[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-2503":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T02:53:27.892Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":956,"aliases":966,"duplicate_of":9,"upstream":967,"downstream":968,"duplicates":1035,"related":1036,"reserved_at":9,"published_at":1049,"modified_at":1050,"state":1051,"summary":1052,"references_raw":1060,"kevs":1073,"epss":1074,"epss_history":1077,"metrics":1286,"affected":1298},"CVE-2022-2503","Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5",null,[11,403],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-302","Authentication Bypass by Assumed-Immutable Data","The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.","weakness","Incomplete","Base",[19,23,207,361,365,391,395,399],{"id":20,"name":21,"techniques":22},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":24,"name":25,"techniques":26},"CAPEC-13","Subverting Environment Variable Values",[27,125,167],{"id":28,"name":29,"tactics":30,"countermeasures":37},"T1562.003","Impair Command History Logging",[31,34],{"id":32,"name":33},"TA0030","Defense Evasion",{"id":35,"name":36},"TA0005","Stealth",[38,43,48,52,56,60,65,69,74,79,83,87,92,96,101,105,109,113,117,121],{"id":39,"name":40,"tactic":41},"D3-CI","Configuration Inventory",{"name":42},"Model",{"id":44,"name":45,"tactic":46},"D3-FA","File Analysis",{"name":47},"Detect",{"id":49,"name":50,"tactic":51},"D3-FIM","File Integrity Monitoring",{"name":47},{"id":53,"name":54,"tactic":55},"D3-DA","Dynamic Analysis",{"name":47},{"id":57,"name":58,"tactic":59},"D3-EFA","Emulated File Analysis",{"name":47},{"id":61,"name":62,"tactic":63},"D3-FEV","File Eviction",{"name":64},"Evict",{"id":66,"name":67,"tactic":68},"D3-RKD","Registry Key Deletion",{"name":64},{"id":70,"name":71,"tactic":72},"D3-DF","Decoy File",{"name":73},"Deceive",{"id":75,"name":76,"tactic":77},"D3-DRA","Disable Remote Access",{"name":78},"Harden",{"id":80,"name":81,"tactic":82},"D3-ACH","Application Configuration Hardening",{"name":78},{"id":84,"name":85,"tactic":86},"D3-FE","File Encryption",{"name":78},{"id":88,"name":89,"tactic":90},"D3-RC","Restore Configuration",{"name":91},"Restore",{"id":93,"name":94,"tactic":95},"D3-RF","Restore File",{"name":91},{"id":97,"name":98,"tactic":99},"D3-CQ","Content Quarantine",{"name":100},"Isolate",{"id":102,"name":103,"tactic":104},"D3-CF","Content Filtering",{"name":100},{"id":106,"name":107,"tactic":108},"D3-LFP","Local File Permissions",{"name":100},{"id":110,"name":111,"tactic":112},"D3-RFAM","Remote File Access Mediation",{"name":100},{"id":114,"name":115,"tactic":116},"D3-CM","Content Modification",{"name":100},{"id":118,"name":119,"tactic":120},"D3-EAL","Executable Allowlisting",{"name":100},{"id":122,"name":123,"tactic":124},"D3-EDL","Executable Denylisting",{"name":100},{"id":126,"name":127,"tactics":128,"countermeasures":140},"T1574.006","Dynamic Linker Hijacking",[129,132,135,136,137],{"id":130,"name":131},"TA0110","Persistence",{"id":133,"name":134},"TA0111","Privilege Escalation",{"id":32,"name":33},{"id":35,"name":36},{"id":138,"name":139},"TA0104","Execution",[141,145,147,149,151,153,155,157,159,161,163,165],{"id":142,"name":143,"tactic":144},"D3-SFA","System File Analysis",{"name":47},{"id":44,"name":45,"tactic":146},{"name":47},{"id":49,"name":50,"tactic":148},{"name":47},{"id":61,"name":62,"tactic":150},{"name":64},{"id":70,"name":71,"tactic":152},{"name":73},{"id":84,"name":85,"tactic":154},{"name":78},{"id":93,"name":94,"tactic":156},{"name":91},{"id":102,"name":103,"tactic":158},{"name":100},{"id":106,"name":107,"tactic":160},{"name":100},{"id":110,"name":111,"tactic":162},{"name":100},{"id":97,"name":98,"tactic":164},{"name":100},{"id":114,"name":115,"tactic":166},{"name":100},{"id":168,"name":169,"tactics":170,"countermeasures":176},"T1574.007","Path Interception by PATH Environment