@zerothreatai/vulnerability-registry 4.0.0 → 5.0.0

package/src/categories/configuration.ts

@@ -12,7 +12,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     // SECURITY HEADERS
     // ========================================
     [VulnerabilityCode.HEADER_MISSING_CSP]: {
-        id: 69,
+        id: 200,
         code: VulnerabilityCode.HEADER_MISSING_CSP,
         title: 'Missing Security Header - Content-Security-Policy',
         description: 'The application does not implement Content-Security-Policy header, leaving it vulnerable to cross-site scripting attacks that could be mitigated by restricting the sources from which scripts, styles, and other resources can be loaded into the page.',
@@ -35,7 +35,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_MISSING_HSTS]: {
-        id: 70,
+        id: 201,
         code: VulnerabilityCode.HEADER_MISSING_HSTS,
         title: 'Missing Security Header - Strict-Transport-Security',
         description: 'The application does not implement HSTS (HTTP Strict Transport Security) header, leaving users vulnerable to SSL stripping attacks and man-in-the-middle downgrades from HTTPS to HTTP connections on initial visits or after cookie expiration.',
@@ -58,7 +58,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_HSTS_BAD_MAX_AGE]: {
-        id: 1011,
+        id: 202,
         code: VulnerabilityCode.HEADER_HSTS_BAD_MAX_AGE,
         title: 'HSTS Misconfiguration - Invalid Max-Age',
         description: 'The Strict-Transport-Security header uses an invalid or malformed max-age value, preventing reliable HTTPS enforcement.',
@@ -81,7 +81,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_HSTS_SHORT_MAX_AGE]: {
-        id: 1012,
+        id: 203,
         code: VulnerabilityCode.HEADER_HSTS_SHORT_MAX_AGE,
         title: 'HSTS Misconfiguration - Max-Age Too Short',
         description: 'The Strict-Transport-Security header uses a short max-age value that weakens HTTPS enforcement and allows downgrade risk to return quickly.',
@@ -104,7 +104,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_HSTS_NO_INCLUDESUBDOMAINS]: {
-        id: 1013,
+        id: 204,
         code: VulnerabilityCode.HEADER_HSTS_NO_INCLUDESUBDOMAINS,
         title: 'HSTS Misconfiguration - Missing includeSubDomains',
         description: 'The Strict-Transport-Security header is missing includeSubDomains, leaving subdomains unprotected from downgrade and stripping attacks.',
@@ -127,7 +127,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_HSTS_PRELOAD_LOW_MAX_AGE]: {
-        id: 1018,
+        id: 205,
         code: VulnerabilityCode.HEADER_HSTS_PRELOAD_LOW_MAX_AGE,
         title: 'HSTS Preload Requirements Not Met',
         description: 'The HSTS header indicates preload intent but does not meet preload requirements, such as a sufficiently long max-age or includeSubDomains, reducing preload effectiveness.',
@@ -150,7 +150,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_MISSING_XFRAME]: {
-        id: 71,
+        id: 206,
         code: VulnerabilityCode.HEADER_MISSING_XFRAME,
         title: 'Missing Security Header - X-Frame-Options',
         description: 'The application does not set X-Frame-Options header, making it vulnerable to clickjacking attacks where malicious websites can embed the application in invisible iframes and trick users into performing unintended actions through deceptive UI overlays.',
@@ -173,7 +173,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_WEAK_CSP]: {
-        id: 72,
+        id: 207,
         code: VulnerabilityCode.HEADER_WEAK_CSP,
         title: 'Weak Content-Security-Policy Configuration',
         description: 'The Content-Security-Policy header contains unsafe directives like unsafe-inline, unsafe-eval, or overly permissive source allowlists that significantly reduce its effectiveness as an XSS mitigation and may create false sense of security.',
@@ -196,7 +196,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_CSP_REPORT_ONLY]: {
-        id: 1001,
+        id: 208,
         code: VulnerabilityCode.HEADER_CSP_REPORT_ONLY,
         title: 'Content-Security-Policy Report-Only Enabled',
         description: 'The Content-Security-Policy header is deployed in report-only mode, which does not enforce protections and allows unsafe content to execute while only logging violations.',
@@ -219,7 +219,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_CSP_WEAK_DIRECTIVES]: {
-        id: 1002,
+        id: 209,
