@blamejs/exceptd-skills 0.15.32 → 0.15.34
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +5 -5
- package/data/attack-techniques.json +16 -0
- package/data/cve-catalog.json +256 -90
- package/data/zeroday-lessons.json +627 -207
- package/manifest.json +44 -44
- package/package.json +1 -1
- package/sbom.cdx.json +18 -18
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.15.34 — 2026-05-29
|
|
4
|
+
|
|
5
|
+
Draft-curation pass 31 — authentication bypass and missing authentication. Seven CISA KEV-listed CVEs that grant access without valid credentials are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: the Juniper ScreenOS hardcoded-backdoor credential (CVE-2015-7755), Sangoma FreePBX (CVE-2019-19006) and SKYSEA Client View (CVE-2016-7836) improper authentication, AMI MegaRAC SPx baseboard-management-controller authentication bypass by spoofing (CVE-2024-54085), the Erlang/OTP SSH server pre-authentication remote code execution (CVE-2025-32433), Oracle Fusion Middleware missing authentication (CVE-2025-61757), and the TP-Link TL-WA855RE extender missing authentication (CVE-2020-24363). All map T1190 and T1078; the Erlang flaw also maps T1059. The lessons make the load-bearing point that multi-factor authentication and password policy are irrelevant once authentication is bypassed — the compensating control is restricting the management plane to a trusted network — and that below-the-OS targets (the BMC) and planted backdoors require device rebuild, because firmware-level persistence survives an OS reinstall.
|
|
6
|
+
|
|
7
|
+
## 0.15.33 — 2026-05-29
|
|
8
|
+
|
|
9
|
+
Draft-curation pass 30 — unauthenticated command/code-injection RCE. Eight CISA KEV-listed CVEs where attacker input reaches a shell or interpreter are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: Array Networks ArrayOS AG (CVE-2025-66644), CWP Control Web Panel (CVE-2025-48703), Libraesva Email Security Gateway (CVE-2025-59689), Trend Micro Apex One console (CVE-2025-54948), GNU Bash Shellshock-family parsing (CVE-2014-6278), PHPMailer sender-address injection (CVE-2016-10033), Jenkins CLI Java deserialization (CVE-2017-1000353), and Fortra GoAnywhere MFT license-servlet deserialization (CVE-2025-10035). All map T1190 and T1059. The lessons highlight a high-fidelity detection signal — a shell or interpreter spawned from a web/daemon process — and stress that bundled-library flaws (Bash, PHPMailer) require updating every consumer, while CI, MFT, and EDR-console compromise carries downstream supply-chain and data reach beyond the patched host.
|
|
10
|
+
|
|
3
11
|
## 0.15.32 — 2026-05-29
|
|
4
12
|
|
|
5
13
|
Draft-curation pass 29 — network devices and edge appliances. Seven CISA KEV-listed unauthenticated CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons, spanning enterprise appliances — F5 BIG-IP stack overflow (CVE-2025-53521), HPE OneView code injection (CVE-2025-37164), Versa Concerto SD-WAN orchestrator authentication bypass (CVE-2025-34026) — and SOHO/embedded devices: ASUS router OS command injection (CVE-2023-39780) and authentication bypass (CVE-2021-32030), Digiever DVR missing authorization (CVE-2023-52163), and Sierra Wireless AirLink ALEOS unrestricted upload (CVE-2018-4063). All map T1190, with per-class T1059, T1078, or T1505.003. The lessons split remediation by device class: enterprise appliances must be rebuilt and re-keyed after compromise, while embedded/SOHO devices — often end-of-life and recruited into botnets — require firmware re-flash or replacement rather than patch-in-place.
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-
|
|
3
|
+
"generated_at": "2026-05-30T03:26:11.638Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 54,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
7
|
+
"manifest.json": "74458ac0665d22cbe1d574a3b5cf3eb22b51968b93208deb0832911156160355",
|
|
8
8
|
"data/atlas-ttps.json": "878b4a08bb73c8d20396d85cf433a88f2bc5e7a8cbf7f6ab773ce7ede0a11251",
|
|
9
|
-
"data/attack-techniques.json": "
|
|
10
|
-
"data/cve-catalog.json": "
|
|
9
|
+
"data/attack-techniques.json": "17bcc2da0674c811c9b31fc4c0870adf6e019c90d18852d6f564a656c39eb13d",
|
|
10
|
+
"data/cve-catalog.json": "71ced4e5637b5e6be30fe65d0f6370a2f32e851a066837eaab8d8523499291ae",