Variable",[171,172,173,174,175],{"id":130,"name":131},{"id":133,"name":134},{"id":32,"name":33},{"id":35,"name":36},{"id":138,"name":139},[177,179,181,183,185,187,189,191,193,195,197,199,201,203,205],{"id":44,"name":45,"tactic":178},{"name":47},{"id":49,"name":50,"tactic":180},{"name":47},{"id":53,"name":54,"tactic":182},{"name":47},{"id":57,"name":58,"tactic":184},{"name":47},{"id":61,"name":62,"tactic":186},{"name":64},{"id":70,"name":71,"tactic":188},{"name":73},{"id":84,"name":85,"tactic":190},{"name":78},{"id":93,"name":94,"tactic":192},{"name":91},{"id":102,"name":103,"tactic":194},{"name":100},{"id":106,"name":107,"tactic":196},{"name":100},{"id":110,"name":111,"tactic":198},{"name":100},{"id":97,"name":98,"tactic":200},{"name":100},{"id":114,"name":115,"tactic":202},{"name":100},{"id":118,"name":119,"tactic":204},{"name":100},{"id":122,"name":123,"tactic":206},{"name":100},{"id":208,"name":209,"techniques":210},"CAPEC-21","Exploitation of Trusted Identifiers",[211,307,337],{"id":212,"name":213,"tactics":214,"countermeasures":218},"T1134","Access Token Manipulation",[215,216,217],{"id":32,"name":33},{"id":35,"name":36},{"id":133,"name":134},[219,221,225,229,233,237,241,245,249,253,257,261,265,269,273,277,281,285,287,291,295,299,301,303],{"id":39,"name":40,"tactic":220},{"name":42},{"id":222,"name":223,"tactic":224},"D3-NTPM","Network Traffic Policy Mapping",{"name":42},{"id":226,"name":227,"tactic":228},"D3-AM","Access Modeling",{"name":42},{"id":230,"name":231,"tactic":232},"D3-AEM","Application Exception Monitoring",{"name":47},{"id":234,"name":235,"tactic":236},"D3-SCA","System Call Analysis",{"name":47},{"id":238,"name":239,"tactic":240},"D3-CCSA","Credential Compromise Scope Analysis",{"name":47},{"id":242,"name":243,"tactic":244},"D3-OPM","Operational Process Monitoring",{"name":47},{"id":246,"name":247,"tactic":248},"D3-PSA","Process Spawn Analysis",{"name":47},{"id":250,"name":251,"tactic":252},"D3-ST","Session Termination",{"name":64},{"id":254,"name":255,"tactic":256},"D3-CR","Credential Revocation",{"name":64},{"id":258,"name":259,"tactic":260},"D3-ANCI","Authentication Cache Invalidation",{"name":64},{"id":262,"name":263,"tactic":264},"D3-DUC","Decoy User Credential",{"name":73},{"id":266,"name":267,"tactic":268},"D3-CH","Credential Hardening",{"name":78},{"id":270,"name":271,"tactic":272},"D3-MFA","Multi-factor Authentication",{"name":78},{"id":274,"name":275,"tactic":276},"D3-CRO","Credential Rotation",{"name":78},{"id":278,"name":279,"tactic":280},"D3-TB","Token Binding",{"name":78},{"id":282,"name":283,"tactic":284},"D3-TBA","Token-based Authentication",{"name":78},{"id":88,"name":89,"tactic":286},{"name":91},{"id":288,"name":289,"tactic":290},"D3-RIC","Reissue Credential",{"name":91},{"id":292,"name":293,"tactic":294},"D3-SCF","System Call Filtering",{"name":100},{"id":296,"name":297,"tactic":298},"D3-CTS","Credential Transmission Scoping",{"name":100},{"id":118,"name":119,"tactic":300},{"name":100},{"id":122,"name":123,"tactic":302},{"name":100},{"id":304,"name":305,"tactic":306},"D3-HBPI","Hardware-based Process Isolation",{"name":100},{"id":308,"name":309,"tactics":310,"countermeasures":314},"T1528","Steal Application Access Token",[311],{"id":312,"name":313},"TA0031","Credential Access",[315,317,319,321,323,325,327,329,331,333,335],{"id":238,"name":239,"tactic":316},{"name":47},{"id":254,"name":255,"tactic":318},{"name":64},{"id":258,"name":259,"tactic":320},{"name":64},{"id":262,"name":263,"tactic":322},{"name":73},{"id":266,"name":267,"tactic":324},{"name":78},{"id":270,"name":271,"tactic":326},{"name":78},{"id":274,"name":275,"tactic":328},{"name":78},{"id":278,"name":279,"tactic":330},{"name":78},{"id":282,"name":283,"tactic":332},{"name":78},{"id":288,"name":289,"tactic":334},{"name":91},{"id":296,"name":297,"tactic":336},{"name":100},{"id":338,"name":339,"tactics":340,"countermeasures":342},"T1539","Steal Web Session