@blamejs/exceptd-skills 0.15.2 → 0.15.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +10 -0
- package/data/_indexes/_meta.json +5 -5
- package/data/attack-techniques.json +13 -0
- package/data/cve-catalog.json +266 -93
- package/data/zeroday-lessons.json +657 -209
- package/lib/gap-detectors.js +9 -15
- package/manifest.json +44 -44
- package/package.json +1 -1
- package/sbom.cdx.json +22 -22
- package/scripts/check-catalog-gap-budget.js +7 -5
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,15 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.15.4 — 2026-05-29
|
|
4
|
+
|
|
5
|
+
Draft-curation pass 2. Eight more CISA KEV-listed CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons — the network-service authentication-bypass and code-injection class: Ivanti EPMM (CVE-2026-1281), SmarterTools SmarterMail auth bypass (CVE-2026-23760) and missing-auth (CVE-2026-24423), Cisco Unified Communications code injection (CVE-2026-20045), cPanel & WHM / WP2 missing authentication (CVE-2026-41940), Ivanti EPM authentication bypass (CVE-2026-1603), Cisco Catalyst SD-WAN improper authentication (CVE-2026-20127), and Fortinet multi-product authentication bypass (CVE-2026-24858).
|
|
6
|
+
|
|
7
|
+
The catalog-gap `temporal-staleness` class no longer counts a passed CISA KEV due-date. That date is a fixed external operator-remediation deadline, not a measure of whether a catalog entry's data is current — every historical KEV entry's due-date passes by calendar. The class now reflects only maintainer-controllable data-freshness (source verification, last-updated, and EPSS recency), so `exceptd`'s gap audit no longer reports every aged KEV entry as stale.
|
|
8
|
+
|
|
9
|
+
## 0.15.3 — 2026-05-29
|
|
10
|
+
|
|
11
|
+
Draft-curation pass (1 of an ongoing series). Eight CISA KEV-listed CVE entries that were carried as auto-imported drafts are promoted to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: Apache ActiveMQ (CVE-2026-34197), Microsoft SharePoint deserialization (CVE-2026-20963), BeyondTrust RS/PRA command injection (CVE-2026-1731), Fortinet FortiClient EMS SQL injection (CVE-2026-21643), Ivanti EPMM code injection (CVE-2026-1340), Cisco Secure Firewall Management Center deserialization (CVE-2026-20131), Broadcom VMware Aria Operations command injection (CVE-2026-22719), and Soliton FileZen command injection (CVE-2026-25108). The CVSS, KEV status, and vendor advisories were retained from the verified import; curation adds detection and response guidance.
|
|
12
|
+
|
|
3
13
|
## 0.15.2 — 2026-05-29
|
|
4
14
|
|
|
5
15
|
Every curated catalog entry now carries detection IOCs. The 51 operator-curated CVE/MAL entries that previously lacked an `iocs` block — spanning the actively-exploited perimeter and supply-chain entries (runc, xz-utils, SolarWinds, Citrix, ConnectWise, Cisco SD-WAN, FortiOS), the AI-ecosystem cluster (MLflow, vLLM, Ollama, LangChain, the MCP SDK, Big Sleep AI-discovered bugs), the malicious-package supply-chain worms (Shai-Hulud, ultralytics, the RubyGems/PyPI stealers), and the Pwn2Own appliance chains — now ship behavioral detection indicators derived from each entry's documented vulnerability mechanics, with the indicator provenance recorded per entry. Detection coverage for the curated catalog is now complete.
