@blamejs/exceptd-skills 0.15.7 → 0.15.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +5 -5
- package/data/attack-techniques.json +9 -0
- package/data/cve-catalog.json +228 -79
- package/data/zeroday-lessons.json +580 -188
- package/manifest.json +44 -44
- package/package.json +1 -1
- package/sbom.cdx.json +18 -18
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.15.9 — 2026-05-29
|
|
4
|
+
|
|
5
|
+
Draft-curation pass 7 — network devices and the Ivanti EPMM chain. Seven CISA KEV-listed unauthenticated CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: D-Link DIR-823X command injection (CVE-2025-29635), router buffer overflow (CVE-2022-37055), DCS-2530L/2670L camera code execution (CVE-2020-25078) and command injection (CVE-2020-25079), DNR-322L download-without-integrity (CVE-2022-40799), and the Ivanti EPMM authentication-bypass + code-injection preauth chain (CVE-2025-4427, CVE-2025-4428). The device lessons note that end-of-life consumer hardware is unpatchable, making network isolation the load-bearing control, and that firmware implants survive a reboot without a reflash.
|
|
6
|
+
|
|
7
|
+
## 0.15.8 — 2026-05-29
|
|
8
|
+
|
|
9
|
+
Draft-curation pass 6 — Cisco network devices. Seven CISA KEV-listed Cisco CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: SD-WAN path traversal (CVE-2022-20775), multi-product improper input validation (CVE-2025-20393), IOS/IOS XE SNMP DoS+RCE (CVE-2025-20352), the Secure Firewall ASA/FTD missing-authorization (CVE-2025-20362) and buffer-overflow (CVE-2025-20333) chain, and the Identity Services Engine injection pair (CVE-2025-20337, CVE-2025-20281). The ASA and device lessons note that network-device implants survive patching without explicit recovery steps.
|
|
10
|
+
|
|
3
11
|
## 0.15.7 — 2026-05-29
|
|
4
12
|
|
|
5
13
|
Draft-curation pass 5 — Fortinet network appliances. Six CISA KEV-listed Fortinet CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: FortiWeb OS command injection (CVE-2025-58034), path traversal (CVE-2025-64446), and SQL injection (CVE-2025-25257); FortiOS hard-coded credentials (CVE-2019-6693); and the multi-product improper-signature-verification (CVE-2025-59718) and stack-based buffer overflow (CVE-2025-32756).
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-
|
|
3
|
+
"generated_at": "2026-05-29T19:05:45.348Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 54,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
7
|
+
"manifest.json": "9326c5db334d5bffb0c9dcd04232e4a27d69f50797e7057a8a052dfd332f1b82",
|
|
8
8
|
"data/atlas-ttps.json": "878b4a08bb73c8d20396d85cf433a88f2bc5e7a8cbf7f6ab773ce7ede0a11251",
|
|
9
|
-
"data/attack-techniques.json": "
|
|
10
|
-
"data/cve-catalog.json": "
|
|
9
|
+
"data/attack-techniques.json": "550b7b9bfb22cde24fd9027c05332dfaa421f2d1d3c385e6f286d7b401d3c669",
|
|
10
|
+
"data/cve-catalog.json": "cf03dc050252a8ff5d71ab56f9c6ab30c06dd9adbc391109b1f1b0d33030b8a4",
|
|
11
11
|
"data/cwe-catalog.json": "0fd275c2a61754958d68cea03a92794a67cf1c1d4d609f81a5728334df013ee3",
|
|
12
12
|
"data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
|
|
13
13
|
"data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
"data/framework-control-gaps.json": "29e7b6aa841ddf2530ca5971bdb60d7a715684b2f6264141ad49f0de9a039d78",
|
|
16
16
|
"data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
|
|
17
17
|
"data/rfc-references.json": "b21d03b948c41bc8a854e2f057948ecf844bd8c105848aeb141d1eadf8192c31",
|
|
18
|
-
"data/zeroday-lessons.json": "
|
|
18
|
+
"data/zeroday-lessons.json": "ae00fd4a94e214cee466e00091f9296b8e96d08bb064c4dcaa0555a8e0ec9e1b",
|
|
19
19
|
"skills/kernel-lpe-triage/skill.md": "0f79c641cef6e5f4a942eb94f43c460562bf83dfb67ae112d146c39c6b320fb0",
|
|
20
20
|
"skills/ai-attack-surface/skill.md": "2880499993e0e69e3897a9d02b5e83aa0462c86a4dd2c1988b9968e375704a1f",
|
|
21
21
|
"skills/mcp-agent-trust/skill.md": "0752834acde0303d6d1e36be4b320eac3d34fde715bb8d71f3ad9e801d701482",
|
|
@@ -272,6 +272,8 @@
|
|
|
272
272
|
"DS0017"
|
|
273
273
|
],
|
|
274
274
|
"cve_refs": [
|
|
275
|
+
"CVE-2020-25078",
|
|
276
|
+
"CVE-2020-25079",
|
|
275
277
|
"CVE-2022-1471",
|
|
276
278
|
"CVE-2023-43654",
|
|
277
279
|
"CVE-2023-44467",
|
|
@@ -301,8 +303,11 @@
|
|
|
301
303
|
"CVE-2025-11837",
|
|
302
304
|
"CVE-2025-1550",
|
|
303
305
|
"CVE-2025-1753",
|
|
306
|
+
"CVE-2025-20281",
|
|
307
|
+
"CVE-2025-20337",
|
|
304
308
|
"CVE-2025-23254",
|
|
305
309
|
"CVE-2025-27520",
|
|
310
|
+
"CVE-2025-29635",
|
|
306
311
|
"CVE-2025-30165",
|
|
307
312
|
"CVE-2025-32434",
|
|
308
313
|
"CVE-2025-32444",
|
|
@@ -310,6 +315,7 @@
|
|
|
310
315
|
"CVE-2025-33236",
|
|
311
316
|
"CVE-2025-34291",
|
|
312
317
|
"CVE-2025-3466",
|
|
318
|
+
"CVE-2025-4428",
|
|
313
319
|
"CVE-2025-49596",
|
|
314
320
|
"CVE-2025-51480",
|
|
315
321
|
"CVE-2025-53773",
|
|
@@ -559,6 +565,7 @@
|
|
|
559
565
|
"CVE-2025-31161",
|
|
560
566
|
"CVE-2025-32975",
|
|
561
567
|
"CVE-2025-34026",
|
|
568
|
+
"CVE-2025-4427",
|
|
562
569
|
"CVE-2025-49706",
|
|
563
570
|
"CVE-2025-61757",
|
|
564
571
|
"CVE-2025-64513",
|
|
@@ -906,6 +913,7 @@
|
|
|
906
913
|
"CVE-2021-22681",
|
|
907
914
|
"CVE-2021-26828",
|
|
908
915
|
"CVE-2022-1471",
|
|
916
|
+
"CVE-2022-20775",
|
|
909
917
|
"CVE-2022-36551",
|
|
910
918
|
"CVE-2022-37055",
|
|
911
919
|
"CVE-2022-40799",
|
|
@@ -2912,6 +2920,7 @@
|
|
|
2912
2920
|
"last_verified": "2026-05-19",
|
|
2913
2921
|
"notes": "Added v0.13.17 to support DoS-class KEV bulk imports.",
|
|
2914
2922
|
"cve_refs": [
|
|
2923
|
+
"CVE-2025-20352",
|
|
2915
2924
|
"CVE-2025-30202",
|
|
2916
2925
|
"CVE-2025-6543",
|
|
2917
2926
|
"CVE-2026-24215",
|