         code: VulnerabilityCode.HEADER_CSP_WEAK_DIRECTIVES,
         title: 'Content-Security-Policy Contains Unsafe Directives',
         description: 'The Content-Security-Policy header includes unsafe directives such as unsafe-inline or unsafe-eval that reduce XSS protection and allow risky script execution paths.',
@@ -242,7 +242,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_CSP_DATA_URI_SCRIPT]: {
-        id: 1003,
+        id: 210,
         code: VulnerabilityCode.HEADER_CSP_DATA_URI_SCRIPT,
         title: 'Content-Security-Policy Allows data: in script-src',
         description: 'The CSP allows data: URIs for script execution, which can enable script injection through crafted data URLs and weaken XSS protections.',
@@ -265,7 +265,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_CSP_BLOB_URI_SCRIPT]: {
-        id: 1004,
+        id: 211,
         code: VulnerabilityCode.HEADER_CSP_BLOB_URI_SCRIPT,
         title: 'Content-Security-Policy Allows blob: in script-src',
         description: 'The CSP allows blob: URIs for script execution, which can be abused to load attacker-controlled scripts in some contexts and weaken XSS mitigations.',
@@ -288,7 +288,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_CSP_WILDCARD_DEFAULT]: {
-        id: 1005,
+        id: 212,
         code: VulnerabilityCode.HEADER_CSP_WILDCARD_DEFAULT,
         title: 'Content-Security-Policy default-src Uses Wildcard',
         description: 'The CSP default-src directive allows all origins, which effectively disables the protection and allows untrusted content to load.',
@@ -311,7 +311,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_CSP_NO_BASE_URI]: {
-        id: 1006,
+        id: 213,
         code: VulnerabilityCode.HEADER_CSP_NO_BASE_URI,
         title: 'Content-Security-Policy Missing base-uri Directive',
         description: 'The CSP does not include a base-uri directive, allowing the base URL to be set by injected markup and enabling abuse of relative URL resolution.',
@@ -334,7 +334,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_CSP_NO_OBJECT_SRC]: {
-        id: 1007,
+        id: 214,
         code: VulnerabilityCode.HEADER_CSP_NO_OBJECT_SRC,
         title: 'Content-Security-Policy Missing object-src Directive',
         description: 'The CSP does not include an object-src directive, allowing embedded objects to load from arbitrary origins and weakening defense-in-depth against plugin-based risks.',
@@ -357,7 +357,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_CSP_NO_FRAME_ANCESTORS]: {
-        id: 1008,
+        id: 215,
         code: VulnerabilityCode.HEADER_CSP_NO_FRAME_ANCESTORS,
         title: 'Content-Security-Policy Missing frame-ancestors Directive',
         description: 'The CSP does not include a frame-ancestors directive, leaving pages potentially frameable and vulnerable to clickjacking attacks.',
@@ -380,7 +380,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_CORS_MISCONFIGURED]: {
-        id: 73,
+        id: 216,
         code: VulnerabilityCode.HEADER_CORS_MISCONFIGURED,
         title: 'CORS Misconfiguration',
         description: 'Cross-Origin Resource Sharing is misconfigured with overly permissive Access-Control-Allow-Origin headers including wildcard (*) with credentials, or dynamic reflection of Origin header without proper validation, enabling cross-origin data theft.',
@@ -403,7 +403,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_CORS_STAR_WITH_CREDENTIALS]: {
-        id: 1014,
+        id: 217,
         code: VulnerabilityCode.HEADER_CORS_STAR_WITH_CREDENTIALS,
         title: 'CORS Wildcard With Credentials',
         description: 'Access-Control-Allow-Origin is set to * while Access-Control-Allow-Credentials is enabled, which browsers block but signals a dangerous CORS policy that can be misapplied in some environments.',
@@ -426,7 +426,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_CORS_ORIGIN_REFLECT_NO_VARY]: {
-        id: 1015,
+        id: 218,
         code: VulnerabilityCode.HEADER_CORS_ORIGIN_REFLECT_NO_VARY,
         title: 'CORS Origin Reflection Without Vary',
         description: 'The Origin header is reflected in Access-Control-Allow-Origin without Vary: Origin, which can lead to cache poisoning and unintended cross-origin access.',
@@ -449,7 +449,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_CORS_NULL_ORIGIN]: {
-        id: 1016,
+        id: 219,
         code: VulnerabilityCode.HEADER_CORS_NULL_ORIGIN,
         title: 'CORS Allows Null Origin',
