@blamejs/exceptd-skills 0.15.50 → 0.15.51
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/data/_indexes/_meta.json +10 -10
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +6 -6
- package/data/_indexes/chains.json +775 -0
- package/data/_indexes/section-offsets.json +25 -25
- package/data/_indexes/token-budget.json +9 -9
- package/data/attack-techniques.json +30 -9
- package/data/cve-catalog.json +455 -7
- package/data/cwe-catalog.json +15 -5
- package/data/framework-control-gaps.json +29 -10
- package/data/playbooks/sbom.json +60 -1
- package/data/zeroday-lessons.json +251 -1
- package/manifest.json +45 -45
- package/package.json +1 -1
- package/sbom.cdx.json +26 -26
- package/skills/supply-chain-integrity/skill.md +2 -0
|
@@ -7,6 +7,727 @@
|
|
|
7
7
|
"CWE"
|
|
8
8
|
]
|
|
9
9
|
},
|
|
10
|
+
"CVE-2022-23812": {
|
|
11
|
+
"name": "node-ipc geo-targeted file-wiper protestware (RU/BY heart-emoji overwrite; peacenotwar dropper in 11.0.0+)",
|
|
12
|
+
"rwep": 27,
|
|
13
|
+
"cvss": 9.8,
|
|
14
|
+
"cisa_kev": false,
|
|
15
|
+
"epss_score": null,
|
|
16
|
+
"referencing_skills": [
|
|
17
|
+
"fuzz-testing-strategy",
|
|
18
|
+
"supply-chain-integrity",
|
|
19
|
+
"coordinated-vuln-disclosure",
|
|
20
|
+
"threat-modeling-methodology",
|
|
21
|
+
"webapp-security",
|
|
22
|
+
"sector-federal-government",
|
|
23
|
+
"api-security",
|
|
24
|
+
"mlops-security"
|
|
25
|
+
],
|
|
26
|
+
"chain": {
|
|
27
|
+
"cwes": [
|
|
28
|
+
{
|
|
29
|
+
"id": "CWE-1188",
|
|
30
|
+
"name": "Initialization of a Resource with an Insecure Default",
|
|
31
|
+
"category": "Configuration"
|
|
32
|
+
},
|
|
33
|
+
{
|
|
34
|
+
"id": "CWE-125",
|
|
35
|
+
"name": "Out-of-bounds Read",
|
|
36
|
+
"category": "Memory Safety"
|
|
37
|
+
},
|
|
38
|
+
{
|
|
39
|
+
"id": "CWE-1357",
|
|
40
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
41
|
+
"category": "Supply Chain"
|
|
42
|
+
},
|
|
43
|
+
{
|
|
44
|
+
"id": "CWE-1395",
|
|
45
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
46
|
+
"category": "Supply Chain"
|
|
47
|
+
},
|
|
48
|
+
{
|
|
49
|
+
"id": "CWE-1426",
|
|
50
|
+
"name": "Improper Validation of Generative AI Output",
|
|
51
|
+
"category": "AI/ML"
|
|
52
|
+
},
|
|
53
|
+
{
|
|
54
|
+
"id": "CWE-20",
|
|
55
|
+
"name": "Improper Input Validation",
|
|
56
|
+
"category": "Validation"
|
|
57
|
+
},
|
|
58
|
+
{
|
|
59
|
+
"id": "CWE-200",
|
|
60
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
61
|
+
"category": "Information Exposure"
|
|
62
|
+
},
|
|
63
|
+
{
|
|
64
|
+
"id": "CWE-22",
|
|
65
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
66
|
+
"category": "Path/Resource"
|
|
67
|
+
},
|
|
68
|
+
{
|
|
69
|
+
"id": "CWE-269",
|
|
70
|
+
"name": "Improper Privilege Management",
|
|
71
|
+
"category": "Authorization"
|
|
72
|
+
},
|
|
73
|
+
{
|
|
74
|
+
"id": "CWE-287",
|
|
75
|
+
"name": "Improper Authentication",
|
|
76
|
+
"category": "Authentication"
|
|
77
|
+
},
|
|
78
|
+
{
|
|
79
|
+
"id": "CWE-352",
|
|
80
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
81
|
+
"category": "Session"
|
|
82
|
+
},
|
|
83
|
+
{
|
|
84
|
+
"id": "CWE-362",
|
|
85
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
86
|
+
"category": "Concurrency"
|
|
87
|
+
},
|
|
88
|
+
{
|
|
89
|
+
"id": "CWE-416",
|
|
90
|
+
"name": "Use After Free",
|
|
91
|
+
"category": "Memory Safety"
|
|
92
|
+
},
|
|
93
|
+
{
|
|
94
|
+
"id": "CWE-434",
|
|
95
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
96
|
+
"category": "File Handling"
|
|
97
|
+
},
|
|
98
|
+
{
|
|
99
|
+
"id": "CWE-494",
|
|
100
|
+
"name": "Download of Code Without Integrity Check",
|
|
101
|
+
"category": "Supply Chain"
|
|
102
|
+
},
|
|
103
|
+
{
|
|
104
|
+
"id": "CWE-502",
|
|
105
|
+
"name": "Deserialization of Untrusted Data",
|
|
106
|
+
"category": "Serialization"
|
|
107
|
+
},
|
|
108
|
+
{
|
|
109
|
+
"id": "CWE-732",
|
|
110
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
111
|
+
"category": "Authorization"
|
|
112
|
+
},
|
|
113
|
+
{
|
|
114
|
+
"id": "CWE-77",
|
|
115
|
+
"name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
|
|
116
|
+
"category": "Injection"
|
|
117
|
+
},
|
|
118
|
+
{
|
|
119
|
+
"id": "CWE-78",
|
|
120
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
121
|
+
"category": "Injection"
|
|
122
|
+
},
|
|
123
|
+
{
|
|
124
|
+
"id": "CWE-787",
|
|
125
|
+
"name": "Out-of-bounds Write",
|
|
126
|
+
"category": "Memory Safety"
|
|
127
|
+
},
|
|
128
|
+
{
|
|
129
|
+
"id": "CWE-79",
|
|
130
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
131
|
+
"category": "Injection"
|
|
132
|
+
},
|
|
133
|
+
{
|
|
134
|
+
"id": "CWE-829",
|
|
135
|
+
"name": "Inclusion of Functionality from Untrusted Control Sphere",
|
|
136
|
+
"category": "Supply Chain"
|
|
137
|
+
},
|
|
138
|
+
{
|
|
139
|
+
"id": "CWE-862",
|
|
140
|
+
"name": "Missing Authorization",
|
|
141
|
+
"category": "Authorization"
|
|
142
|
+
},
|
|
143
|
+
{
|
|
144
|
+
"id": "CWE-863",
|
|
145
|
+
"name": "Incorrect Authorization",
|
|
146
|