Cookie",[341],{"id":312,"name":313},[343,345,347,349,351,353,355,357,359],{"id":238,"name":239,"tactic":344},{"name":47},{"id":254,"name":255,"tactic":346},{"name":64},{"id":258,"name":259,"tactic":348},{"name":64},{"id":262,"name":263,"tactic":350},{"name":73},{"id":266,"name":267,"tactic":352},{"name":78},{"id":270,"name":271,"tactic":354},{"name":78},{"id":274,"name":275,"tactic":356},{"name":78},{"id":288,"name":289,"tactic":358},{"name":91},{"id":296,"name":297,"tactic":360},{"name":100},{"id":362,"name":363,"techniques":364},"CAPEC-274","HTTP Verb Tampering",[],{"id":366,"name":367,"techniques":368},"CAPEC-31","Accessing/Intercepting/Modifying HTTP Cookies",[369],{"id":338,"name":339,"tactics":370,"countermeasures":372},[371],{"id":312,"name":313},[373,375,377,379,381,383,385,387,389],{"id":238,"name":239,"tactic":374},{"name":47},{"id":254,"name":255,"tactic":376},{"name":64},{"id":258,"name":259,"tactic":378},{"name":64},{"id":262,"name":263,"tactic":380},{"name":73},{"id":266,"name":267,"tactic":382},{"name":78},{"id":270,"name":271,"tactic":384},{"name":78},{"id":274,"name":275,"tactic":386},{"name":78},{"id":288,"name":289,"tactic":388},{"name":91},{"id":296,"name":297,"tactic":390},{"name":100},{"id":392,"name":393,"techniques":394},"CAPEC-39","Manipulating Opaque Client-based Data Tokens",[],{"id":396,"name":397,"techniques":398},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":400,"name":401,"techniques":402},"CAPEC-77","Manipulating User-Controlled Variables",[],{"_key":404,"id":404,"name":405,"description":406,"type":15,"status":407,"abstraction":408,"likelihood_of_exploit":409,"capec":410},"CWE-287","Improper Authentication","When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.","Draft","Class","High",[411,510,589,593,597,601,618,783,841,923],{"id":412,"name":413,"techniques":414},"CAPEC-114","Authentication Abuse",[415],{"id":416,"name":417,"tactics":418,"countermeasures":421},"T1548","Abuse Elevation Control Mechanism",[419,420],{"id":32,"name":33},{"id":133,"name":134},[422,424,426,430,432,434,436,438,440,442,444,446,448,450,452,456,458,460,464,468,472,474,476,480,484,488,490,492,494,496,498,500,504,506,508],{"id":39,"name":40,"tactic":423},{"name":42},{"id":226,"name":227,"tactic":425},{"name":42},{"id":427,"name":428,"tactic":429},"D3-DI","Data Inventory",{"name":42},{"id":222,"name":223,"tactic":431},{"name":42},{"id":230,"name":231,"tactic":433},{"name":47},{"id":234,"name":235,"tactic":435},{"name":47},{"id":142,"name":143,"tactic":437},{"name":47},{"id":44,"name":45,"tactic":439},{"name":47},{"id":49,"name":50,"tactic":441},{"name":47},{"id":242,"name":243,"tactic":443},{"name":47},{"id":53,"name":54,"tactic":445},{"name":47},{"id":57,"name":58,"tactic":447},{"name":47},{"id":246,"name":247,"tactic":449},{"name":47},{"id":61,"name":62,"tactic":451},{"name":64},{"id":453,"name":454,"tactic":455},"D3-AL","Account Locking",{"name":64},{"id":70,"name":71,"tactic":457},{"name":73},{"id":84,"name":85,"tactic":459},{"name":78},{"id":461,"name":462,"tactic":463},"D3-AA","Agent Authentication",{"name":78},{"id":465,"name":466,"tactic":467},"D3-CDP","Change Default Password",{"name":78},{"id":469,"name":470,"tactic":471},"D3-SCP","System Configuration Permissions",{"name":78},{"id":88,"name":89,"tactic":473},{"name":91},{"id":93,"name":94,"tactic":475},{"name":91},{"id":477,"name":478,"tactic":479},"D3-ULA","Unlock Account",{"name":91},{"id":481,"name":482,"tactic":483},"D3-RUAA","Restore User Account Access",{"name":91},{"id":485,"name":486,"tactic":487},"D3-RD","Restore Database",{"name":91},{"id":292,"name":293,"tactic":489},{"name":100},{"id":102,"name":103,"tactic":491},{"name":100},{"id":106,"name":107,"tactic":493},{"name":100},{"id":110,"name":111,"tactic":495},{"name":100},{"id":97,"name":98,"tactic":497},{"name":100},{"id":114,"name":115,"tactic":499},{"name":100},{"id":501,"name":502,"tactic":503},"D3-UAP","User Account Permissions",{"name":100},{"id":118,"name":119,"tactic":505},{"name":100},{"id":122,"name":123,"tactic":507},{"name":100},{"id":304,"name":305,"tactic":509},{"name":100},{"id":511,"name":512,"techniques":513},"CAPEC-115","Authentication