         description: 'Access-Control-Allow-Origin allows the null origin, enabling requests from opaque origins such as sandboxed iframes and file URLs that can be abused to access sensitive data.',
@@ -472,7 +472,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_CORS_WILDCARD_SUBDOMAIN]: {
-        id: 1017,
+        id: 220,
         code: VulnerabilityCode.HEADER_CORS_WILDCARD_SUBDOMAIN,
         title: 'CORS Allows Wildcard Subdomains',
         description: 'CORS policies allow wildcard subdomains that can be abused if any subdomain is compromised or can be controlled by untrusted parties.',
@@ -498,7 +498,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     // DIRECTORY BROWSING
     // ========================================
     [VulnerabilityCode.DIRBROWSE_GENERIC]: {
-        id: 2000,
+        id: 221,
         code: VulnerabilityCode.DIRBROWSE_GENERIC,
         title: 'Directory Listing Enabled (Generic)',
         description: 'Directory listing is enabled and exposes directory contents to unauthenticated visitors, revealing application structure and file names.',
@@ -521,7 +521,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DIRBROWSE_GENERIC_SENSITIVE]: {
-        id: 2001,
+        id: 222,
         code: VulnerabilityCode.DIRBROWSE_GENERIC_SENSITIVE,
         title: 'Directory Listing Exposing Sensitive Content (Generic)',
         description: 'Directory listing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
@@ -544,7 +544,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DIRBROWSE_APACHE]: {
-        id: 2002,
+        id: 223,
         code: VulnerabilityCode.DIRBROWSE_APACHE,
         title: 'Apache Autoindex Enabled',
         description: 'Apache autoindex is enabled, exposing directory contents to unauthenticated visitors.',
@@ -567,7 +567,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DIRBROWSE_APACHE_SENSITIVE]: {
-        id: 2003,
+        id: 224,
         code: VulnerabilityCode.DIRBROWSE_APACHE_SENSITIVE,
         title: 'Apache Autoindex Exposing Sensitive Content',
         description: 'Apache autoindex is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
@@ -590,7 +590,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DIRBROWSE_NGINX]: {
-        id: 2004,
+        id: 225,
         code: VulnerabilityCode.DIRBROWSE_NGINX,
         title: 'Nginx Autoindex Enabled',
         description: 'Nginx autoindex is enabled, exposing directory contents to unauthenticated visitors.',
@@ -613,7 +613,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DIRBROWSE_NGINX_SENSITIVE]: {
-        id: 2005,
+        id: 226,
         code: VulnerabilityCode.DIRBROWSE_NGINX_SENSITIVE,
         title: 'Nginx Autoindex Exposing Sensitive Content',
         description: 'Nginx autoindex is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
@@ -636,7 +636,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DIRBROWSE_IIS]: {
-        id: 2006,
+        id: 227,
         code: VulnerabilityCode.DIRBROWSE_IIS,
         title: 'IIS Directory Browsing Enabled',
         description: 'IIS directory browsing is enabled, exposing directory contents to unauthenticated visitors.',
@@ -659,7 +659,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DIRBROWSE_IIS_SENSITIVE]: {
-        id: 2007,
+        id: 228,
         code: VulnerabilityCode.DIRBROWSE_IIS_SENSITIVE,
         title: 'IIS Directory Browsing Exposing Sensitive Content',
         description: 'IIS directory browsing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
@@ -682,7 +682,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DIRBROWSE_TOMCAT]: {
-        id: 2008,
+        id: 229,
         code: VulnerabilityCode.DIRBROWSE_TOMCAT,
         title: 'Tomcat Directory Listing Enabled',
         description: 'Tomcat directory listing is enabled, exposing directory contents to unauthenticated visitors.',
@@ -705,7 +705,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DIRBROWSE_TOMCAT_SENSITIVE]: {
-        id: 2009,
+        id: 230,
         code: VulnerabilityCode.DIRBROWSE_TOMCAT_SENSITIVE,
         title: 'Tomcat Directory Listing Exposing Sensitive Content',
         description: 'Tomcat directory listing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
@@ -728,7 +728,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DIRBROWSE_CADDY]: {
-        id: 2010,
+        id: 231,
         code: VulnerabilityCode.DIRBROWSE_CADDY,
         title: 'Caddy File Server Browsing Enabled',