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-
|
|
3
|
+
"generated_at": "2026-05-29T16:17:03.003Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 54,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
7
|
+
"manifest.json": "6890a34b6c35eb92b41a78659b2ac070023943602061fd0285da67ae0c8b8700",
|
|
8
8
|
"data/atlas-ttps.json": "878b4a08bb73c8d20396d85cf433a88f2bc5e7a8cbf7f6ab773ce7ede0a11251",
|
|
9
|
-
"data/attack-techniques.json": "
|
|
10
|
-
"data/cve-catalog.json": "
|
|
9
|
+
"data/attack-techniques.json": "ecf58df3bb4828d160c489ec8bba98aef9f7f66eca9bfdd569ed4839178a6a78",
|
|
10
|
+
"data/cve-catalog.json": "b25afd0b41e24cdb15e3c792e9fd12e2fbdc10975541e39328a41bd25693edee",
|
|
11
11
|
"data/cwe-catalog.json": "0fd275c2a61754958d68cea03a92794a67cf1c1d4d609f81a5728334df013ee3",
|
|
12
12
|
"data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
|
|
13
13
|
"data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
"data/framework-control-gaps.json": "29e7b6aa841ddf2530ca5971bdb60d7a715684b2f6264141ad49f0de9a039d78",
|
|
16
16
|
"data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
|
|
17
17
|
"data/rfc-references.json": "b21d03b948c41bc8a854e2f057948ecf844bd8c105848aeb141d1eadf8192c31",
|
|
18
|
-
"data/zeroday-lessons.json": "
|
|
18
|
+
"data/zeroday-lessons.json": "4435378f8b4870e1088843e78adf69ea22c8b27e21969db061ebea56da412639",
|
|
19
19
|
"skills/kernel-lpe-triage/skill.md": "0f79c641cef6e5f4a942eb94f43c460562bf83dfb67ae112d146c39c6b320fb0",
|
|
20
20
|
"skills/ai-attack-surface/skill.md": "2880499993e0e69e3897a9d02b5e83aa0462c86a4dd2c1988b9968e375704a1f",
|
|
21
21
|
"skills/mcp-agent-trust/skill.md": "0752834acde0303d6d1e36be4b320eac3d34fde715bb8d71f3ad9e801d701482",
|
|
@@ -322,13 +322,19 @@
|
|
|
322
322
|
"CVE-2025-68668",
|
|
323
323
|
"CVE-2025-8747",
|
|
324
324
|
"CVE-2026-0766",
|
|
325
|
+
"CVE-2026-1281",
|
|
326
|
+
"CVE-2026-1340",
|
|
327
|
+
"CVE-2026-1731",
|
|
328
|
+
"CVE-2026-20045",
|
|
325
329
|
"CVE-2026-21858",
|
|
326
330
|
"CVE-2026-21877",
|
|
327
331
|
"CVE-2026-22252",
|
|
328
332
|
"CVE-2026-22688",
|
|
333
|
+
"CVE-2026-22719",
|
|
329
334
|
"CVE-2026-22778",
|
|
330
335
|
"CVE-2026-24213",
|
|
331
336
|
"CVE-2026-24214",
|
|
337
|
+
"CVE-2026-25108",
|
|
332
338
|
"CVE-2026-25592",
|
|
333
339
|
"CVE-2026-26015",
|
|
334
340
|
"CVE-2026-26190",
|
|
@@ -345,6 +351,7 @@
|
|
|
345
351
|
"CVE-2026-32202",
|
|
346
352
|
"CVE-2026-33017",
|
|
347
353
|
"CVE-2026-34159",
|
|
354
|
+
"CVE-2026-34197",
|
|
348
355
|
"CVE-2026-39884",
|
|
349
356
|
"CVE-2026-39987",
|
|
350
357
|
"CVE-2026-40933",
|
|
@@ -557,6 +564,7 @@
|
|
|
557
564
|
"CVE-2026-20127",
|
|
558
565
|
"CVE-2026-20182",
|
|
559
566
|
"CVE-2026-21858",
|
|
567
|
+
"CVE-2026-23760",
|
|
560
568
|
"CVE-2026-24061",
|
|
561
569
|
"CVE-2026-24423",
|
|
562
570
|
"CVE-2026-24858",
|
|
@@ -1062,9 +1070,11 @@
|
|
|
1062
1070
|
"CVE-2026-0766",
|
|
1063
1071
|
"CVE-2026-1281",
|
|
1064
1072
|
"CVE-2026-1340",
|
|
1073
|
+
"CVE-2026-1603",
|
|
1065
1074
|
"CVE-2026-1731",
|
|
1066
1075
|
"CVE-2026-20045",
|
|
1067
1076
|
"CVE-2026-20122",
|
|
1077
|
+
"CVE-2026-20127",
|
|
1068
1078
|
"CVE-2026-20128",
|
|
1069
1079
|
"CVE-2026-20131",
|
|
1070
1080
|
"CVE-2026-20133",
|
|
@@ -1094,6 +1104,8 @@
|
|
|
1094
1104
|
"CVE-2026-24213",
|
|
1095
1105
|
"CVE-2026-24214",
|
|
1096
1106
|
"CVE-2026-24215",
|
|
1107
|
+
"CVE-2026-24423",
|
|
1108
|
+
"CVE-2026-24858",
|
|
1097
1109
|
"CVE-2026-25108",
|
|
1098
1110
|
"CVE-2026-26015",
|
|
1099
1111
|
"CVE-2026-26190",
|
|
@@ -1116,6 +1128,7 @@
|
|
|
1116
1128
|
"CVE-2026-3910",
|
|
1117
1129
|
"CVE-2026-39987",
|
|
1118
1130
|
"CVE-2026-40933",
|
|
1131
|
+
"CVE-2026-41940",
|
|
1119
1132
|
"CVE-2026-41947",
|
|
1120
1133
|
"CVE-2026-41950",
|
|
1121
1134
|
"CVE-2026-42208",
|