+
"category": "Authorization"
|
|
147
|
+
},
|
|
148
|
+
{
|
|
149
|
+
"id": "CWE-89",
|
|
150
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
151
|
+
"category": "Injection"
|
|
152
|
+
},
|
|
153
|
+
{
|
|
154
|
+
"id": "CWE-918",
|
|
155
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
156
|
+
"category": "Network"
|
|
157
|
+
},
|
|
158
|
+
{
|
|
159
|
+
"id": "CWE-94",
|
|
160
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
161
|
+
"category": "Injection"
|
|
162
|
+
}
|
|
163
|
+
],
|
|
164
|
+
"atlas": [
|
|
165
|
+
{
|
|
166
|
+
"id": "AML.T0010",
|
|
167
|
+
"name": "ML Supply Chain Compromise",
|
|
168
|
+
"tactic": "Initial Access"
|
|
169
|
+
},
|
|
170
|
+
{
|
|
171
|
+
"id": "AML.T0017",
|
|
172
|
+
"name": "Discover ML Model Ontology",
|
|
173
|
+
"tactic": "Discovery"
|
|
174
|
+
},
|
|
175
|
+
{
|
|
176
|
+
"id": "AML.T0018",
|
|
177
|
+
"name": "Backdoor ML Model",
|
|
178
|
+
"tactic": "Persistence"
|
|
179
|
+
},
|
|
180
|
+
{
|
|
181
|
+
"id": "AML.T0020",
|
|
182
|
+
"name": "Poison Training Data",
|
|
183
|
+
"tactic": "ML Attack Staging"
|
|
184
|
+
},
|
|
185
|
+
{
|
|
186
|
+
"id": "AML.T0043",
|
|
187
|
+
"name": "Craft Adversarial Data",
|
|
188
|
+
"tactic": "ML Attack Staging"
|
|
189
|
+
},
|
|
190
|
+
{
|
|
191
|
+
"id": "AML.T0051",
|
|
192
|
+
"name": "LLM Prompt Injection",
|
|
193
|
+
"tactic": "Execution"
|
|
194
|
+
},
|
|
195
|
+
{
|
|
196
|
+
"id": "AML.T0096",
|
|
197
|
+
"name": "AI API as Covert C2 Channel",
|
|
198
|
+
"tactic": "Command and Control"
|
|
199
|
+
}
|
|
200
|
+
],
|
|
201
|
+
"d3fend": [
|
|
202
|
+
{
|
|
203
|
+
"id": "D3-CBAN",
|
|
204
|
+
"name": "Certificate-based Authentication",
|
|
205
|
+
"tactic": "Harden"
|
|
206
|
+
},
|
|
207
|
+
{
|
|
208
|
+
"id": "D3-EAL",
|
|
209
|
+
"name": "Executable Allowlisting",
|
|
210
|
+
"tactic": "Harden"
|
|
211
|
+
},
|
|
212
|
+
{
|
|
213
|
+
"id": "D3-EHB",
|
|
214
|
+
"name": "Executable Hashbased Allowlist",
|
|
215
|
+
"tactic": "Harden"
|
|
216
|
+
},
|
|
217
|
+
{
|
|
218
|
+
"id": "D3-IOPR",
|
|
219
|
+
"name": "Input/Output Profiling Resource",
|
|
220
|
+
"tactic": "Detect"
|
|
221
|
+
},
|
|
222
|
+
{
|
|
223
|
+
"id": "D3-PSEP",
|
|
224
|
+
"name": "Process Segment Execution Prevention",
|
|
225
|
+
"tactic": "Harden"
|
|
226
|
+
}
|
|
227
|
+
],
|
|
228
|
+
"framework_gaps": [
|
|
229
|
+
{
|
|
230
|
+
"id": "CMMC-2.0-Level-2",
|
|
231
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
232
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
233
|
+
},
|
|
234
|
+
{
|
|
235
|
+
"id": "CycloneDX-v1.6-SBOM",
|
|
236
|
+
"framework": "CycloneDX v1.6 (OWASP SBOM standard)",
|
|
237
|
+
"control_name": "Software Bill of Materials"
|
|
238
|
+
},
|
|
239
|
+
{
|
|
240
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
241
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
242
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
243
|
+
},
|
|
244
|
+
{
|
|
245
|
+
"id": "HITRUST-CSF-v11.4-09.l",
|
|
246
|
+
"framework": "HITRUST CSF v11.4",
|
|
247
|
+
"control_name": "Outsourced services management"
|
|
248
|
+
},
|
|
249
|
+
{
|
|
250
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
251
|
+
"framework": "ISO/IEC 27001:2022",
|
|
252
|
+
"control_name": "Secure coding"
|
|
253
|
+
},
|
|
254
|
+
{
|
|
255
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
256
|
+
"framework": "ISO/IEC 27001:2022",
|
|
257
|
+
"control_name": "Management of technical vulnerabilities"
|
|
258
|
+
},
|
|
259
|
+
{
|
|
260
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
261
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
262
|
+
"control_name": "AI risk management process"
|
|
263
|
+
},
|
|
264
|
+
{
|
|
265
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
266
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
267
|
+
"control_name": "AI risk assessment"
|
|
268
|
+
},
|
|
269
|
+
{
|
|
270
|
+
"id": "NIST-800-115",
|
|
271
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
272
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
273
|
+
},
|
|
274
|
+
{
|
|
275
|
+
"id": "NIST-800-218-SSDF",
|
|
276
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
277
|
+
"control_name": "Secure Software Development Framework"
|
|
278
|
+
},
|
|
279
|
+
{
|
|
280
|
+
"id": "NIST-800-53-AC-2",
|
|
281
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
282
|
+
"control_name": "Account Management"
|
|
283
|
+
},
|
|
284
|
+
{
|
|
285
|
+
"id": "NIST-800-53-SA-12",
|
|
286
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
287
|
+
"control_name": "Supply Chain Protection"
|
|
288
|
+
},
|
|
289
|
+
{
|
|
290
|
+
"id": "NIST-AI-RMF-MEASURE-2.5",
|
|
291
|
+
"framework": "NIST AI RMF 1.0",
|
|
292
|
+
"control_name": "AI system to human interaction evaluation"
|
|
293
|
+
},
|
|
294
|
+
{
|
|
295
|
+
"id": "OWASP-ASVS-v5.0-V14",
|
|
296
|
+
"framework": "OWASP ASVS v5.0",
|
|
297
|
+
"control_name": "Configuration verification"
|
|
298
|
+
},
|
|
299
|
+
{
|
|
300