         description: 'Caddy file server browsing is enabled, exposing directory contents to unauthenticated visitors.',
@@ -751,7 +751,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DIRBROWSE_CADDY_SENSITIVE]: {
-        id: 2011,
+        id: 232,
         code: VulnerabilityCode.DIRBROWSE_CADDY_SENSITIVE,
         title: 'Caddy File Server Browsing Exposing Sensitive Content',
         description: 'Caddy file server browsing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
@@ -774,7 +774,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DIRBROWSE_WEBDAV]: {
-        id: 2012,
+        id: 233,
         code: VulnerabilityCode.DIRBROWSE_WEBDAV,
         title: 'WebDAV Directory Listing Enabled',
         description: 'WebDAV responses expose directory contents, allowing unauthenticated browsing of files and folders.',
@@ -797,7 +797,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DIRBROWSE_WEBDAV_SENSITIVE]: {
-        id: 2013,
+        id: 234,
         code: VulnerabilityCode.DIRBROWSE_WEBDAV_SENSITIVE,
         title: 'WebDAV Directory Listing Exposing Sensitive Content',
         description: 'WebDAV responses expose directories containing sensitive files such as backups, credentials, or configuration artifacts.',
@@ -820,7 +820,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DIRBROWSE_S3]: {
-        id: 2014,
+        id: 235,
         code: VulnerabilityCode.DIRBROWSE_S3,
         title: 'S3 Bucket Listing Enabled',
         description: 'An S3 bucket listing is exposed, allowing unauthenticated enumeration of object keys.',
@@ -843,7 +843,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DIRBROWSE_S3_SENSITIVE]: {
-        id: 2015,
+        id: 236,
         code: VulnerabilityCode.DIRBROWSE_S3_SENSITIVE,
         title: 'S3 Bucket Listing Exposing Sensitive Content',
         description: 'An S3 bucket listing is exposed and includes sensitive objects such as backups, credentials, or configuration artifacts.',
@@ -866,7 +866,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DIRBROWSE_GCS]: {
-        id: 2016,
+        id: 237,
         code: VulnerabilityCode.DIRBROWSE_GCS,
         title: 'GCS Bucket Listing Enabled',
         description: 'A Google Cloud Storage bucket listing is exposed, allowing unauthenticated enumeration of object keys.',
@@ -889,7 +889,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DIRBROWSE_GCS_SENSITIVE]: {
-        id: 2017,
+        id: 238,
         code: VulnerabilityCode.DIRBROWSE_GCS_SENSITIVE,
         title: 'GCS Bucket Listing Exposing Sensitive Content',
         description: 'A Google Cloud Storage bucket listing is exposed and includes sensitive objects such as backups, credentials, or configuration artifacts.',
@@ -912,7 +912,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DIRBROWSE_AZURE_BLOB]: {
-        id: 2018,
+        id: 239,
         code: VulnerabilityCode.DIRBROWSE_AZURE_BLOB,
         title: 'Azure Blob Container Listing Enabled',
         description: 'An Azure Blob container listing is exposed, allowing unauthenticated enumeration of blob names.',
@@ -935,7 +935,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DIRBROWSE_AZURE_BLOB_SENSITIVE]: {
-        id: 2019,
+        id: 240,
         code: VulnerabilityCode.DIRBROWSE_AZURE_BLOB_SENSITIVE,
         title: 'Azure Blob Container Listing Exposing Sensitive Content',
         description: 'An Azure Blob container listing is exposed and includes sensitive blobs such as backups, credentials, or configuration artifacts.',
@@ -959,7 +959,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
 
     // Legacy generic codes (keep for backward compatibility)
     [VulnerabilityCode.DIRBROWSE_ENABLED]: {
-        id: 74,
+        id: 241,
         code: VulnerabilityCode.DIRBROWSE_ENABLED,
         title: 'Directory Listing Enabled',
         description: 'Web server directory listing is enabled, exposing the contents of directories to anyone who browses to them without an index file. This reveals application structure, backup files, configuration files, and potentially sensitive data to attackers.',
@@ -982,7 +982,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DIRBROWSE_SENSITIVE]: {
-        id: 75,
+        id: 242,
         code: VulnerabilityCode.DIRBROWSE_SENSITIVE,
         title: 'Directory Listing Exposing Sensitive Content',