Bypass",[514],{"id":416,"name":417,"tactics":515,"countermeasures":518},[516,517],{"id":32,"name":33},{"id":133,"name":134},[519,521,523,525,527,529,531,533,535,537,539,541,543,545,547,549,551,553,555,557,559,561,563,565,567,569,571,573,575,577,579,581,583,585,587],{"id":39,"name":40,"tactic":520},{"name":42},{"id":226,"name":227,"tactic":522},{"name":42},{"id":427,"name":428,"tactic":524},{"name":42},{"id":222,"name":223,"tactic":526},{"name":42},{"id":230,"name":231,"tactic":528},{"name":47},{"id":234,"name":235,"tactic":530},{"name":47},{"id":142,"name":143,"tactic":532},{"name":47},{"id":44,"name":45,"tactic":534},{"name":47},{"id":49,"name":50,"tactic":536},{"name":47},{"id":242,"name":243,"tactic":538},{"name":47},{"id":53,"name":54,"tactic":540},{"name":47},{"id":57,"name":58,"tactic":542},{"name":47},{"id":246,"name":247,"tactic":544},{"name":47},{"id":61,"name":62,"tactic":546},{"name":64},{"id":453,"name":454,"tactic":548},{"name":64},{"id":70,"name":71,"tactic":550},{"name":73},{"id":84,"name":85,"tactic":552},{"name":78},{"id":461,"name":462,"tactic":554},{"name":78},{"id":465,"name":466,"tactic":556},{"name":78},{"id":469,"name":470,"tactic":558},{"name":78},{"id":88,"name":89,"tactic":560},{"name":91},{"id":93,"name":94,"tactic":562},{"name":91},{"id":477,"name":478,"tactic":564},{"name":91},{"id":481,"name":482,"tactic":566},{"name":91},{"id":485,"name":486,"tactic":568},{"name":91},{"id":292,"name":293,"tactic":570},{"name":100},{"id":102,"name":103,"tactic":572},{"name":100},{"id":106,"name":107,"tactic":574},{"name":100},{"id":110,"name":111,"tactic":576},{"name":100},{"id":97,"name":98,"tactic":578},{"name":100},{"id":114,"name":115,"tactic":580},{"name":100},{"id":501,"name":502,"tactic":582},{"name":100},{"id":118,"name":119,"tactic":584},{"name":100},{"id":122,"name":123,"tactic":586},{"name":100},{"id":304,"name":305,"tactic":588},{"name":100},{"id":590,"name":591,"techniques":592},"CAPEC-151","Identity Spoofing",[],{"id":594,"name":595,"techniques":596},"CAPEC-194","Fake the Source of Data",[],{"id":598,"name":599,"techniques":600},"CAPEC-22","Exploiting Trust in Client",[],{"id":602,"name":603,"techniques":604},"CAPEC-57","Utilizing REST's Trust in the System Resource to Obtain Sensitive Data",[605],{"id":606,"name":607,"tactics":608,"countermeasures":613},"T1040","Network Sniffing",[609,610],{"id":312,"name":313},{"id":611,"name":612},"TA0102","Discovery",[614],{"id":615,"name":616,"tactic":617},"D3-DNSTA","DNS Traffic Analysis",{"name":47},{"id":619,"name":620,"techniques":621},"CAPEC-593","Session Hijacking",[622,666,757],{"id":623,"name":624,"tactics":625,"countermeasures":629},"T1185","Browser Session Hijacking",[626],{"id":627,"name":628},"TA0100","Collection",[630,634,638,642,646,650,654,658,662],{"id":631,"name":632,"tactic":633},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":47},{"id":635,"name":636,"tactic":637},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":47},{"id":639,"name":640,"tactic":641},"D3-CSPP","Client-server Payload Profiling",{"name":47},{"id":643,"name":644,"tactic":645},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":47},{"id":647,"name":648,"tactic":649},"D3-NTSA","Network Traffic Signature Analysis",{"name":47},{"id":651,"name":652,"tactic":653},"D3-APCA","Application Protocol Command Analysis",{"name":47},{"id":655,"name":656,"tactic":657},"D3-NTCD","Network Traffic Community Deviation",{"name":47},{"id":659,"name":660,"tactic":661},"D3-RTSD","Remote Terminal Session Detection",{"name":47},{"id":663,"name":664,"tactic":665},"D3-NTF","Network Traffic Filtering",{"name":100},{"id":667,"name":668,"tactics":669,"countermeasures":674},"T1550.001","Application Access Token",[670,671],{"id":32,"name":33},{"id":672,"name":673},"TA0109","Lateral Movement",[675,679,683,685,687,689,691,693,695,697,699,701,703,707,711,715,719,721,723,725,727,729,731,733,735,737,741,743,745,749,753,755],{"id":676,"name":677,"tactic":678},"D3-PLA","Process Lineage Analysis",{"name":47},{"id":680,"name":681,"tactic":682},"D3-PSMD","Process Self-Modification