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
301
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
302
|
+
"control_name": "Prompt Injection"
|
|
303
|
+
},
|
|
304
|
+
{
|
|
305
|
+
"id": "OWASP-LLM-Top-10-2025-LLM08",
|
|
306
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
307
|
+
"control_name": "Vector and Embedding Weaknesses"
|
|
308
|
+
},
|
|
309
|
+
{
|
|
310
|
+
"id": "SLSA-v1.0-Build-L3",
|
|
311
|
+
"framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
|
|
312
|
+
"control_name": "Hardened build platform with non-falsifiable provenance"
|
|
313
|
+
},
|
|
314
|
+
{
|
|
315
|
+
"id": "SOC2-CC9-vendor-management",
|
|
316
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
317
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
318
|
+
},
|
|
319
|
+
{
|
|
320
|
+
"id": "SPDX-v3.0-SBOM",
|
|
321
|
+
"framework": "SPDX v3.0 (ISO/IEC 5962-aligned SBOM standard)",
|
|
322
|
+
"control_name": "Software Package Data Exchange — SBOM"
|
|
323
|
+
},
|
|
324
|
+
{
|
|
325
|
+
"id": "SWIFT-CSCF-v2026-1.1",
|
|
326
|
+
"framework": "SWIFT Customer Security Controls Framework v2026",
|
|
327
|
+
"control_name": "SWIFT Environment Protection"
|
|
328
|
+
},
|
|
329
|
+
{
|
|
330
|
+
"id": "VEX-CSAF-v2.1",
|
|
331
|
+
"framework": "VEX via OASIS CSAF 2.1 (Common Security Advisory Framework)",
|
|
332
|
+
"control_name": "Vulnerability Exploitability eXchange profile"
|
|
333
|
+
}
|
|
334
|
+
],
|
|
335
|
+
"attack_refs": [
|
|
336
|
+
"T1059",
|
|
337
|
+
"T1078",
|
|
338
|
+
"T1190",
|
|
339
|
+
"T1195.001",
|
|
340
|
+
"T1195.002",
|
|
341
|
+
"T1505",
|
|
342
|
+
"T1554",
|
|
343
|
+
"T1565",
|
|
344
|
+
"T1567"
|
|
345
|
+
],
|
|
346
|
+
"rfc_refs": [
|
|
347
|
+
"RFC-6749",
|
|
348
|
+
"RFC-7519",
|
|
349
|
+
"RFC-8032",
|
|
350
|
+
"RFC-8446",
|
|
351
|
+
"RFC-8725",
|
|
352
|
+
"RFC-9114",
|
|
353
|
+
"RFC-9421",
|
|
354
|
+
"RFC-9700"
|
|
355
|
+
]
|
|
356
|
+
}
|
|
357
|
+
},
|
|
358
|
+
"MAL-2026-TRAPDOOR-CROSS-ECOSYSTEM": {
|
|
359
|
+
"name": "TrapDoor cross-ecosystem crypto-stealer + AI-assistant poisoning campaign (npm/PyPI/crates.io)",
|
|
360
|
+
"rwep": 55,
|
|
361
|
+
"cvss": 9.3,
|
|
362
|
+
"cisa_kev": false,
|
|
363
|
+
"epss_score": null,
|
|
364
|
+
"referencing_skills": [],
|
|
365
|
+
"chain": {
|
|
366
|
+
"cwes": [],
|
|
367
|
+
"atlas": [],
|
|
368
|
+
"d3fend": [],
|
|
369
|
+
"framework_gaps": [],
|
|
370
|
+
"attack_refs": [],
|
|
371
|
+
"rfc_refs": []
|
|
372
|
+
}
|
|
373
|
+
},
|
|
374
|
+
"MAL-2026-MOIKA-DEPCONFUSION": {
|
|
375
|
+
"name": "oob.moika.tech dependency-confusion credential-exfiltration campaign (internal-scope namespace squat)",
|
|
376
|
+
"rwep": 43,
|
|
377
|
+
"cvss": 8.6,
|
|
378
|
+
"cisa_kev": false,
|
|
379
|
+
"epss_score": null,
|
|
380
|
+
"referencing_skills": [
|
|
381
|
+
"fuzz-testing-strategy",
|
|
382
|
+
"supply-chain-integrity",
|
|
383
|
+
"coordinated-vuln-disclosure",
|
|
384
|
+
"threat-modeling-methodology",
|
|
385
|
+
"webapp-security",
|
|
386
|
+
"sector-federal-government",
|
|
387
|
+
"api-security",
|
|
388
|
+
"container-runtime-security",
|
|
389
|
+
"mlops-security"
|
|
390
|
+
],
|
|
391
|
+
"chain": {
|
|
392
|
+
"cwes": [
|
|
393
|
+
{
|
|
394
|
+
"id": "CWE-1188",
|
|
395
|
+
"name": "Initialization of a Resource with an Insecure Default",
|
|
396
|
+
"category": "Configuration"
|
|
397
|
+
},
|
|
398
|
+
{
|
|
399
|
+
"id": "CWE-125",
|
|
400
|
+
"name": "Out-of-bounds Read",
|
|
401
|
+
"category": "Memory Safety"
|
|
402
|
+
},
|
|
403
|
+
{
|
|
404
|
+
"id": "CWE-1357",
|
|
405
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
406
|
+
"category": "Supply Chain"
|
|
407
|
+
},
|
|
408
|
+
{
|
|
409
|
+
"id": "CWE-1395",
|
|
410
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
411
|
+
"category": "Supply Chain"
|
|
412
|
+
},
|
|
413
|
+
{
|
|
414
|
+
"id": "CWE-1426",
|
|
415
|
+
"name": "Improper Validation of Generative AI Output",
|
|
416
|
+
"category": "AI/ML"
|
|
417
|
+
},
|
|
418
|
+
{
|
|
419
|
+
"id": "CWE-20",
|
|
420
|
+
"name": "Improper Input Validation",
|
|
421
|
+
"category": "Validation"
|
|
422
|
+
},
|
|
423
|
+
{
|
|
424
|
+
"id": "CWE-200",
|
|
425
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
426
|
+
"category": "Information Exposure"
|
|
427
|
+
},
|
|
428
|
+
{
|
|
429
|
+
"id": "CWE-22",
|
|
430
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
431
|
+
"category": "Path/Resource"
|
|
432
|
+
},
|
|
433
|
+
{
|
|
434
|
+
"id": "CWE-269",
|
|
435
|
+
"name": "Improper Privilege Management",
|
|
436
|
+
"category": "Authorization"
|
|
437
|
+
},
|
|
438
|
+
{
|
|
439
|
+
"id": "CWE-287",
|
|
440
|
+
"name": "Improper Authentication",
|
|
441
|
+
"category": "Authentication"
|
|
442
|
+
},
|
|
443
|
+
{
|
|
444
|
+
"id": "CWE-352",
|
|
445
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
446
|
+
"category": "Session"
|
|
447
|
+
},
|
|
448
|
+
{
|
|
449
|
+
"id": "CWE-362",
|
|
450
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
451
|
+
"category": "Concurrency"
|
|
452