         description: 'Directory listing is enabled on a directory containing sensitive files like backups, configuration files, source code, or credentials. This elevates the risk significantly as attackers can directly access sensitive information without guessing filenames.',
@@ -1008,7 +1008,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     // CLICKJACKING
     // ========================================
     [VulnerabilityCode.CLICK_FRAMEABLE]: {
-        id: 76,
+        id: 243,
         code: VulnerabilityCode.CLICK_FRAMEABLE,
         title: 'Clickjacking - Page Frameable',
         description: 'The application pages can be embedded in iframes on malicious websites, enabling clickjacking attacks where attackers overlay transparent frames over deceptive UI elements to trick users into clicking hidden buttons or links that perform unintended actions.',
@@ -1034,7 +1034,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     // DESERIALIZATION
     // ========================================
     [VulnerabilityCode.DESER_JAVA]: {
-        id: 77,
+        id: 244,
         code: VulnerabilityCode.DESER_JAVA,
         title: 'Insecure Deserialization - Java',
         description: 'Critical Java deserialization vulnerability where untrusted serialized objects are processed, allowing attackers to achieve remote code execution through gadget chains in common libraries like Apache Commons Collections, Spring Framework, or other classpath dependencies.',
@@ -1057,7 +1057,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DESER_PHP]: {
-        id: 78,
+        id: 245,
         code: VulnerabilityCode.DESER_PHP,
         title: 'Insecure Deserialization - PHP',
         description: 'Critical PHP deserialization vulnerability where unserialize() processes attacker-controlled data, enabling object injection attacks through magic methods like __wakeup(), __destruct(), or __toString() in application or framework classes for remote code execution.',
@@ -1080,7 +1080,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DESER_PYTHON]: {
-        id: 79,
+        id: 246,
         code: VulnerabilityCode.DESER_PYTHON,
         title: 'Insecure Deserialization - Python',
         description: 'Critical Python deserialization vulnerability through pickle/cPickle processing of untrusted data, enabling remote code execution via __reduce__ method exploitation. Python pickle is inherently unsafe and should never process untrusted input.',
@@ -1103,7 +1103,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DESER_DOTNET]: {
-        id: 80,
+        id: 247,
         code: VulnerabilityCode.DESER_DOTNET,
         title: 'Insecure Deserialization - .NET',
         description: 'Critical .NET deserialization vulnerability through BinaryFormatter, ObjectStateFormatter, LosFormatter, or other dangerous formatters processing untrusted data, enabling remote code execution through gadget chains in the .NET runtime or third-party libraries.',
@@ -1126,7 +1126,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DESER_RUBY]: {
-        id: 81,
+        id: 248,
         code: VulnerabilityCode.DESER_RUBY,
         title: 'Insecure Deserialization - Ruby',
         description: 'Critical Ruby deserialization vulnerability through Marshal.load or YAML.load processing untrusted data, enabling remote code execution through Ruby object instantiation gadgets that execute arbitrary code during object reconstruction.',
@@ -1149,7 +1149,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.DESER_NODE]: {
-        id: 82,
+        id: 249,
         code: VulnerabilityCode.DESER_NODE,
         title: 'Insecure Deserialization - Node.js',
         description: 'Critical Node.js deserialization vulnerability through node-serialize, funcster, or similar libraries that execute JavaScript during deserialization, enabling remote code execution when attacker-controlled serialized data containing functions or IIFE is processed.',
@@ -1172,7 +1172,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.CLICK_PARTIAL_PROTECTION]: {
-        id: 83,
+        id: 250,
         code: VulnerabilityCode.CLICK_PARTIAL_PROTECTION,
         title: 'Clickjacking - Partial Protection',
         description: 'Incomplete clickjacking protection where X-Frame-Options or frame-ancestors CSP is only applied on some pages, uses weak values like ALLOW-FROM with bypassable origins, or has inconsistent implementation allowing certain pages to be framed.',
@@ -1195,7 +1195,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_MISSING_XCONTENT_TYPE]: {
-        id: 84,
+        id: 251,
