE-2025-21479",
|
|
500
|
+
"CVE-2025-21480",
|
|
494
501
|
"CVE-2025-22224",
|
|
495
502
|
"CVE-2025-22225",
|
|
496
503
|
"CVE-2025-24201",
|
|
497
504
|
"CVE-2025-24990",
|
|
505
|
+
"CVE-2025-27038",
|
|
498
506
|
"CVE-2025-31277",
|
|
499
507
|
"CVE-2025-32701",
|
|
500
508
|
"CVE-2025-38352",
|
|
@@ -509,6 +517,7 @@
|
|
|
509
517
|
"CVE-2026-0300",
|
|
510
518
|
"CVE-2026-20122",
|
|
511
519
|
"CVE-2026-20805",
|
|
520
|
+
"CVE-2026-21385",
|
|
512
521
|
"CVE-2026-31431",
|
|
513
522
|
"CVE-2026-31635",
|
|
514
523
|
"CVE-2026-33825",
|
|
@@ -573,6 +582,7 @@
|
|
|
573
582
|
"CVE-2024-12776",
|
|
574
583
|
"CVE-2024-1709",
|
|
575
584
|
"CVE-2024-54085",
|
|
585
|
+
"CVE-2025-12480",
|
|
576
586
|
"CVE-2025-1796",
|
|
577
587
|
"CVE-2025-21085",
|
|
578
588
|
"CVE-2025-2746",
|
|
@@ -580,9 +590,11 @@
|
|
|
580
590
|
"CVE-2025-31161",
|
|
581
591
|
"CVE-2025-32975",
|
|
582
592
|
"CVE-2025-34026",
|
|
593
|
+
"CVE-2025-3935",
|
|
583
594
|
"CVE-2025-4427",
|
|
584
595
|
"CVE-2025-49706",
|
|
585
596
|
"CVE-2025-61757",
|
|
597
|
+
"CVE-2025-6205",
|
|
586
598
|
"CVE-2025-64513",
|
|
587
599
|
"CVE-2025-69286",
|
|
588
600
|
"CVE-2026-1603",
|
|
@@ -928,7 +940,6 @@
|
|
|
928
940
|
"CVE-2022-36551",
|
|
929
941
|
"CVE-2022-37055",
|
|
930
942
|
"CVE-2022-40799",
|
|
931
|
-
"CVE-2023-0386",
|
|
932
943
|
"CVE-2023-21529",
|
|
933
944
|
"CVE-2023-2533",
|
|
934
945
|
"CVE-2023-33538",
|
|
@@ -949,6 +960,7 @@
|
|
|
949
960
|
"CVE-2024-12987",
|
|
950
961
|
"CVE-2024-13059",
|
|
951
962
|
"CVE-2024-1561",
|
|
963
|
+
"CVE-2024-1708",
|
|
952
964
|
"CVE-2024-1709",
|
|
953
965
|
"CVE-2024-21575",
|
|
954
966
|
"CVE-2024-21576",
|
|
@@ -1314,9 +1326,7 @@
|
|
|
1314
1326
|
"CVE-2011-3402",
|
|
1315
1327
|
"CVE-2013-3918",
|
|
1316
1328
|
"CVE-2014-3931",
|
|
1317
|
-
"CVE-2018-14634",
|
|
1318
1329
|
"CVE-2020-9715",
|
|
1319
|
-
"CVE-2021-22555",
|
|
1320
1330
|
"CVE-2021-30952",
|
|
1321
1331
|
"CVE-2022-48503",
|
|
1322
1332
|
"CVE-2023-41974",
|
|
@@ -1324,10 +1334,7 @@
|
|
|
1324
1334
|
"CVE-2025-10585",
|
|
1325
1335
|
"CVE-2025-13223",
|
|
1326
1336
|
"CVE-2025-14174",
|
|
1327
|
-
"CVE-2025-21479",
|
|
1328
|
-
"CVE-2025-21480",
|
|
1329
1337
|
"CVE-2025-24201",
|
|
1330
|
-
"CVE-2025-27038",
|
|
1331
1338
|
"CVE-2025-31277",
|
|
1332
1339
|
"CVE-2025-32709",
|
|
1333
1340
|
"CVE-2025-43200",
|
|
@@ -1340,7 +1347,6 @@
|
|
|
1340
1347
|
"CVE-2025-6554",
|
|
1341
1348
|
"CVE-2025-6558",
|
|
1342
1349
|
"CVE-2026-20700",
|
|
1343
|
-
"CVE-2026-21385",
|
|
1344
1350
|
"CVE-2026-2441",
|
|
1345
1351
|
"CVE-2026-25592",
|
|
1346
1352
|
"CVE-2026-34621",
|
|
@@ -1671,6 +1677,8 @@
|
|
|
1671
1677
|
"cve_refs": [
|
|
1672
1678
|
"CVE-2023-47117",
|
|
1673
1679
|
"CVE-2024-12450",
|
|
1680
|
+
"CVE-2025-11371",
|
|
1681
|
+
"CVE-2025-14611",
|
|
1674
1682
|
"CVE-2025-30066",
|
|
1675
1683
|
"CVE-2025-30154",
|
|
1676
1684
|
"CVE-2025-5777",
|
|
@@ -12081,6 +12089,7 @@
|
|
|
12081
12089
|
"_auto_imported": true,
|
|
12082
12090
|
"_intake_method": "mitre-attack-stix",
|
|
12083
12091
|
"cve_refs": [
|
|
12092
|
+
"CVE-2024-1708",
|
|
12084
12093
|
"CVE-2025-2749",
|
|
12085
12094
|
"CVE-2025-31324",
|
|
12086
12095
|
"CVE-2025-49704",
|