@blamejs/exceptd-skills 0.15.18 → 0.15.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +5 -5
- package/data/attack-techniques.json +15 -0
- package/data/cve-catalog.json +269 -94
- package/data/zeroday-lessons.json +660 -212
- package/manifest.json +44 -44
- package/package.json +1 -1
- package/sbom.cdx.json +18 -18
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.15.20 — 2026-05-29
|
|
4
|
+
|
|
5
|
+
Draft-curation pass 18 — internet-facing network devices. Eight CISA KEV-listed unauthenticated CVEs on SOHO routers, a telephony appliance, and a firewall are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: TP-Link routers (CVE-2023-50224 authentication bypass, CVE-2025-9377 and CVE-2023-33538 command injection), DrayTek Vigor command injection (CVE-2024-12987), Sangoma FreePBX (CVE-2025-64328 command injection, CVE-2025-57819 authentication bypass + SQL injection), and WatchGuard Firebox out-of-bounds-write RCE (CVE-2025-14733, CVE-2025-9242). All map T1190, with per-class T1059 (command injection) or T1078 (auth bypass). The lessons account for the realities of edge devices: end-of-life firmware that can only be replaced, recruitment into botnets and operational-relay networks, telephony toll fraud on the PBX, and the requirement to re-flash/rebuild and rotate secrets rather than patch in place.
|
|
6
|
+
|
|
7
|
+
## 0.15.19 — 2026-05-29
|
|
8
|
+
|
|
9
|
+
Draft-curation pass 17 — enterprise server-side applications. Eight CISA KEV-listed unauthenticated CVEs across manufacturing-operations, file-sharing, and remote-management software are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: Dassault Systèmes DELMIA Apriso (CVE-2025-6204 code injection, CVE-2025-5086 deserialization, CVE-2025-6205 missing authorization), Gladinet CentreStack/Triofox (CVE-2025-14611 hard-coded cryptographic key, CVE-2025-11371 file disclosure leaking the machine key, CVE-2025-12480 improper access control), and ConnectWise ScreenConnect (CVE-2024-1708 path traversal, CVE-2025-3935 authentication bypass). All map T1190, with per-class T1059, T1078, T1552 (key disclosure/forgery), or T1505.003. The lessons stress that key-disclosure and authentication-bypass flaws require cryptographic-key rotation — not just patching — and that RMM/file-sharing/MES compromise extends the blast radius to downstream and OT-adjacent systems.
|
|
10
|
+
|
|
3
11
|
## 0.15.18 — 2026-05-29
|
|
4
12
|
|
|
5
13
|
Draft-curation pass 16 — non-Windows kernel/driver LPE. Seven CISA KEV-listed local-privilege-escalation CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: Qualcomm Adreno GPU / chipset flaws (CVE-2026-21385 integer overflow, CVE-2025-21479 and CVE-2025-21480 incorrect-authorization GPU flaws used in Android targeted chains, CVE-2025-27038 use-after-free) and Linux kernel flaws (CVE-2018-14634 "Mutagen Astronomy" integer overflow, CVE-2021-22555 netfilter heap out-of-bounds write, CVE-2023-0386 OverlayFS ownership). All map T1068 (Exploitation for Privilege Escalation). The lessons give platform-correct remediation — Android Security Bulletin OTA updates and MDM-enforced SLAs for the chipset entries, distribution kernel updates or live-patching plus kernel hardening for the Linux entries — and frame these as the escalation half of the attack chain.
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-29T22:
|
|
3
|
+
"generated_at": "2026-05-29T22:55:20.691Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 54,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
7
|
+
"manifest.json": "7640dcd9f6dc38db1d06746d3c36ef7e0a6b0a45efcd4f9b142fede7f3f2ba2e",
|
|
8
8
|
"data/atlas-ttps.json": "878b4a08bb73c8d20396d85cf433a88f2bc5e7a8cbf7f6ab773ce7ede0a11251",
|
|
9
|
-
"data/attack-techniques.json": "
|
|
10
|
-
"data/cve-catalog.json": "
|
|
9
|
+
"data/attack-techniques.json": "490dfaf830d6a0f56e63389ef8815ea92aed95a35daf043862ffe56c13577ae5",
|
|
10
|
+
"data/cve-catalog.json": "b338560dddd999310946c1ee58bf8eb69ef732bd01238f104091745a0a682a95",