|
+
},
|
|
453
|
+
{
|
|
454
|
+
"id": "CWE-416",
|
|
455
|
+
"name": "Use After Free",
|
|
456
|
+
"category": "Memory Safety"
|
|
457
|
+
},
|
|
458
|
+
{
|
|
459
|
+
"id": "CWE-434",
|
|
460
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
461
|
+
"category": "File Handling"
|
|
462
|
+
},
|
|
463
|
+
{
|
|
464
|
+
"id": "CWE-494",
|
|
465
|
+
"name": "Download of Code Without Integrity Check",
|
|
466
|
+
"category": "Supply Chain"
|
|
467
|
+
},
|
|
468
|
+
{
|
|
469
|
+
"id": "CWE-502",
|
|
470
|
+
"name": "Deserialization of Untrusted Data",
|
|
471
|
+
"category": "Serialization"
|
|
472
|
+
},
|
|
473
|
+
{
|
|
474
|
+
"id": "CWE-732",
|
|
475
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
476
|
+
"category": "Authorization"
|
|
477
|
+
},
|
|
478
|
+
{
|
|
479
|
+
"id": "CWE-77",
|
|
480
|
+
"name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
|
|
481
|
+
"category": "Injection"
|
|
482
|
+
},
|
|
483
|
+
{
|
|
484
|
+
"id": "CWE-78",
|
|
485
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
486
|
+
"category": "Injection"
|
|
487
|
+
},
|
|
488
|
+
{
|
|
489
|
+
"id": "CWE-787",
|
|
490
|
+
"name": "Out-of-bounds Write",
|
|
491
|
+
"category": "Memory Safety"
|
|
492
|
+
},
|
|
493
|
+
{
|
|
494
|
+
"id": "CWE-79",
|
|
495
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
496
|
+
"category": "Injection"
|
|
497
|
+
},
|
|
498
|
+
{
|
|
499
|
+
"id": "CWE-829",
|
|
500
|
+
"name": "Inclusion of Functionality from Untrusted Control Sphere",
|
|
501
|
+
"category": "Supply Chain"
|
|
502
|
+
},
|
|
503
|
+
{
|
|
504
|
+
"id": "CWE-862",
|
|
505
|
+
"name": "Missing Authorization",
|
|
506
|
+
"category": "Authorization"
|
|
507
|
+
},
|
|
508
|
+
{
|
|
509
|
+
"id": "CWE-863",
|
|
510
|
+
"name": "Incorrect Authorization",
|
|
511
|
+
"category": "Authorization"
|
|
512
|
+
},
|
|
513
|
+
{
|
|
514
|
+
"id": "CWE-89",
|
|
515
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
516
|
+
"category": "Injection"
|
|
517
|
+
},
|
|
518
|
+
{
|
|
519
|
+
"id": "CWE-918",
|
|
520
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
521
|
+
"category": "Network"
|
|
522
|
+
},
|
|
523
|
+
{
|
|
524
|
+
"id": "CWE-94",
|
|
525
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
526
|
+
"category": "Injection"
|
|
527
|
+
}
|
|
528
|
+
],
|
|
529
|
+
"atlas": [
|
|
530
|
+
{
|
|
531
|
+
"id": "AML.T0010",
|
|
532
|
+
"name": "ML Supply Chain Compromise",
|
|
533
|
+
"tactic": "Initial Access"
|
|
534
|
+
},
|
|
535
|
+
{
|
|
536
|
+
"id": "AML.T0017",
|
|
537
|
+
"name": "Discover ML Model Ontology",
|
|
538
|
+
"tactic": "Discovery"
|
|
539
|
+
},
|
|
540
|
+
{
|
|
541
|
+
"id": "AML.T0018",
|
|
542
|
+
"name": "Backdoor ML Model",
|
|
543
|
+
"tactic": "Persistence"
|
|
544
|
+
},
|
|
545
|
+
{
|
|
546
|
+
"id": "AML.T0020",
|
|
547
|
+
"name": "Poison Training Data",
|
|
548
|
+
"tactic": "ML Attack Staging"
|
|
549
|
+
},
|
|
550
|
+
{
|
|
551
|
+
"id": "AML.T0043",
|
|
552
|
+
"name": "Craft Adversarial Data",
|
|
553
|
+
"tactic": "ML Attack Staging"
|
|
554
|
+
},
|
|
555
|
+
{
|
|
556
|
+
"id": "AML.T0051",
|
|
557
|
+
"name": "LLM Prompt Injection",
|
|
558
|
+
"tactic": "Execution"
|
|
559
|
+
},
|
|
560
|
+
{
|
|
561
|
+
"id": "AML.T0096",
|
|
562
|
+
"name": "AI API as Covert C2 Channel",
|
|
563
|
+
"tactic": "Command and Control"
|
|
564
|
+
}
|
|
565
|
+
],
|
|
566
|
+
"d3fend": [
|
|
567
|
+
{
|
|
568
|
+
"id": "D3-CBAN",
|
|
569
|
+
"name": "Certificate-based Authentication",
|
|
570
|
+
"tactic": "Harden"
|
|
571
|
+
},
|
|
572
|
+
{
|
|
573
|
+
"id": "D3-EAL",
|
|
574
|
+
"name": "Executable Allowlisting",
|
|
575
|
+
"tactic": "Harden"
|
|
576
|
+
},
|
|
577
|
+
{
|
|
578
|
+
"id": "D3-EHB",
|
|
579
|
+
"name": "Executable Hashbased Allowlist",
|
|
580
|
+
"tactic": "Harden"
|
|
581
|
+
},
|
|
582
|
+
{
|
|
583
|
+
"id": "D3-IOPR",
|
|
584
|
+
"name": "Input/Output Profiling Resource",
|
|
585
|
+
"tactic": "Detect"
|
|
586
|
+
},
|
|
587
|
+
{
|
|
588
|
+
"id": "D3-PSEP",
|
|
589
|
+
"name": "Process Segment Execution Prevention",
|
|
590
|
+
"tactic": "Harden"
|
|
591
|
+
}
|
|
592
|
+
],
|
|
593
|
+
"framework_gaps": [
|
|
594
|
+
{
|
|
595
|
+
"id": "CMMC-2.0-Level-2",
|
|
596
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
597
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
598
|
+
},
|
|
599
|
+
{
|
|
600
|
+
"id": "CycloneDX-v1.6-SBOM",
|
|
601
|
+
"framework": "CycloneDX v1.6 (OWASP SBOM standard)",
|
|
602
|
+
"control_name": "Software Bill of Materials"
|
|
603
|
+
},
|
|
604
|
+
{
|
|
605
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
606
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
607
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
608
|
+
},
|
|
609
|
+
{
|
|
610
|
+
"id": "HITRUST-CSF-v11.4-09.l",
|
|
611
|
+
"framework": "HITRUST CSF v11.4",
|
|
612
|
+
"control_name": "Outsourced services management"
|
|
613
|
+
},
|
|
614
|
+
{
|
|
615
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
616
|
+
"framework": "ISO/IEC 27001:2022",