         code: VulnerabilityCode.HEADER_MISSING_XCONTENT_TYPE,
         title: 'Missing Security Header - X-Content-Type-Options',
         description: 'The application does not set X-Content-Type-Options: nosniff header, allowing browsers to perform MIME-type sniffing that can lead to XSS attacks when user-uploaded content is served with incorrect Content-Type and browsers execute it as script.',
@@ -1218,7 +1218,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_XCONTENT_TYPE_INVALID]: {
-        id: 1009,
+        id: 252,
         code: VulnerabilityCode.HEADER_XCONTENT_TYPE_INVALID,
         title: 'Invalid Security Header - X-Content-Type-Options',
         description: 'The X-Content-Type-Options header is present but misconfigured (not set to nosniff), which can allow MIME sniffing and reduce protection against content-type confusion.',
@@ -1241,7 +1241,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_MISSING_REFERRER_POLICY]: {
-        id: 85,
+        id: 253,
         code: VulnerabilityCode.HEADER_MISSING_REFERRER_POLICY,
         title: 'Missing Security Header - Referrer-Policy',
         description: 'The application does not implement Referrer-Policy header, potentially leaking sensitive URL information including session tokens, user IDs, or query parameters to external sites when users click links or resources are loaded from third-party domains.',
@@ -1264,7 +1264,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_REFERRER_POLICY_UNSAFE]: {
-        id: 1010,
+        id: 254,
         code: VulnerabilityCode.HEADER_REFERRER_POLICY_UNSAFE,
         title: 'Unsafe Referrer-Policy Configuration',
         description: 'The Referrer-Policy header is set to a permissive value that can leak full URLs and sensitive query parameters to external origins.',
@@ -1287,7 +1287,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_MISSING_PERMISSIONS_POLICY]: {
-        id: 86,
+        id: 255,
         code: VulnerabilityCode.HEADER_MISSING_PERMISSIONS_POLICY,
         title: 'Missing Security Header - Permissions-Policy',
         description: 'The application does not implement Permissions-Policy (formerly Feature-Policy) header, allowing embedded frames or malicious scripts to access sensitive browser features like camera, microphone, geolocation, or payment APIs without explicit permission.',
@@ -1310,7 +1310,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_MISSING_XSS_PROTECTION]: {
-        id: 87,
+        id: 256,
         code: VulnerabilityCode.HEADER_MISSING_XSS_PROTECTION,
         title: 'Missing Security Header - X-XSS-Protection',
         description: 'The legacy X-XSS-Protection header is not set. While deprecated in modern browsers, it can provide defense-in-depth for older browsers that still honor this header for their built-in XSS auditor feature.',
@@ -1333,7 +1333,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_COEP_WITHOUT_COOP]: {
-        id: 108,
+        id: 257,
         code: VulnerabilityCode.HEADER_COEP_WITHOUT_COOP,
         title: 'Header Misconfiguration - COEP Without COOP',
         description: 'Cross-Origin-Embedder-Policy (COEP) is set without Cross-Origin-Opener-Policy (COOP), which can create inconsistent cross-origin isolation behavior and indicate incomplete or misapplied security header strategy for isolation-sensitive applications.',
@@ -1356,7 +1356,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_CORP_UNUSUAL]: {
-        id: 109,
+        id: 258,
         code: VulnerabilityCode.HEADER_CORP_UNUSUAL,
         title: 'Header Misconfiguration - Unusual CORP Value',
         description: 'Cross-Origin-Resource-Policy (CORP) is set to a non-standard value, which may indicate a misconfiguration that provides no effective protection or creates unpredictable resource loading behavior across origins.',
@@ -1379,7 +1379,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_EXPECT_CT_PRESENT]: {
-        id: 110,
+        id: 259,
         code: VulnerabilityCode.HEADER_EXPECT_CT_PRESENT,
         title: 'Deprecated Header - Expect-CT Present',
         description: 'The Expect-CT header is present even though the feature is deprecated and no longer enforced by major browsers, adding unnecessary configuration surface without meaningful security benefit.',
@@ -1402,7 +1402,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_SERVER_HEADER_PRESENT]: {
-        id: 111,
+        id: 260,
         code: VulnerabilityCode.HEADER_SERVER_HEADER_PRESENT,