|
|
11
11
|
"data/cwe-catalog.json": "0fd275c2a61754958d68cea03a92794a67cf1c1d4d609f81a5728334df013ee3",
|
|
12
12
|
"data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
|
|
13
13
|
"data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
"data/framework-control-gaps.json": "29e7b6aa841ddf2530ca5971bdb60d7a715684b2f6264141ad49f0de9a039d78",
|
|
16
16
|
"data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
|
|
17
17
|
"data/rfc-references.json": "b21d03b948c41bc8a854e2f057948ecf844bd8c105848aeb141d1eadf8192c31",
|
|
18
|
-
"data/zeroday-lessons.json": "
|
|
18
|
+
"data/zeroday-lessons.json": "83eb8a65889305f4fed33a453b1e693e43e929f4ea6d06646eecf0ec4f7caa96",
|
|
19
19
|
"skills/kernel-lpe-triage/skill.md": "0f79c641cef6e5f4a942eb94f43c460562bf83dfb67ae112d146c39c6b320fb0",
|
|
20
20
|
"skills/ai-attack-surface/skill.md": "2880499993e0e69e3897a9d02b5e83aa0462c86a4dd2c1988b9968e375704a1f",
|
|
21
21
|
"skills/mcp-agent-trust/skill.md": "0752834acde0303d6d1e36be4b320eac3d34fde715bb8d71f3ad9e801d701482",
|
|
@@ -272,6 +272,9 @@
|
|
|
272
272
|
"DS0017"
|
|
273
273
|
],
|
|
274
274
|
"cve_refs": [
|
|
275
|
+
"CVE-2014-6278",
|
|
276
|
+
"CVE-2016-10033",
|
|
277
|
+
"CVE-2017-1000353",
|
|
275
278
|
"CVE-2020-25078",
|
|
276
279
|
"CVE-2020-25079",
|
|
277
280
|
"CVE-2022-1471",
|
|
@@ -303,6 +306,7 @@
|
|
|
303
306
|
"CVE-2024-5565",
|
|
304
307
|
"CVE-2024-56145",
|
|
305
308
|
"CVE-2024-8069",
|
|
309
|
+
"CVE-2025-10035",
|
|
306
310
|
"CVE-2025-10164",
|
|
307
311
|
"CVE-2025-1094",
|
|
308
312
|
"CVE-2025-11837",
|
|
@@ -316,6 +320,7 @@
|
|
|
316
320
|
"CVE-2025-29635",
|
|
317
321
|
"CVE-2025-30165",
|
|
318
322
|
"CVE-2025-32432",
|
|
323
|
+
"CVE-2025-32433",
|
|
319
324
|
"CVE-2025-32434",
|
|
320
325
|
"CVE-2025-32444",
|
|
321
326
|
"CVE-2025-3248",
|
|
@@ -326,6 +331,7 @@
|
|
|
326
331
|
"CVE-2025-40551",
|
|
327
332
|
"CVE-2025-4428",
|
|
328
333
|
"CVE-2025-47812",
|
|
334
|
+
"CVE-2025-48703",
|
|
329
335
|
"CVE-2025-49113",
|
|
330
336
|
"CVE-2025-49596",
|
|
331
337
|
"CVE-2025-49704",
|
|
@@ -336,13 +342,16 @@
|
|
|
336
342
|
"CVE-2025-54068",
|
|
337
343
|
"CVE-2025-54136",
|
|
338
344
|
"CVE-2025-54253",
|
|
345
|
+
"CVE-2025-54948",
|
|
339
346
|
"CVE-2025-55319",
|
|
340
347
|
"CVE-2025-58034",
|
|
348
|
+
"CVE-2025-59689",
|
|
341
349
|
"CVE-2025-60455",
|
|
342
350
|
"CVE-2025-61882",
|
|
343
351
|
"CVE-2025-6204",
|
|
344
352
|
"CVE-2025-64328",
|
|
345
353
|
"CVE-2025-64496",
|
|
354
|
+
"CVE-2025-66644",
|
|
346
355
|
"CVE-2025-68613",
|
|
347
356
|
"CVE-2025-68645",
|
|
348
357
|
"CVE-2025-68664",
|
|
@@ -590,6 +599,7 @@
|
|
|
590
599
|
"cve_refs": [
|
|
591
600
|
"BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
|
|
592
601
|
"CVE-2015-7755",
|
|
602
|
+
"CVE-2016-7836",
|
|
593
603
|
"CVE-2017-7921",
|
|
594
604
|
"CVE-2019-19006",
|
|
595
605
|
"CVE-2019-6693",
|
|
@@ -611,6 +621,7 @@
|
|
|
611
621
|
"CVE-2025-2746",
|
|
612
622
|
"CVE-2025-2747",
|
|
613
623
|
"CVE-2025-31161",
|
|
624
|
+
"CVE-2025-32433",
|
|
614
625
|
"CVE-2025-32975",
|
|
615
626
|
"CVE-2025-34026",
|
|
616
627
|
"CVE-2025-3935",
|
|
@@ -946,14 +957,17 @@
|
|
|
946
957
|
"CVE-2008-0015",
|
|
947
958
|
"CVE-2008-4250",
|
|
948
959
|
"CVE-2014-6278",
|
|
960
|
+
"CVE-2015-7755",
|
|
949
961
|
"CVE-2016-10033",
|
|
950
962
|
"CVE-2016-7836",
|
|
951
963
|
"CVE-2017-1000353",
|
|
952
964
|
"CVE-2017-7921",
|
|
953
965
|
"CVE-2018-4063",
|
|
966
|
+
"CVE-2019-19006",
|
|
954
967
|
"CVE-2019-6693",
|
|
955
968
|
"CVE-2019-9621",
|
|
956
969
|
"CVE-2020-10148",
|
|
970
|
+
"CVE-2020-24363",
|
|
957
971
|
"CVE-2020-25078",
|
|
958
972
|
"CVE-2020-25079",
|
|
959
973
|
"CVE-2020-7796",
|
|
@@ -1009,6 +1023,7 @@
|
|
|
1009
1023
|
"CVE-2024-43468",
|
|
1010
1024
|
"CVE-2024-4889",
|
|
1011
1025
|
"CVE-2024-50050",
|
|
1026
|
+
"CVE-2024-54085",
|
|
1012
1027
|
"CVE-2024-56145",
|
|
1013
1028
|
"CVE-2024-57726",
|
|
1014
1029
|
"CVE-2024-57728",
|
|
@@ -1113,6 +1128,7 @@
|
|
|
1113
1128
|
"CVE-2025-59389",
|
|
1114
1129
|
"CVE-2025-59689",
|
|
1115
1130
|
"CVE-2025-59718",
|
|
1131
|
+
"CVE-2025-61757",
|
|
1116
1132
|
"CVE-2025-61882",
|
|
1117
1133
|
"CVE-2025-61932",
|
|
1118
1134
|
"CVE-2025-6204",
|