Detection",{"name":47},{"id":246,"name":247,"tactic":684},{"name":47},{"id":238,"name":239,"tactic":686},{"name":47},{"id":631,"name":632,"tactic":688},{"name":47},{"id":635,"name":636,"tactic":690},{"name":47},{"id":639,"name":640,"tactic":692},{"name":47},{"id":643,"name":644,"tactic":694},{"name":47},{"id":647,"name":648,"tactic":696},{"name":47},{"id":651,"name":652,"tactic":698},{"name":47},{"id":655,"name":656,"tactic":700},{"name":47},{"id":659,"name":660,"tactic":702},{"name":47},{"id":704,"name":705,"tactic":706},"D3-PT","Process Termination",{"name":64},{"id":708,"name":709,"tactic":710},"D3-PS","Process Suspension",{"name":64},{"id":712,"name":713,"tactic":714},"D3-HR","Host Reboot",{"name":64},{"id":716,"name":717,"tactic":718},"D3-HS","Host Shutdown",{"name":64},{"id":254,"name":255,"tactic":720},{"name":64},{"id":258,"name":259,"tactic":722},{"name":64},{"id":262,"name":263,"tactic":724},{"name":73},{"id":266,"name":267,"tactic":726},{"name":78},{"id":270,"name":271,"tactic":728},{"name":78},{"id":274,"name":275,"tactic":730},{"name":78},{"id":278,"name":279,"tactic":732},{"name":78},{"id":282,"name":283,"tactic":734},{"name":78},{"id":288,"name":289,"tactic":736},{"name":91},{"id":738,"name":739,"tactic":740},"D3-KBPI","Kernel-based Process Isolation",{"name":100},{"id":292,"name":293,"tactic":742},{"name":100},{"id":304,"name":305,"tactic":744},{"name":100},{"id":746,"name":747,"tactic":748},"D3-ABPI","Application-based Process Isolation",{"name":100},{"id":750,"name":751,"tactic":752},"D3-WSAM","Web Session Access Mediation",{"name":100},{"id":296,"name":297,"tactic":754},{"name":100},{"id":663,"name":664,"tactic":756},{"name":100},{"id":758,"name":759,"tactics":760,"countermeasures":762},"T1563","Remote Service Session Hijacking",[761],{"id":672,"name":673},[763,765,767,769,771,773,775,777,779,781],{"id":631,"name":632,"tactic":764},{"name":47},{"id":635,"name":636,"tactic":766},{"name":47},{"id":639,"name":640,"tactic":768},{"name":47},{"id":643,"name":644,"tactic":770},{"name":47},{"id":647,"name":648,"tactic":772},{"name":47},{"id":651,"name":652,"tactic":774},{"name":47},{"id":655,"name":656,"tactic":776},{"name":47},{"id":659,"name":660,"tactic":778},{"name":47},{"id":250,"name":251,"tactic":780},{"name":64},{"id":663,"name":664,"tactic":782},{"name":100},{"id":784,"name":785,"techniques":786},"CAPEC-633","Token Impersonation",[787],{"id":212,"name":213,"tactics":788,"countermeasures":792},[789,790,791],{"id":32,"name":33},{"id":35,"name":36},{"id":133,"name":134},[793,795,797,799,801,803,805,807,809,811,813,815,817,819,821,823,825,827,829,831,833,835,837,839],{"id":39,"name":40,"tactic":794},{"name":42},{"id":222,"name":223,"tactic":796},{"name":42},{"id":226,"name":227,"tactic":798},{"name":42},{"id":230,"name":231,"tactic":800},{"name":47},{"id":234,"name":235,"tactic":802},{"name":47},{"id":238,"name":239,"tactic":804},{"name":47},{"id":242,"name":243,"tactic":806},{"name":47},{"id":246,"name":247,"tactic":808},{"name":47},{"id":250,"name":251,"tactic":810},{"name":64},{"id":254,"name":255,"tactic":812},{"name":64},{"id":258,"name":259,"tactic":814},{"name":64},{"id":262,"name":263,"tactic":816},{"name":73},{"id":266,"name":267,"tactic":818},{"name":78},{"id":270,"name":271,"tactic":820},{"name":78},{"id":274,"name":275,"tactic":822},{"name":78},{"id":278,"name":279,"tactic":824},{"name":78},{"id":282,"name":283,"tactic":826},{"name":78},{"id":88,"name":89,"tactic":828},{"name":91},{"id":288,"name":289,"tactic":830},{"name":91},{"id":292,"name":293,"tactic":832},{"name":100},{"id":296,"name":297,"tactic":834},{"name":100},{"id":118,"name":119,"tactic":836},{"name":100},{"id":122,"name":123,"tactic":838},{"name":100},{"id":304,"name":305,"tactic":840},{"name":100},{"id":842,"name":843,"techniques":844},"CAPEC-650","Upload a Web Shell to a Web Server",[845],{"id":846,"name":847,"tactics":848,"countermeasures":850},"T1505.003","Web Shell",[849],{"id":130,"name":131},[851,855,859,863,867,869,871,873,875,877,879,881,883,885,887,889,891,893,895,899,901,903,905,907,909,911,913,915,917,919,921],{"id":852,"name":853,"tactic":854},"D3-NNI","Network