         title: 'Information Exposure - Server Header Present',
         description: 'The Server header reveals technology or version details that can assist attackers with fingerprinting and targeted exploitation, increasing the likelihood of tailored attacks against known software weaknesses.',
@@ -1425,7 +1425,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_X_POWERED_BY_PRESENT]: {
-        id: 112,
+        id: 261,
         code: VulnerabilityCode.HEADER_X_POWERED_BY_PRESENT,
         title: 'Information Exposure - X-Powered-By Present',
         description: 'The X-Powered-By header discloses framework or runtime information that can be used to fingerprint the application stack and target known vulnerabilities in specific platforms or versions.',
@@ -1448,7 +1448,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_X_XSS_PROTECTION_ENABLED]: {
-        id: 113,
+        id: 262,
         code: VulnerabilityCode.HEADER_X_XSS_PROTECTION_ENABLED,
         title: 'Deprecated Header - X-XSS-Protection Enabled',
         description: 'The X-XSS-Protection header is enabled, which is deprecated and can introduce security risks or inconsistent behavior in legacy browsers due to the removed XSS auditor feature.',
@@ -1471,7 +1471,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.COOKIE_SAMESITE_NONE_WITHOUT_SECURE]: {
-        id: 114,
+        id: 263,
         code: VulnerabilityCode.COOKIE_SAMESITE_NONE_WITHOUT_SECURE,
         title: 'Cookie Misconfiguration - SameSite=None Without Secure',
         description: 'A cookie is configured with SameSite=None but lacks the Secure attribute, enabling cross-site transmission over unencrypted connections and undermining cookie integrity and confidentiality controls.',
@@ -1494,7 +1494,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.COOKIE_SESSION_MISSING_SECURE]: {
-        id: 115,
+        id: 264,
         code: VulnerabilityCode.COOKIE_SESSION_MISSING_SECURE,
         title: 'Cookie Misconfiguration - Session Cookie Missing Secure',
         description: 'Session or authentication cookies are missing the Secure attribute, allowing them to be transmitted over unencrypted connections and increasing the risk of session hijacking or credential theft.',
@@ -1517,7 +1517,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.COOKIE_MISSING_SECURE]: {
-        id: 116,
+        id: 265,
         code: VulnerabilityCode.COOKIE_MISSING_SECURE,
         title: 'Cookie Misconfiguration - Missing Secure Attribute',
         description: 'Cookies are set without the Secure attribute, permitting transmission over plaintext HTTP and exposing cookie contents to network interception or manipulation.',
@@ -1540,7 +1540,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.COOKIE_SESSION_MISSING_HTTPONLY]: {
-        id: 117,
+        id: 266,
         code: VulnerabilityCode.COOKIE_SESSION_MISSING_HTTPONLY,
         title: 'Cookie Misconfiguration - Session Cookie Missing HttpOnly',
         description: 'Session or authentication cookies are missing the HttpOnly attribute, allowing client-side scripts to access sensitive cookie values and increasing the impact of XSS attacks.',
@@ -1563,7 +1563,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.COOKIE_MISSING_HTTPONLY]: {
-        id: 118,
+        id: 267,
         code: VulnerabilityCode.COOKIE_MISSING_HTTPONLY,
         title: 'Cookie Misconfiguration - Missing HttpOnly Attribute',
         description: 'Cookies are missing the HttpOnly attribute, allowing JavaScript access to cookie values and increasing the potential impact of client-side script injection.',
@@ -1586,7 +1586,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.COOKIE_MISSING_SAMESITE]: {
-        id: 119,
+        id: 268,
         code: VulnerabilityCode.COOKIE_MISSING_SAMESITE,
         title: 'Cookie Misconfiguration - Missing SameSite Attribute',
         description: 'Cookies do not specify SameSite, which can allow cross-site requests to include cookies by default and increase exposure to CSRF-style attacks or cross-site leakage.',
@@ -1609,7 +1609,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.COOKIE_HOST_PREFIX_INVALID]: {
-        id: 120,
+        id: 269,
         code: VulnerabilityCode.COOKIE_HOST_PREFIX_INVALID,
         title: 'Cookie Misconfiguration - __Host- Prefix Violations',
         description: 'Cookies with the __Host- prefix do not meet required attributes (Secure, Path=/, no Domain), weakening the protections provided by host-only cookie semantics.',