|
|
617
|
+
"control_name": "Secure coding"
|
|
618
|
+
},
|
|
619
|
+
{
|
|
620
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
621
|
+
"framework": "ISO/IEC 27001:2022",
|
|
622
|
+
"control_name": "Management of technical vulnerabilities"
|
|
623
|
+
},
|
|
624
|
+
{
|
|
625
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
626
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
627
|
+
"control_name": "AI risk management process"
|
|
628
|
+
},
|
|
629
|
+
{
|
|
630
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
631
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
632
|
+
"control_name": "AI risk assessment"
|
|
633
|
+
},
|
|
634
|
+
{
|
|
635
|
+
"id": "NIST-800-115",
|
|
636
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
637
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
638
|
+
},
|
|
639
|
+
{
|
|
640
|
+
"id": "NIST-800-218-SSDF",
|
|
641
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
642
|
+
"control_name": "Secure Software Development Framework"
|
|
643
|
+
},
|
|
644
|
+
{
|
|
645
|
+
"id": "NIST-800-53-AC-2",
|
|
646
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
647
|
+
"control_name": "Account Management"
|
|
648
|
+
},
|
|
649
|
+
{
|
|
650
|
+
"id": "NIST-800-53-CM-7",
|
|
651
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
652
|
+
"control_name": "Least Functionality"
|
|
653
|
+
},
|
|
654
|
+
{
|
|
655
|
+
"id": "NIST-800-53-SA-12",
|
|
656
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
657
|
+
"control_name": "Supply Chain Protection"
|
|
658
|
+
},
|
|
659
|
+
{
|
|
660
|
+
"id": "NIST-AI-RMF-MEASURE-2.5",
|
|
661
|
+
"framework": "NIST AI RMF 1.0",
|
|
662
|
+
"control_name": "AI system to human interaction evaluation"
|
|
663
|
+
},
|
|
664
|
+
{
|
|
665
|
+
"id": "OWASP-ASVS-v5.0-V14",
|
|
666
|
+
"framework": "OWASP ASVS v5.0",
|
|
667
|
+
"control_name": "Configuration verification"
|
|
668
|
+
},
|
|
669
|
+
{
|
|
670
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
671
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
672
|
+
"control_name": "Prompt Injection"
|
|
673
|
+
},
|
|
674
|
+
{
|
|
675
|
+
"id": "OWASP-LLM-Top-10-2025-LLM08",
|
|
676
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
677
|
+
"control_name": "Vector and Embedding Weaknesses"
|
|
678
|
+
},
|
|
679
|
+
{
|
|
680
|
+
"id": "SLSA-v1.0-Build-L3",
|
|
681
|
+
"framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
|
|
682
|
+
"control_name": "Hardened build platform with non-falsifiable provenance"
|
|
683
|
+
},
|
|
684
|
+
{
|
|
685
|
+
"id": "SOC2-CC9-vendor-management",
|
|
686
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
687
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
688
|
+
},
|
|
689
|
+
{
|
|
690
|
+
"id": "SPDX-v3.0-SBOM",
|
|
691
|
+
"framework": "SPDX v3.0 (ISO/IEC 5962-aligned SBOM standard)",
|
|
692
|
+
"control_name": "Software Package Data Exchange — SBOM"
|
|
693
|
+
},
|
|
694
|
+
{
|
|
695
|
+
"id": "SWIFT-CSCF-v2026-1.1",
|
|
696
|
+
"framework": "SWIFT Customer Security Controls Framework v2026",
|
|
697
|
+
"control_name": "SWIFT Environment Protection"
|
|
698
|
+
},
|
|
699
|
+
{
|
|
700
|
+
"id": "VEX-CSAF-v2.1",
|
|
701
|
+
"framework": "VEX via OASIS CSAF 2.1 (Common Security Advisory Framework)",
|
|
702
|
+
"control_name": "Vulnerability Exploitability eXchange profile"
|
|
703
|
+
}
|
|
704
|
+
],
|
|
705
|
+
"attack_refs": [
|
|
706
|
+
"T1059",
|
|
707
|
+
"T1068",
|
|
708
|
+
"T1078",
|
|
709
|
+
"T1190",
|
|
710
|
+
"T1195.001",
|
|
711
|
+
"T1195.002",
|
|
712
|
+
"T1505",
|
|
713
|
+
"T1554",
|
|
714
|
+
"T1565",
|
|
715
|
+
"T1567",
|
|
716
|
+
"T1610",
|
|
717
|
+
"T1611"
|
|
718
|
+
],
|
|
719
|
+
"rfc_refs": [
|
|
720
|
+
"RFC-6749",
|
|
721
|
+
"RFC-7519",
|
|
722
|
+
"RFC-8032",
|
|
723
|
+
"RFC-8446",
|
|
724
|
+
"RFC-8725",
|
|
725
|
+
"RFC-9114",
|
|
726
|
+
"RFC-9421",
|
|
727
|
+
"RFC-9700"
|
|
728
|
+
]
|
|
729
|
+
}
|
|
730
|
+
},
|
|
10
731
|
"CVE-2025-0282": {
|
|
11
732
|
"name": "Ivanti Connect Secure / Policy Secure / Neurons for ZTA stack-overflow preauth RCE",
|
|
12
733
|
"rwep": 85,
|
|
@@ -78808,8 +79529,10 @@
|
|
|
78808
79529
|
"rfc_refs": []
|
|
78809
79530
|
},
|
|
78810
79531
|
"related_cves": [
|
|
79532
|
+
"CVE-2022-23812",
|
|
78811
79533
|
"CVE-2026-45321",
|
|
78812
79534
|
"MAL-2026-3083",
|
|
79535
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
78813
79536
|
"MAL-2026-NODE-IPC-STEALER"
|
|
78814
79537
|
]
|
|
78815
79538
|
},
|
|
@@ -79020,6 +79743,7 @@
|
|
|
79020
79743
|
"related_cves": [
|
|
79021
79744
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
79022
79745
|
"CVE-2022-1471",
|
|
79746
|
+
"CVE-2022-23812",
|
|
79023
79747
|
"CVE-2023-43472",
|
|
79024
79748
|
"CVE-2023-43654",
|
|
79025
79749
|
"CVE-2023-44467",
|
|
@@ -79132,6 +79856,7 @@
|
|
|
79132
79856
|
"CVE-2026-9082",
|
|
79133
79857
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
79134
79858
|
"MAL-2026-3083",
|
|
79859
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
