@blamejs/exceptd-skills 0.15.3 → 0.15.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +10 -0
- package/data/_indexes/_meta.json +5 -5
- package/data/attack-techniques.json +11 -3
- package/data/cve-catalog.json +199 -71
- package/data/zeroday-lessons.json +479 -163
- package/lib/gap-detectors.js +9 -15
- package/manifest.json +44 -44
- package/package.json +1 -1
- package/sbom.cdx.json +22 -22
- package/scripts/check-catalog-gap-budget.js +7 -5
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,15 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.15.5 — 2026-05-29
|
|
4
|
+
|
|
5
|
+
Draft-curation pass 3 — the client-side memory-corruption class. Four CISA KEV-listed browser/document-reader RCEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, a matching zero-day lesson, and ATT&CK enrichment to T1203 (Exploitation for Client Execution) rather than the network-service T1190: Google Chrome Skia out-of-bounds write (CVE-2026-3909), Chrome Dawn/WebGPU use-after-free (CVE-2026-5281), Chrome V8 memory-buffer flaw (CVE-2026-3910), and Adobe Acrobat/Reader prototype pollution (CVE-2026-34621). The lessons frame remediation as endpoint/browser patch-SLA (same-day auto-update vs. managed change windows) rather than perimeter patching.
|
|
6
|
+
|
|
7
|
+
## 0.15.4 — 2026-05-29
|
|
8
|
+
|
|
9
|
+
Draft-curation pass 2. Eight more CISA KEV-listed CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons — the network-service authentication-bypass and code-injection class: Ivanti EPMM (CVE-2026-1281), SmarterTools SmarterMail auth bypass (CVE-2026-23760) and missing-auth (CVE-2026-24423), Cisco Unified Communications code injection (CVE-2026-20045), cPanel & WHM / WP2 missing authentication (CVE-2026-41940), Ivanti EPM authentication bypass (CVE-2026-1603), Cisco Catalyst SD-WAN improper authentication (CVE-2026-20127), and Fortinet multi-product authentication bypass (CVE-2026-24858).
|
|
10
|
+
|
|
11
|
+
The catalog-gap `temporal-staleness` class no longer counts a passed CISA KEV due-date. That date is a fixed external operator-remediation deadline, not a measure of whether a catalog entry's data is current — every historical KEV entry's due-date passes by calendar. The class now reflects only maintainer-controllable data-freshness (source verification, last-updated, and EPSS recency), so `exceptd`'s gap audit no longer reports every aged KEV entry as stale.
|
|
12
|
+
|
|
3
13
|
## 0.15.3 — 2026-05-29
|
|
4
14
|
|
|
5
15
|
Draft-curation pass (1 of an ongoing series). Eight CISA KEV-listed CVE entries that were carried as auto-imported drafts are promoted to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: Apache ActiveMQ (CVE-2026-34197), Microsoft SharePoint deserialization (CVE-2026-20963), BeyondTrust RS/PRA command injection (CVE-2026-1731), Fortinet FortiClient EMS SQL injection (CVE-2026-21643), Ivanti EPMM code injection (CVE-2026-1340), Cisco Secure Firewall Management Center deserialization (CVE-2026-20131), Broadcom VMware Aria Operations command injection (CVE-2026-22719), and Soliton FileZen command injection (CVE-2026-25108). The CVSS, KEV status, and vendor advisories were retained from the verified import; curation adds detection and response guidance.