@@ -1632,7 +1632,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.COOKIE_SECURE_PREFIX_INVALID]: {
-        id: 121,
+        id: 270,
         code: VulnerabilityCode.COOKIE_SECURE_PREFIX_INVALID,
         title: 'Cookie Misconfiguration - __Secure- Prefix Violations',
         description: 'Cookies with the __Secure- prefix are missing the Secure attribute, which defeats the prefix requirement and weakens transport security protections.',
@@ -1655,7 +1655,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_DRIFT_CSP]: {
-        id: 122,
+        id: 271,
         code: VulnerabilityCode.HEADER_DRIFT_CSP,
         title: 'Header Drift - Content-Security-Policy Inconsistent',
         description: 'Content-Security-Policy is present on some paths but missing on others, creating uneven defenses and potentially exposing unprotected routes to script injection or content loading risks.',
@@ -1678,7 +1678,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_DRIFT_HSTS]: {
-        id: 123,
+        id: 272,
         code: VulnerabilityCode.HEADER_DRIFT_HSTS,
         title: 'Header Drift - Strict-Transport-Security Inconsistent',
         description: 'Strict-Transport-Security is present on some paths but missing on others, reducing the effectiveness of HTTPS enforcement and creating mixed transport behavior across the site.',
@@ -1701,7 +1701,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_DRIFT_XCONTENT_TYPE]: {
-        id: 124,
+        id: 273,
         code: VulnerabilityCode.HEADER_DRIFT_XCONTENT_TYPE,
         title: 'Header Drift - X-Content-Type-Options Inconsistent',
         description: 'X-Content-Type-Options is present on some paths but missing on others, allowing inconsistent MIME sniffing behavior that could expose unprotected routes to content-type confusion.',
@@ -1724,7 +1724,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_DRIFT_REFERRER_POLICY]: {
-        id: 125,
+        id: 274,
         code: VulnerabilityCode.HEADER_DRIFT_REFERRER_POLICY,
         title: 'Header Drift - Referrer-Policy Inconsistent',
         description: 'Referrer-Policy is present on some paths but missing on others, leading to inconsistent referrer leakage controls and potential exposure of sensitive URL data.',
@@ -1747,7 +1747,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_DRIFT_XFRAME]: {
-        id: 126,
+        id: 275,
         code: VulnerabilityCode.HEADER_DRIFT_XFRAME,
         title: 'Header Drift - X-Frame-Options Inconsistent',
         description: 'X-Frame-Options or equivalent framing controls are present on some paths but missing on others, creating uneven clickjacking protection across the site.',
@@ -1770,7 +1770,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_DRIFT_PERMISSIONS_POLICY]: {
-        id: 127,
+        id: 276,
         code: VulnerabilityCode.HEADER_DRIFT_PERMISSIONS_POLICY,
         title: 'Header Drift - Permissions-Policy Inconsistent',
         description: 'Permissions-Policy is present on some paths but missing on others, leading to inconsistent controls over browser features such as geolocation, camera, or microphone.',
@@ -1793,7 +1793,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_DRIFT_COOP]: {
-        id: 128,
+        id: 277,
         code: VulnerabilityCode.HEADER_DRIFT_COOP,
         title: 'Header Drift - COOP Inconsistent',
         description: 'Cross-Origin-Opener-Policy is present on some paths but missing on others, which can lead to uneven cross-origin isolation guarantees and inconsistent window isolation behavior.',
@@ -1816,7 +1816,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_DRIFT_COEP]: {
-        id: 129,
+        id: 278,
         code: VulnerabilityCode.HEADER_DRIFT_COEP,
         title: 'Header Drift - COEP Inconsistent',
         description: 'Cross-Origin-Embedder-Policy is present on some paths but missing on others, resulting in inconsistent embedding restrictions and cross-origin isolation posture.',
@@ -1839,7 +1839,7 @@ export const CONFIG_VULNERABILITIES: Record<string, VulnerabilityDefinition> = {
     },
 
     [VulnerabilityCode.HEADER_DRIFT_CORP]: {
-        id: 130,
+        id: 279,
         code: VulnerabilityCode.HEADER_DRIFT_CORP,
         title: 'Header Drift - CORP Inconsistent',
         description: 'Cross-Origin-Resource-Policy is present on some paths but missing on others, which can leave inconsistent controls on resource sharing and embedding across the application.',