79135
79860
|
"MAL-2026-NODE-IPC-STEALER"
|
|
79136
79861
|
]
|
|
79137
79862
|
},
|
|
@@ -79309,6 +80034,7 @@
|
|
|
79309
80034
|
},
|
|
79310
80035
|
"related_cves": [
|
|
79311
80036
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
80037
|
+
"CVE-2022-23812",
|
|
79312
80038
|
"CVE-2023-43472",
|
|
79313
80039
|
"CVE-2023-6016",
|
|
79314
80040
|
"CVE-2023-6571",
|
|
@@ -79351,6 +80077,7 @@
|
|
|
79351
80077
|
"CVE-2026-5760",
|
|
79352
80078
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
79353
80079
|
"MAL-2026-3083",
|
|
80080
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
79354
80081
|
"MAL-2026-NODE-IPC-STEALER"
|
|
79355
80082
|
]
|
|
79356
80083
|
},
|
|
@@ -79482,6 +80209,7 @@
|
|
|
79482
80209
|
},
|
|
79483
80210
|
"related_cves": [
|
|
79484
80211
|
"CVE-2022-1471",
|
|
80212
|
+
"CVE-2022-23812",
|
|
79485
80213
|
"CVE-2023-43472",
|
|
79486
80214
|
"CVE-2023-43654",
|
|
79487
80215
|
"CVE-2023-44467",
|
|
@@ -79585,6 +80313,7 @@
|
|
|
79585
80313
|
"CVE-2026-5760",
|
|
79586
80314
|
"CVE-2026-9082",
|
|
79587
80315
|
"MAL-2026-3083",
|
|
80316
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
79588
80317
|
"MAL-2026-NODE-IPC-STEALER"
|
|
79589
80318
|
]
|
|
79590
80319
|
},
|
|
@@ -79705,6 +80434,7 @@
|
|
|
79705
80434
|
},
|
|
79706
80435
|
"related_cves": [
|
|
79707
80436
|
"CVE-2022-1471",
|
|
80437
|
+
"CVE-2022-23812",
|
|
79708
80438
|
"CVE-2023-43472",
|
|
79709
80439
|
"CVE-2023-43654",
|
|
79710
80440
|
"CVE-2023-44467",
|
|
@@ -79808,6 +80538,7 @@
|
|
|
79808
80538
|
"CVE-2026-5760",
|
|
79809
80539
|
"CVE-2026-9082",
|
|
79810
80540
|
"MAL-2026-3083",
|
|
80541
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
79811
80542
|
"MAL-2026-NODE-IPC-STEALER"
|
|
79812
80543
|
]
|
|
79813
80544
|
},
|
|
@@ -79942,6 +80673,7 @@
|
|
|
79942
80673
|
},
|
|
79943
80674
|
"related_cves": [
|
|
79944
80675
|
"CVE-2022-1471",
|
|
80676
|
+
"CVE-2022-23812",
|
|
79945
80677
|
"CVE-2023-43472",
|
|
79946
80678
|
"CVE-2023-43654",
|
|
79947
80679
|
"CVE-2023-44467",
|
|
@@ -80045,6 +80777,7 @@
|
|
|
80045
80777
|
"CVE-2026-5760",
|
|
80046
80778
|
"CVE-2026-9082",
|
|
80047
80779
|
"MAL-2026-3083",
|
|
80780
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
80048
80781
|
"MAL-2026-NODE-IPC-STEALER"
|
|
80049
80782
|
]
|
|
80050
80783
|
},
|
|
@@ -80283,6 +81016,7 @@
|
|
|
80283
81016
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
80284
81017
|
"BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
|
|
80285
81018
|
"CVE-2022-1471",
|
|
81019
|
+
"CVE-2022-23812",
|
|
80286
81020
|
"CVE-2022-36551",
|
|
80287
81021
|
"CVE-2023-43472",
|
|
80288
81022
|
"CVE-2023-43654",
|
|
@@ -80403,6 +81137,7 @@
|
|
|
80403
81137
|
"CVE-2026-5760",
|
|
80404
81138
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
80405
81139
|
"MAL-2026-3083",
|
|
81140
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
80406
81141
|
"MAL-2026-NODE-IPC-STEALER"
|
|
80407
81142
|
]
|
|
80408
81143
|
},
|
|
@@ -80583,6 +81318,7 @@
|
|
|
80583
81318
|
"CVE-2021-43798",
|
|
80584
81319
|
"CVE-2022-1471",
|
|
80585
81320
|
"CVE-2022-20775",
|
|
81321
|
+
"CVE-2022-23812",
|
|
80586
81322
|
"CVE-2022-37055",
|
|
80587
81323
|
"CVE-2022-40799",
|
|
80588
81324
|
"CVE-2022-48503",
|
|
@@ -80887,6 +81623,7 @@
|
|
|
80887
81623
|
"CVE-2026-6973",
|
|
80888
81624
|
"CVE-2026-9082",
|
|
80889
81625
|
"MAL-2026-3083",
|
|
81626
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
80890
81627
|
"MAL-2026-NODE-IPC-STEALER"
|
|
80891
81628
|
]
|
|
80892
81629
|
},
|
|
@@ -81101,6 +81838,7 @@
|
|
|
81101
81838
|
"related_cves": [
|
|
81102
81839
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
81103
81840
|
"BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
|
|
81841
|
+
"CVE-2022-23812",
|
|
81104
81842
|
"CVE-2022-36551",
|
|
81105
81843
|
"CVE-2023-43472",
|
|
81106
81844
|
"CVE-2023-43791",
|
|
@@ -81173,6 +81911,7 @@
|
|
|
81173
81911
|
"CVE-2026-5760",
|
|
81174
81912
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
81175
81913
|
"MAL-2026-3083",
|
|
81914
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
81176
81915
|
"MAL-2026-NODE-IPC-STEALER"
|
|
81177
81916
|
]
|
|
81178
81917
|
},
|
|
@@ -81509,6 +82248,7 @@
|
|
|
81509
82248
|
"related_cves": [
|
|
81510
82249
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
81511
82250
|
"CVE-2022-1471",
|
|
82251
|
+
"CVE-2022-23812",
|
|
81512
82252
|
"CVE-2023-43472",
|
|
81513
82253
|
"CVE-2023-43654",
|
|
81514
82254
|
"CVE-2023-44467",
|
|
@@ -81621,6 +82361,7 @@
|
|
|
81621
82361
|
"CVE-2026-9082",
|
|
81622
82362
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
81623
82363
|
"MAL-2026-3083",
|
|
82364
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
81624
82365
|
"MAL-2026-NODE-IPC-STEALER",
|
|
81625
82366
|
"MAL-2026-SHAI-HULUD-OSS"
|
|
81626
82367
|
]
|
|
@@ -82174,6 +82915,7 @@
|
|
|
82174
82915
|
"related_cves": [
|
|
82175
82916
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
82176
82917
|