|
|
11
11
|
"data/cwe-catalog.json": "0fd275c2a61754958d68cea03a92794a67cf1c1d4d609f81a5728334df013ee3",
|
|
12
12
|
"data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
|
|
13
13
|
"data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
"data/framework-control-gaps.json": "29e7b6aa841ddf2530ca5971bdb60d7a715684b2f6264141ad49f0de9a039d78",
|
|
16
16
|
"data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
|
|
17
17
|
"data/rfc-references.json": "b21d03b948c41bc8a854e2f057948ecf844bd8c105848aeb141d1eadf8192c31",
|
|
18
|
-
"data/zeroday-lessons.json": "
|
|
18
|
+
"data/zeroday-lessons.json": "69c8ac314be428c81c53834d180414f34d3c838c7d09349d1a546742ec305c2f",
|
|
19
19
|
"skills/kernel-lpe-triage/skill.md": "0f79c641cef6e5f4a942eb94f43c460562bf83dfb67ae112d146c39c6b320fb0",
|
|
20
20
|
"skills/ai-attack-surface/skill.md": "2880499993e0e69e3897a9d02b5e83aa0462c86a4dd2c1988b9968e375704a1f",
|
|
21
21
|
"skills/mcp-agent-trust/skill.md": "0752834acde0303d6d1e36be4b320eac3d34fde715bb8d71f3ad9e801d701482",
|
|
@@ -275,6 +275,7 @@
|
|
|
275
275
|
"CVE-2020-25078",
|
|
276
276
|
"CVE-2020-25079",
|
|
277
277
|
"CVE-2022-1471",
|
|
278
|
+
"CVE-2023-33538",
|
|
278
279
|
"CVE-2023-43654",
|
|
279
280
|
"CVE-2023-44467",
|
|
280
281
|
"CVE-2023-48022",
|
|
@@ -285,6 +286,7 @@
|
|
|
285
286
|
"CVE-2024-11393",
|
|
286
287
|
"CVE-2024-11394",
|
|
287
288
|
"CVE-2024-12366",
|
|
289
|
+
"CVE-2024-12987",
|
|
288
290
|
"CVE-2024-13059",
|
|
289
291
|
"CVE-2024-21513",
|
|
290
292
|
"CVE-2024-21575",
|
|
@@ -324,18 +326,22 @@
|
|
|
324
326
|
"CVE-2025-49113",
|
|
325
327
|
"CVE-2025-49596",
|
|
326
328
|
"CVE-2025-49704",
|
|
329
|
+
"CVE-2025-5086",
|
|
327
330
|
"CVE-2025-51480",
|
|
328
331
|
"CVE-2025-53773",
|
|
329
332
|
"CVE-2025-54136",
|
|
330
333
|
"CVE-2025-55319",
|
|
331
334
|
"CVE-2025-58034",
|
|
332
335
|
"CVE-2025-60455",
|
|
336
|
+
"CVE-2025-6204",
|
|
337
|
+
"CVE-2025-64328",
|
|
333
338
|
"CVE-2025-64496",
|
|
334
339
|
"CVE-2025-68645",
|
|
335
340
|
"CVE-2025-68664",
|
|
336
341
|
"CVE-2025-68665",
|
|
337
342
|
"CVE-2025-68668",
|
|
338
343
|
"CVE-2025-8747",
|
|
344
|
+
"CVE-2025-9377",
|
|
339
345
|
"CVE-2026-0766",
|
|
340
346
|
"CVE-2026-1281",
|
|
341
347
|
"CVE-2026-1340",
|
|
@@ -580,6 +586,7 @@
|
|
|
580
586
|
"CVE-2024-12776",
|
|
581
587
|
"CVE-2024-1709",
|
|
582
588
|
"CVE-2024-54085",
|
|
589
|
+
"CVE-2025-12480",
|
|
583
590
|
"CVE-2025-1796",
|
|
584
591
|
"CVE-2025-21085",
|
|
585
592
|
"CVE-2025-2746",
|
|
@@ -587,9 +594,12 @@
|
|
|
587
594
|
"CVE-2025-31161",
|
|
588
595
|
"CVE-2025-32975",
|
|
589
596
|
"CVE-2025-34026",
|
|
597
|
+
"CVE-2025-3935",
|
|
590
598
|
"CVE-2025-4427",
|
|
591
599
|
"CVE-2025-49706",
|
|
600
|
+
"CVE-2025-57819",
|
|
592
601
|
"CVE-2025-61757",
|
|
602
|
+
"CVE-2025-6205",
|
|
593
603
|
"CVE-2025-64513",
|
|
594
604
|
"CVE-2025-69286",
|
|
595
605
|
"CVE-2026-1603",
|
|
@@ -944,6 +954,7 @@
|
|
|
944
954
|
"CVE-2023-43791",
|
|
945
955
|
"CVE-2023-47117",
|
|
946
956
|
"CVE-2023-48022",
|
|
957
|
+
"CVE-2023-50224",
|
|
947
958
|
"CVE-2023-51449",
|
|
948
959
|
"CVE-2023-52163",
|
|
949
960
|
"CVE-2023-6016",
|
|
@@ -955,6 +966,7 @@
|
|
|
955
966
|
"CVE-2024-12987",
|
|
956
967
|
"CVE-2024-13059",
|
|
957
968
|
"CVE-2024-1561",
|
|
969
|
+
"CVE-2024-1708",
|
|
958
970
|
"CVE-2024-1709",
|
|
959
971
|
"CVE-2024-21575",
|
|
960
972
|
"CVE-2024-21576",
|
|
@@ -1671,6 +1683,8 @@
|
|
|
1671
1683
|
"cve_refs": [
|
|
1672
1684
|
"CVE-2023-47117",
|
|
1673
1685
|
"CVE-2024-12450",
|
|
1686
|
+
"CVE-2025-11371",
|
|
1687
|
+
"CVE-2025-14611",
|
|
1674
1688
|
"CVE-2025-30066",
|
|
1675
1689
|
"CVE-2025-30154",
|
|
1676
1690
|
"CVE-2025-5777",
|
|
@@ -12081,6 +12095,7 @@
|
|
|
12081
12095
|
"_auto_imported": true,
|
|
12082
12096
|
"_intake_method": "mitre-attack-stix",
|
|
12083
12097
|
"cve_refs": [
|
|
12098
|
+
"CVE-2024-1708",
|
|
12084
12099
|
"CVE-2025-2749",
|
|
12085
12100
|
"CVE-2025-31324",
|
|
12086
12101
|
"CVE-2025-49704",
|