Node Inventory",{"name":42},{"id":856,"name":857,"tactic":858},"D3-PLM","Physical Link Mapping",{"name":42},{"id":860,"name":861,"tactic":862},"D3-LLM","Logical Link Mapping",{"name":42},{"id":864,"name":865,"tactic":866},"D3-EHB","Endpoint Health Beacon",{"name":47},{"id":44,"name":45,"tactic":868},{"name":47},{"id":49,"name":50,"tactic":870},{"name":47},{"id":53,"name":54,"tactic":872},{"name":47},{"id":57,"name":58,"tactic":874},{"name":47},{"id":676,"name":677,"tactic":876},{"name":47},{"id":680,"name":681,"tactic":878},{"name":47},{"id":246,"name":247,"tactic":880},{"name":47},{"id":61,"name":62,"tactic":882},{"name":64},{"id":704,"name":705,"tactic":884},{"name":64},{"id":708,"name":709,"tactic":886},{"name":64},{"id":712,"name":713,"tactic":888},{"name":64},{"id":716,"name":717,"tactic":890},{"name":64},{"id":70,"name":71,"tactic":892},{"name":73},{"id":84,"name":85,"tactic":894},{"name":78},{"id":896,"name":897,"tactic":898},"D3-RNA","Restore Network Access",{"name":91},{"id":93,"name":94,"tactic":900},{"name":91},{"id":102,"name":103,"tactic":902},{"name":100},{"id":106,"name":107,"tactic":904},{"name":100},{"id":110,"name":111,"tactic":906},{"name":100},{"id":97,"name":98,"tactic":908},{"name":100},{"id":114,"name":115,"tactic":910},{"name":100},{"id":118,"name":119,"tactic":912},{"name":100},{"id":122,"name":123,"tactic":914},{"name":100},{"id":738,"name":739,"tactic":916},{"name":100},{"id":292,"name":293,"tactic":918},{"name":100},{"id":304,"name":305,"tactic":920},{"name":100},{"id":746,"name":747,"tactic":922},{"name":100},{"id":924,"name":925,"techniques":926},"CAPEC-94","Adversary in the Middle (AiTM)",[927],{"id":928,"name":929,"tactics":930,"countermeasures":933},"T1557","Adversary-in-the-Middle",[931,932],{"id":312,"name":313},{"id":627,"name":628},[934,936,938,940,942,944,946,948,950,954],{"id":631,"name":632,"tactic":935},{"name":47},{"id":635,"name":636,"tactic":937},{"name":47},{"id":639,"name":640,"tactic":939},{"name":47},{"id":643,"name":644,"tactic":941},{"name":47},{"id":647,"name":648,"tactic":943},{"name":47},{"id":651,"name":652,"tactic":945},{"name":47},{"id":655,"name":656,"tactic":947},{"name":47},{"id":659,"name":660,"tactic":949},{"name":47},{"id":951,"name":952,"tactic":953},"D3-CAA","Connection Attempt Analysis",{"name":47},{"id":663,"name":664,"tactic":955},{"name":100},[957],{"_key":958,"name":959,"source":960,"url":961,"maturity":962,"reliability_score":963,"verified":964,"type":9,"platforms":965,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_GOOGLE_SECURITY-RESEARCH","Security Research","github","https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj","poc",0.3,false,[],[],[],[969,971,973,975,977,979,981,983,985,987,989,991,993,995,997,999,1001,1003,1005,1007,1009,1011,1013,1015,1017,1019,1021,1023,1025,1027,1029,1031,1033],{"_key":970},"SUSE-SU-2022:3584-1",{"_key":972},"SUSE-SU-2022:3809-1",{"_key":974},"SUSE-SU-2022:3586-1",{"_key":976},"SUSE-SU-2022:3587-1",{"_key":978},"SUSE-SU-2022:3599-1",{"_key":980},"SUSE-SU-2022:3688-1",{"_key":982},"SUSE-SU-2022:3704-1",{"_key":984},"SUSE-SU-2022:3779-1",{"_key":986},"SUSE-SU-2022:3810-1",{"_key":988},"SUSE-SU-2022:3609-1",{"_key":990},"SUSE-SU-2022:3693-1",{"_key":992},"SUSE-SU-2022:3775-1",{"_key":994},"RHSA-2022:7444",{"_key":996},"RHSA-2022:7933",{"_key":998},"RHSA-2022:7683",{"_key":1000},"RHSA-2022:8267",{"_key":1002},"DEBIAN-CVE-2022-2503",{"_key":1004},"RHSA-2023:5627",{"_key":1006},"UBUNTU-CVE-2022-2503",{"_key":1008},"USN-5622-1",{"_key":1010},"USN-5630-1",{"_key":1012},"USN-5639-1",{"_key":1014},"USN-5647-1",{"_key":1016},"USN-5654-1",{"_key":1018},"USN-5660-1",{"_key":1020},"USN-6001-1",{"_key":1022},"USN-6013-1",{"_key":1024},"USN-6014-1",{"_key":1026},"USN-5594-1",{"_key":1028},"USN-5599-1",{"_key":1030},"USN-5602-1",{"_key":1032},"USN-5616-1",{"_key":1034},"USN-5623-1",[],[1037,1038,1039,1040,1041,1042,1043,1044,1045,1046,1047,1048],{"_key":970},{"_key":972},{"_key":974},{"_key":976},{"_key":978},{"_key":980