"CVE-2022-1471",
|
|
82918
|
+
"CVE-2022-23812",
|
|
82177
82919
|
"CVE-2023-43472",
|
|
82178
82920
|
"CVE-2023-43654",
|
|
82179
82921
|
"CVE-2023-44467",
|
|
@@ -82286,6 +83028,7 @@
|
|
|
82286
83028
|
"CVE-2026-9082",
|
|
82287
83029
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
82288
83030
|
"MAL-2026-3083",
|
|
83031
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
82289
83032
|
"MAL-2026-NODE-IPC-STEALER"
|
|
82290
83033
|
]
|
|
82291
83034
|
},
|
|
@@ -83201,6 +83944,7 @@
|
|
|
83201
83944
|
"related_cves": [
|
|
83202
83945
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
83203
83946
|
"CVE-2022-1471",
|
|
83947
|
+
"CVE-2022-23812",
|
|
83204
83948
|
"CVE-2023-43472",
|
|
83205
83949
|
"CVE-2023-43654",
|
|
83206
83950
|
"CVE-2023-44467",
|
|
@@ -83313,6 +84057,7 @@
|
|
|
83313
84057
|
"CVE-2026-9082",
|
|
83314
84058
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
83315
84059
|
"MAL-2026-3083",
|
|
84060
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
83316
84061
|
"MAL-2026-NODE-IPC-STEALER"
|
|
83317
84062
|
]
|
|
83318
84063
|
},
|
|
@@ -83493,6 +84238,7 @@
|
|
|
83493
84238
|
"CVE-2021-43798",
|
|
83494
84239
|
"CVE-2022-1471",
|
|
83495
84240
|
"CVE-2022-20775",
|
|
84241
|
+
"CVE-2022-23812",
|
|
83496
84242
|
"CVE-2022-37055",
|
|
83497
84243
|
"CVE-2022-40799",
|
|
83498
84244
|
"CVE-2022-48503",
|
|
@@ -83797,6 +84543,7 @@
|
|
|
83797
84543
|
"CVE-2026-6973",
|
|
83798
84544
|
"CVE-2026-9082",
|
|
83799
84545
|
"MAL-2026-3083",
|
|
84546
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
83800
84547
|
"MAL-2026-NODE-IPC-STEALER"
|
|
83801
84548
|
]
|
|
83802
84549
|
},
|
|
@@ -83963,6 +84710,7 @@
|
|
|
83963
84710
|
"CVE-2021-43798",
|
|
83964
84711
|
"CVE-2022-1471",
|
|
83965
84712
|
"CVE-2022-20775",
|
|
84713
|
+
"CVE-2022-23812",
|
|
83966
84714
|
"CVE-2022-37055",
|
|
83967
84715
|
"CVE-2022-40799",
|
|
83968
84716
|
"CVE-2022-48503",
|
|
@@ -84267,6 +85015,7 @@
|
|
|
84267
85015
|
"CVE-2026-6973",
|
|
84268
85016
|
"CVE-2026-9082",
|
|
84269
85017
|
"MAL-2026-3083",
|
|
85018
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
84270
85019
|
"MAL-2026-NODE-IPC-STEALER"
|
|
84271
85020
|
]
|
|
84272
85021
|
},
|
|
@@ -84479,6 +85228,7 @@
|
|
|
84479
85228
|
"related_cves": [
|
|
84480
85229
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
84481
85230
|
"CVE-2022-1471",
|
|
85231
|
+
"CVE-2022-23812",
|
|
84482
85232
|
"CVE-2023-43472",
|
|
84483
85233
|
"CVE-2023-43654",
|
|
84484
85234
|
"CVE-2023-44467",
|
|
@@ -84591,6 +85341,7 @@
|
|
|
84591
85341
|
"CVE-2026-9082",
|
|
84592
85342
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
84593
85343
|
"MAL-2026-3083",
|
|
85344
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
84594
85345
|
"MAL-2026-NODE-IPC-STEALER"
|
|
84595
85346
|
]
|
|
84596
85347
|
},
|
|
@@ -84781,6 +85532,7 @@
|
|
|
84781
85532
|
},
|
|
84782
85533
|
"related_cves": [
|
|
84783
85534
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
85535
|
+
"CVE-2022-23812",
|
|
84784
85536
|
"CVE-2023-6016",
|
|
84785
85537
|
"CVE-2024-12366",
|
|
84786
85538
|
"CVE-2024-24590",
|
|
@@ -84804,6 +85556,7 @@
|
|
|
84804
85556
|
"CVE-2026-48027",
|
|
84805
85557
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
84806
85558
|
"MAL-2026-3083",
|
|
85559
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
84807
85560
|
"MAL-2026-NODE-IPC-STEALER",
|
|
84808
85561
|
"MAL-2026-SHAI-HULUD-OSS"
|
|
84809
85562
|
]
|
|
@@ -84987,6 +85740,7 @@
|
|
|
84987
85740
|
]
|
|
84988
85741
|
},
|
|
84989
85742
|
"related_cves": [
|
|
85743
|
+
"CVE-2022-23812",
|
|
84990
85744
|
"CVE-2023-43472",
|
|
84991
85745
|
"CVE-2023-6016",
|
|
84992
85746
|
"CVE-2023-6571",
|
|
@@ -85024,6 +85778,7 @@
|
|
|
85024
85778
|
"CVE-2026-45321",
|
|
85025
85779
|
"CVE-2026-5760",
|
|
85026
85780
|
"MAL-2026-3083",
|
|
85781
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
85027
85782
|
"MAL-2026-NODE-IPC-STEALER",
|
|
85028
85783
|
"MAL-2026-SHAI-HULUD-OSS"
|
|
85029
85784
|
]
|
|
@@ -85944,6 +86699,7 @@
|
|
|
85944
86699
|
"related_cves": [
|
|
85945
86700
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
85946
86701
|
"CVE-2022-1471",
|
|
86702
|
+
"CVE-2022-23812",
|
|
85947
86703
|
"CVE-2023-43472",
|
|
85948
86704
|
"CVE-2023-43654",
|
|
85949
86705
|
"CVE-2023-44467",
|
|
@@ -86056,6 +86812,7 @@
|
|
|
86056
86812
|
"CVE-2026-9082",
|
|
86057
86813
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
86058
86814
|
"MAL-2026-3083",
|
|
86815
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
86059
86816
|
"MAL-2026-NODE-IPC-STEALER",
|
|
86060
86817
|
"MAL-2026-SHAI-HULUD-OSS"
|
|
86061
86818
|
]
|
|
@@ -86313,6 +87070,7 @@
|
|
|
86313
87070
|
"CVE-2021-43798",
|
|
86314
87071
|
"CVE-2022-1471",
|
|
86315
87072
|
"CVE-2022-20775",
|
|
87073
|
+
"CVE-2022-23812",
|
|
86316
87074
|
"CVE-2022-37055",
|
|
86317
87075
|
"CVE-2022-40799",
|
|
86318
87076
|
"CVE-2022-48503",
|
|
@@ -86646,6 +87404,7 @@
|
|
|
86646
87404
|
"CVE-2026-6973",
|
|
86647
87405
|