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-
|
|
3
|
+
"generated_at": "2026-05-29T17:12:20.887Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 54,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
7
|
+
"manifest.json": "90e8775a672249381101e97d139798c3066b548ad2ad654e5f9b54fb04970032",
|
|
8
8
|
"data/atlas-ttps.json": "878b4a08bb73c8d20396d85cf433a88f2bc5e7a8cbf7f6ab773ce7ede0a11251",
|
|
9
|
-
"data/attack-techniques.json": "
|
|
10
|
-
"data/cve-catalog.json": "
|
|
9
|
+
"data/attack-techniques.json": "9dfd1cfc0eafa912ac5dc7dbbe159df0ca2cbc7803e3f53fda22d8da3f4e93f5",
|
|
10
|
+
"data/cve-catalog.json": "b47297007f157d4100b9a5b84f9da82718eccd597e825232c7dad3aace2647d3",
|
|
11
11
|
"data/cwe-catalog.json": "0fd275c2a61754958d68cea03a92794a67cf1c1d4d609f81a5728334df013ee3",
|
|
12
12
|
"data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
|
|
13
13
|
"data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
"data/framework-control-gaps.json": "29e7b6aa841ddf2530ca5971bdb60d7a715684b2f6264141ad49f0de9a039d78",
|
|
16
16
|
"data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
|
|
17
17
|
"data/rfc-references.json": "b21d03b948c41bc8a854e2f057948ecf844bd8c105848aeb141d1eadf8192c31",
|
|
18
|
-
"data/zeroday-lessons.json": "
|
|
18
|
+
"data/zeroday-lessons.json": "0482d05de4bc26f87c92417cb99c82fd1fdcf820d766eaed5bc7eb734865ff4d",
|
|
19
19
|
"skills/kernel-lpe-triage/skill.md": "0f79c641cef6e5f4a942eb94f43c460562bf83dfb67ae112d146c39c6b320fb0",
|
|
20
20
|
"skills/ai-attack-surface/skill.md": "2880499993e0e69e3897a9d02b5e83aa0462c86a4dd2c1988b9968e375704a1f",
|
|
21
21
|
"skills/mcp-agent-trust/skill.md": "0752834acde0303d6d1e36be4b320eac3d34fde715bb8d71f3ad9e801d701482",
|
|
@@ -322,8 +322,10 @@
|
|
|
322
322
|
"CVE-2025-68668",
|
|
323
323
|
"CVE-2025-8747",
|
|
324
324
|
"CVE-2026-0766",
|
|
325
|
+
"CVE-2026-1281",
|
|
325
326
|
"CVE-2026-1340",
|
|
326
327
|
"CVE-2026-1731",
|
|
328
|
+
"CVE-2026-20045",
|
|
327
329
|
"CVE-2026-21858",
|
|
328
330
|
"CVE-2026-21877",
|
|
329
331
|
"CVE-2026-22252",
|
|
@@ -562,6 +564,7 @@
|
|
|
562
564
|
"CVE-2026-20127",
|
|
563
565
|
"CVE-2026-20182",
|
|
564
566
|
"CVE-2026-21858",
|
|
567
|
+
"CVE-2026-23760",
|
|
565
568
|
"CVE-2026-24061",
|
|
566
569
|
"CVE-2026-24423",
|
|
567
570
|
"CVE-2026-24858",
|
|
@@ -1067,9 +1070,11 @@
|
|
|
1067
1070
|
"CVE-2026-0766",
|
|
1068
1071
|
"CVE-2026-1281",
|
|
1069
1072
|
"CVE-2026-1340",
|
|
1073
|
+
"CVE-2026-1603",
|
|
1070
1074
|
"CVE-2026-1731",
|
|
1071
1075
|
"CVE-2026-20045",
|
|
1072
1076
|
"CVE-2026-20122",
|
|
1077
|
+
"CVE-2026-20127",
|
|
1073
1078
|
"CVE-2026-20128",
|
|
1074
1079
|
"CVE-2026-20131",
|
|
1075
1080
|
"CVE-2026-20133",
|
|
@@ -1099,6 +1104,8 @@
|
|
|
1099
1104
|
"CVE-2026-24213",
|
|
1100
1105
|
"CVE-2026-24214",
|
|
1101
1106
|
"CVE-2026-24215",
|
|
1107
|
+
"CVE-2026-24423",
|
|
1108
|
+
"CVE-2026-24858",
|
|
1102
1109
|
"CVE-2026-25108",
|
|
1103
1110
|
"CVE-2026-26015",
|
|
1104
1111
|
"CVE-2026-26190",
|
|
@@ -1114,13 +1121,11 @@
|
|
|
1114
1121
|
"CVE-2026-33634",
|
|
1115
1122
|
"CVE-2026-34159",
|
|
1116
1123
|
"CVE-2026-34197",
|
|
1117
|
-
"CVE-2026-34621",
|
|
1118
1124
|
"CVE-2026-3502",
|
|
1119
1125
|
"CVE-2026-35616",
|
|
1120
|
-
"CVE-2026-3909",
|
|
1121
|
-
"CVE-2026-3910",
|
|
1122
1126
|
"CVE-2026-39987",
|
|
1123
1127
|
"CVE-2026-40933",
|
|
1128
|
+
"CVE-2026-41940",
|
|
1124
1129
|
"CVE-2026-41947",
|
|
1125
1130
|
"CVE-2026-41950",
|
|
1126
1131
|
"CVE-2026-42208",
|
|
@@ -1295,6 +1300,9 @@
|
|
|
1295
1300
|
"CVE-2026-21385",
|
|
1296
1301
|
"CVE-2026-2441",
|
|
1297
1302
|
"CVE-2026-25592",
|
|
1303
|
+
"CVE-2026-34621",
|
|
1304
|
+
"CVE-2026-3909",
|
|
1305
|
+
"CVE-2026-3910",
|
|
1298
1306
|
"CVE-2026-5281",
|
|
1299
1307
|
"MAL-2025-AI-FOUND-FFMPEG-BIGSLEEP"
|
|
1300
1308
|
],
|