},{"_key":982},{"_key":984},{"_key":986},{"_key":988},{"_key":990},{"_key":992},"2022-08-12T00:00:00.000Z","2025-04-21T13:50:47.533Z","Modified",{"cisa_kev":964,"cisa_ransomware":964,"cisa_vendor":9,"epss_severity":1053,"epss_score":1054,"severity":1055,"severity_score":1056,"severity_version":1057,"severity_source":1058,"severity_vector":1059,"severity_status":1051},"low",0.00005,"medium",6.9,"v3.1","cve.org","CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",[1061,1069],{"url":1062,"sources":1063,"tags":1065},"https://github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m",[1058,1064],"nvd",[1066,1067,1068],"Exploit","Patch","Third Party Advisory",{"url":1070,"sources":1071,"tags":1072},"https://security.netapp.com/advisory/ntap-20230214-0005/",[1058,1064],[],[],{"date":1075,"score":1054,"percentile":1076},"2026-06-03",0.00218,[1078,1082,1084,1086,1088,1091,1093,1095,1098,1100,1102,1104,1106,1108,1110,1114,1117,1120,1122,1124,1126,1129,1131,1133,1135,1137,1139,1141,1143,1145,1147,1149,1151,1153,1155,1157,1159,1161,1163,1165,1168,1171,1173,1176,1179,1182,1184,1186,1188,1190,1192,1195,1197,1199,1201,1203,1205,1207,1210,1213,1215,1218,1221,1224,1227,1229,1231,1234,1236,1238,1240,1242,1244,1246,1249,1252,1254,1257,1259,1262,1264,1266,1268,1271,1273,1275,1277,1279,1282,1284],{"date":1079,"score":1080,"percentile":1081},"2025-11-04",0.00004,0.00144,{"date":1083,"score":1080,"percentile":1081},"2025-11-05",{"date":1085,"score":1080,"percentile":1081},"2025-11-06",{"date":1087,"score":1080,"percentile":1081},"2025-11-07",{"date":1089,"score":1080,"percentile":1090},"2025-11-08",0.00145,{"date":1092,"score":1080,"percentile":1090},"2025-11-09",{"date":1094,"score":1080,"percentile":1081},"2025-11-10",{"date":1096,"score":1080,"percentile":1097},"2025-11-11",0.00146,{"date":1099,"score":1080,"percentile":1097},"2025-11-12",{"date":1101,"score":1080,"percentile":1097},"2025-11-13",{"date":1103,"score":1080,"percentile":1097},"2025-11-14",{"date":1105,"score":1080,"percentile":1097},"2025-11-15",{"date":1107,"score":1080,"percentile":1097},"2025-11-16",{"date":1109,"score":1080,"percentile":1097},"2025-11-17",{"date":1111,"score":1112,"percentile":1113},"2025-11-18",0.00051,0.11127,{"date":1115,"score":1112,"percentile":1116},"2025-11-19",0.11144,{"date":1118,"score":1112,"percentile":1119},"2025-11-20",0.11167,{"date":1121,"score":1080,"percentile":1090},"2025-11-21",{"date":1123,"score":1080,"percentile":1081},"2025-11-22",{"date":1125,"score":1080,"percentile":1081},"2025-11-23",{"date":1127,"score":1080,"percentile":1128},"2025-11-24",0.00143,{"date":1130,"score":1080,"percentile":1128},"2025-11-25",{"date":1132,"score":1080,"percentile":1128},"2025-11-26",{"date":1134,"score":1080,"percentile":1128},"2025-11-27",{"date":1136,"score":1080,"percentile":1081},"2025-11-28",{"date":1138,"score":1080,"percentile":1090},"2025-11-29",{"date":1140,"score":1080,"percentile":1090},"2025-11-30",{"date":1142,"score":1080,"percentile":1081},"2025-12-01",{"date":1144,"score":1080,"percentile":1128},"2025-12-02",{"date":1146,"score":1080,"percentile":1081},"2025-12-03",{"date":1148,"score":1080,"percentile":1081},"2025-12-04",{"date":1150,"score":1080,"percentile":1081},"2025-12-05",{"date":1152,"score":1080,"percentile":1081},"2025-12-06",{"date":1154,"score":1080,"percentile":1128},"2025-12-07",{"date":1156,"score":1080,"percentile":1128},"2025-12-08",{"date":1158,"score":1080,"percentile":1081},"2025-12-09",{"date":1160,"score":1080,"percentile":1128},"2025-12-10",{"date":1162,"score":1080,"percentile":1128},"2025-12-11",{"date":1164,"score":1080,"percentile":1081},"2025-12-12",{"date":1166,"score":1054,"percentile":1167},"2025-12-13",0.00251,{"date":1169,"score":1054,"percentile":1170},"2025-12-14",0.00243,{"date":1172,"score":1054,"percentile":1170},"2025-12-15",{"date":1174,"score":1054,"percentile":1175},"2025-12-16",0.00244,{"date":1177,"score":1054,"percentile":1178},"2025-12-17",0.0024,{"date":1180,"score":1054,"percentile":1181},"2025-12-18",0.00241,{"date