"CVE-2026-9082",
|
|
86648
87406
|
"MAL-2026-3083",
|
|
87407
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
86649
87408
|
"MAL-2026-NODE-IPC-STEALER",
|
|
86650
87409
|
"MAL-2026-SHAI-HULUD-OSS"
|
|
86651
87410
|
]
|
|
@@ -87142,12 +87901,14 @@
|
|
|
87142
87901
|
]
|
|
87143
87902
|
},
|
|
87144
87903
|
"related_cves": [
|
|
87904
|
+
"CVE-2022-23812",
|
|
87145
87905
|
"CVE-2024-3094",
|
|
87146
87906
|
"CVE-2025-30066",
|
|
87147
87907
|
"CVE-2025-30154",
|
|
87148
87908
|
"CVE-2026-30615",
|
|
87149
87909
|
"CVE-2026-45321",
|
|
87150
87910
|
"MAL-2026-3083",
|
|
87911
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
87151
87912
|
"MAL-2026-NODE-IPC-STEALER",
|
|
87152
87913
|
"MAL-2026-SHAI-HULUD-OSS"
|
|
87153
87914
|
]
|
|
@@ -87328,6 +88089,7 @@
|
|
|
87328
88089
|
},
|
|
87329
88090
|
"related_cves": [
|
|
87330
88091
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
88092
|
+
"CVE-2022-23812",
|
|
87331
88093
|
"CVE-2023-43472",
|
|
87332
88094
|
"CVE-2023-6016",
|
|
87333
88095
|
"CVE-2023-6571",
|
|
@@ -87370,6 +88132,7 @@
|
|
|
87370
88132
|
"CVE-2026-5760",
|
|
87371
88133
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
87372
88134
|
"MAL-2026-3083",
|
|
88135
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
87373
88136
|
"MAL-2026-NODE-IPC-STEALER"
|
|
87374
88137
|
]
|
|
87375
88138
|
},
|
|
@@ -87639,6 +88402,7 @@
|
|
|
87639
88402
|
]
|
|
87640
88403
|
},
|
|
87641
88404
|
"related_cves": [
|
|
88405
|
+
"CVE-2022-23812",
|
|
87642
88406
|
"CVE-2023-43472",
|
|
87643
88407
|
"CVE-2023-6016",
|
|
87644
88408
|
"CVE-2023-6571",
|
|
@@ -87679,6 +88443,7 @@
|
|
|
87679
88443
|
"CVE-2026-5760",
|
|
87680
88444
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
87681
88445
|
"MAL-2026-3083",
|
|
88446
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
87682
88447
|
"MAL-2026-NODE-IPC-STEALER"
|
|
87683
88448
|
]
|
|
87684
88449
|
},
|
|
@@ -87978,6 +88743,7 @@
|
|
|
87978
88743
|
"related_cves": [
|
|
87979
88744
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
87980
88745
|
"CVE-2022-1471",
|
|
88746
|
+
"CVE-2022-23812",
|
|
87981
88747
|
"CVE-2023-43472",
|
|
87982
88748
|
"CVE-2023-43654",
|
|
87983
88749
|
"CVE-2023-44467",
|
|
@@ -88090,6 +88856,7 @@
|
|
|
88090
88856
|
"CVE-2026-9082",
|
|
88091
88857
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
88092
88858
|
"MAL-2026-3083",
|
|
88859
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
88093
88860
|
"MAL-2026-NODE-IPC-STEALER"
|
|
88094
88861
|
]
|
|
88095
88862
|
},
|
|
@@ -88611,6 +89378,7 @@
|
|
|
88611
89378
|
},
|
|
88612
89379
|
"related_cves": [
|
|
88613
89380
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
89381
|
+
"CVE-2022-23812",
|
|
88614
89382
|
"CVE-2023-43472",
|
|
88615
89383
|
"CVE-2023-6016",
|
|
88616
89384
|
"CVE-2023-6571",
|
|
@@ -88653,6 +89421,7 @@
|
|
|
88653
89421
|
"CVE-2026-5760",
|
|
88654
89422
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
88655
89423
|
"MAL-2026-3083",
|
|
89424
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
88656
89425
|
"MAL-2026-NODE-IPC-STEALER",
|
|
88657
89426
|
"MAL-2026-SHAI-HULUD-OSS"
|
|
88658
89427
|
]
|
|
@@ -88859,6 +89628,7 @@
|
|
|
88859
89628
|
"CVE-2021-43798",
|
|
88860
89629
|
"CVE-2022-1471",
|
|
88861
89630
|
"CVE-2022-20775",
|
|
89631
|
+
"CVE-2022-23812",
|
|
88862
89632
|
"CVE-2022-37055",
|
|
88863
89633
|
"CVE-2022-40799",
|
|
88864
89634
|
"CVE-2022-48503",
|
|
@@ -89142,6 +89912,7 @@
|
|
|
89142
89912
|
"CVE-2026-5281",
|
|
89143
89913
|
"CVE-2026-9082",
|
|
89144
89914
|
"MAL-2026-3083",
|
|
89915
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
89145
89916
|
"MAL-2026-NODE-IPC-STEALER",
|
|
89146
89917
|
"MAL-2026-SHAI-HULUD-OSS"
|
|
89147
89918
|
]
|
|
@@ -89359,6 +90130,7 @@
|
|
|
89359
90130
|
"related_cves": [
|
|
89360
90131
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
89361
90132
|
"CVE-2022-1471",
|
|
90133
|
+
"CVE-2022-23812",
|
|
89362
90134
|
"CVE-2023-43472",
|
|
89363
90135
|
"CVE-2023-43654",
|
|
89364
90136
|
"CVE-2023-44467",
|
|
@@ -89468,6 +90240,7 @@
|
|
|
89468
90240
|
"CVE-2026-5760",
|
|
89469
90241
|
"CVE-2026-9082",
|
|
89470
90242
|
"MAL-2026-3083",
|
|
90243
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
89471
90244
|
"MAL-2026-NODE-IPC-STEALER",
|
|
89472
90245
|
"MAL-2026-SHAI-HULUD-OSS"
|
|
89473
90246
|
]
|
|
@@ -89715,6 +90488,7 @@
|
|
|
89715
90488
|
"BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
|
|
89716
90489
|
"BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
|
|
89717
90490
|
"CVE-2022-1471",
|
|
90491
|
+
"CVE-2022-23812",
|
|
89718
90492
|
"CVE-2022-36551",
|
|
89719
90493
|
"CVE-2023-43472",
|
|
89720
90494
|
"CVE-2023-43654",
|
|
@@ -89839,6 +90613,7 @@
|
|
|
89839
90613
|
"CVE-2026-5760",
|
|
89840
90614
|
"MAL-2024-PYPI-ULTRALYTICS-XMRIG",
|
|
89841
90615
|
"MAL-2026-3083",
|
|
90616
|
+
"MAL-2026-MOIKA-DEPCONFUSION",
|
|
89842
90617
|
"MAL-2026-NODE-IPC-STEALER",
|
|
89843
90618
|
"MAL-2026-SHAI-HULUD-OSS"
|
|
89844
90619
|
]
|