":1183,"score":1054,"percentile":1178},"2025-12-19",{"date":1185,"score":1054,"percentile":1178},"2025-12-20",{"date":1187,"score":1054,"percentile":1178},"2025-12-21",{"date":1189,"score":1054,"percentile":1178},"2025-12-22",{"date":1191,"score":1054,"percentile":1181},"2025-12-23",{"date":1193,"score":1054,"percentile":1194},"2025-12-24",0.00239,{"date":1196,"score":1054,"percentile":1178},"2025-12-25",{"date":1198,"score":1054,"percentile":1178},"2025-12-26",{"date":1200,"score":1054,"percentile":1175},"2025-12-27",{"date":1202,"score":1054,"percentile":1178},"2025-12-28",{"date":1204,"score":1054,"percentile":1178},"2025-12-29",{"date":1206,"score":1054,"percentile":1178},"2025-12-30",{"date":1208,"score":1054,"percentile":1209},"2025-12-31",0.00229,{"date":1211,"score":1054,"percentile":1212},"2026-01-01",0.00231,{"date":1214,"score":1054,"percentile":1212},"2026-01-02",{"date":1216,"score":1054,"percentile":1217},"2026-01-03",0.0023,{"date":1219,"score":1054,"percentile":1220},"2026-01-04",0.00223,{"date":1222,"score":1054,"percentile":1223},"2026-01-05",0.00222,{"date":1225,"score":1054,"percentile":1226},"2026-01-06",0.00221,{"date":1228,"score":1054,"percentile":1226},"2026-01-07",{"date":1230,"score":1054,"percentile":1226},"2026-01-08",{"date":1232,"score":1054,"percentile":1233},"2026-01-09",0.00227,{"date":1235,"score":1054,"percentile":1233},"2026-01-10",{"date":1237,"score":1054,"percentile":1233},"2026-01-11",{"date":1239,"score":1054,"percentile":1223},"2026-01-12",{"date":1241,"score":1054,"percentile":1223},"2026-01-13",{"date":1243,"score":1054,"percentile":1223},"2026-01-14",{"date":1245,"score":1054,"percentile":1223},"2026-01-15",{"date":1247,"score":1054,"percentile":1248},"2026-01-16",0.00225,{"date":1250,"score":1054,"percentile":1251},"2026-01-17",0.00224,{"date":1253,"score":1054,"percentile":1248},"2026-01-18",{"date":1255,"score":1080,"percentile":1256},"2026-01-19",0.00156,{"date":1258,"score":1080,"percentile":1256},"2026-01-20",{"date":1260,"score":1080,"percentile":1261},"2026-01-21",0.00155,{"date":1263,"score":1080,"percentile":1261},"2026-01-22",{"date":1265,"score":1080,"percentile":1261},"2026-01-23",{"date":1267,"score":1080,"percentile":1261},"2026-01-24",{"date":1269,"score":1080,"percentile":1270},"2026-01-25",0.00154,{"date":1272,"score":1080,"percentile":1270},"2026-01-26",{"date":1274,"score":1080,"percentile":1261},"2026-01-27",{"date":1276,"score":1080,"percentile":1261},"2026-01-28",{"date":1278,"score":1080,"percentile":1261},"2026-01-29",{"date":1280,"score":1080,"percentile":1281},"2026-01-30",0.00157,{"date":1283,"score":1080,"percentile":1261},"2026-01-31",{"date":1285,"score":1080,"percentile":1256},"2026-02-01",[1287,1292],{"source":1058,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":1288,"cvss_v4_0":9},{"baseScore":1056,"baseSeverity":1289,"vectorString":1059,"impactScore":1290,"exploitabilityScore":1291},"MEDIUM",9.7,1.5,{"source":1064,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":1293,"cvss_v4_0":9},{"baseScore":1294,"baseSeverity":1289,"vectorString":1295,"impactScore":1296,"exploitabilityScore":1297},6.7,"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",9.8,2.1,[1299,1311],{"ecosystem":9,"name":1300,"vendor":1301,"product":1301,"cpe_part":1302,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1303},"Linux Kernel","linux kernel","a",[1304],{"version":1305,"is_range":1306,"range_type":1058,"version_start":1307,"version_start_type":1308,"version_end":1309,"version_end_type":1310,"fixed_in":9},">= unspecified, \u003C 4caae58406f8ceb741603eee460d79bacca9b1b5",true,"unspecified","including","4caae58406f8ceb741603eee460d79bacca9b1b5","excluding",{"ecosystem":9,"name":1301,"vendor":1312,"product":1313,"cpe_part":1314,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1315},"linux","linux_kernel","o",[1316],{"version":1317,"is_range":1306,"range_type":1318,"version_start":9,"version_start_type":9,"version_end":1319,"version_end_type":1310,"fixed_in":9},"lt5.19","cpe","5.19"]