regscale-cli 6.19.1.0__py3-none-any.whl → 6.20.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of regscale-cli might be problematic. Click here for more details.

Files changed (36) hide show
  1. regscale/__init__.py +1 -1
  2. regscale/airflow/config.py +2 -0
  3. regscale/airflow/tasks/groups.py +11 -47
  4. regscale/core/app/internal/login.py +49 -43
  5. regscale/core/app/internal/model_editor.py +2 -1
  6. regscale/dev/code_gen.py +2 -5
  7. regscale/integrations/commercial/amazon/common.py +5 -4
  8. regscale/integrations/commercial/aws/scanner.py +3 -2
  9. regscale/integrations/commercial/synqly/assets.py +20 -0
  10. regscale/integrations/commercial/synqly/ticketing.py +25 -0
  11. regscale/integrations/commercial/wizv2/click.py +3 -3
  12. regscale/integrations/public/fedramp/appendix_parser.py +499 -104
  13. regscale/integrations/public/fedramp/fedramp_five.py +89 -43
  14. regscale/integrations/scanner_integration.py +1 -1
  15. regscale/models/app_models/import_validater.py +2 -0
  16. regscale/models/integration_models/cisa_kev_data.json +355 -27
  17. regscale/models/integration_models/flat_file_importer/__init__.py +26 -9
  18. regscale/models/integration_models/synqly_models/capabilities.json +1 -1
  19. regscale/models/regscale_models/__init__.py +5 -0
  20. regscale/models/regscale_models/business_impact_assessment.py +71 -0
  21. regscale/models/regscale_models/control_implementation.py +15 -0
  22. regscale/models/regscale_models/master_assessment.py +19 -0
  23. regscale/models/regscale_models/policy.py +90 -0
  24. regscale/models/regscale_models/question.py +30 -2
  25. regscale/models/regscale_models/questionnaire.py +4 -3
  26. regscale/models/regscale_models/questionnaire_instance.py +37 -14
  27. regscale/models/regscale_models/rbac.py +0 -1
  28. regscale/models/regscale_models/regscale_model.py +16 -15
  29. regscale/models/regscale_models/risk_trend.py +67 -0
  30. regscale/utils/graphql_client.py +2 -1
  31. {regscale_cli-6.19.1.0.dist-info → regscale_cli-6.20.0.0.dist-info}/METADATA +130 -71
  32. {regscale_cli-6.19.1.0.dist-info → regscale_cli-6.20.0.0.dist-info}/RECORD +36 -33
  33. {regscale_cli-6.19.1.0.dist-info → regscale_cli-6.20.0.0.dist-info}/LICENSE +0 -0
  34. {regscale_cli-6.19.1.0.dist-info → regscale_cli-6.20.0.0.dist-info}/WHEEL +0 -0
  35. {regscale_cli-6.19.1.0.dist-info → regscale_cli-6.20.0.0.dist-info}/entry_points.txt +0 -0
  36. {regscale_cli-6.19.1.0.dist-info → regscale_cli-6.20.0.0.dist-info}/top_level.txt +0 -0
regscale/models/integration_models/cisa_kev_data.json CHANGED
@@ -1,9 +1,337 @@
1
1
  {
2
2
  "title": "CISA Catalog of Known Exploited Vulnerabilities",
3
- "catalogVersion": "2025.04.25",
4
- "dateReleased": "2025-04-25T18:02:32.6749Z",
5
- "count": 1323,
3
+ "catalogVersion": "2025.05.15",
4
+ "dateReleased": "2025-05-15T17:04:05.6633Z",
5
+ "count": 1345,
6
6
  "vulnerabilities": [
7
+ {
8
+ "cveID": "CVE-2025-42999",
9
+ "vendorProject": "SAP",
10
+ "product": "NetWeaver",
11
+ "vulnerabilityName": "SAP NetWeaver Deserialization Vulnerability",
12
+ "dateAdded": "2025-05-15",
13
+ "shortDescription": "SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, integrity, and availability of the host system by deserializing untrusted or malicious content.",
14
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
15
+ "dueDate": "2025-06-05",
16
+ "knownRansomwareCampaignUse": "Unknown",
17
+ "notes": "SAP users must have an account to log in and access the patch: https:\/\/me.sap.com\/notes\/3604119 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-42999",
18
+ "cwes": [
19
+ "CWE-502"
20
+ ]
21
+ },
22
+ {
23
+ "cveID": "CVE-2024-12987",
24
+ "vendorProject": "DrayTek",
25
+ "product": "Vigor Routers",
26
+ "vulnerabilityName": "DrayTek Vigor Routers OS Command Injection Vulnerability",
27
+ "dateAdded": "2025-05-15",
28
+ "shortDescription": "DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown function of the file \/cgi-bin\/mainfunction.cgi\/apmcfgupload of the component web management interface.",
29
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
30
+ "dueDate": "2025-06-05",
31
+ "knownRansomwareCampaignUse": "Unknown",
32
+ "notes": "https:\/\/fw.draytek.com.tw\/Vigor2960\/Firmware\/v1.5.1.5\/DrayTek_Vigor2960_V1.5.1.5_01release-note.pdf ; https:\/\/fw.draytek.com.tw\/Vigor300B\/Firmware\/v1.5.1.5\/DrayTek_Vigor300B_V1.5.1.5_01release-note.pdf ; https:\/\/fw.draytek.com.tw\/Vigor3900\/Firmware\/v1.5.1.5\/DrayTek_Vigor3900_V1.5.1.5_01release-note.pdf ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-12987",
33
+ "cwes": [
34
+ "CWE-78"
35
+ ]
36
+ },
37
+ {
38
+ "cveID": "CVE-2025-4664",
39
+ "vendorProject": "Google",
40
+ "product": "Chromium",
41
+ "vulnerabilityName": "Google Chromium Loader Insufficient Policy Enforcement Vulnerability",
42
+ "dateAdded": "2025-05-15",
43
+ "shortDescription": "Google Chromium contains an insufficient policy enforcement vulnerability that allows a remote attacker to leak cross-origin data via a crafted HTML page.",
44
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
45
+ "dueDate": "2025-06-05",
46
+ "knownRansomwareCampaignUse": "Unknown",
47
+ "notes": "https:\/\/chromereleases.googleblog.com\/2025\/05\/stable-channel-update-for-desktop_14.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-4664",
48
+ "cwes": [
49
+ "CWE-346"
50
+ ]
51
+ },
52
+ {
53
+ "cveID": "CVE-2025-32756",
54
+ "vendorProject": "Fortinet",
55
+ "product": "Multiple Products",
56
+ "vulnerabilityName": "Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability",
57
+ "dateAdded": "2025-05-14",
58
+ "shortDescription": "Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests.",
59
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
60
+ "dueDate": "2025-06-04",
61
+ "knownRansomwareCampaignUse": "Unknown",
62
+ "notes": "https:\/\/fortiguard.fortinet.com\/psirt\/FG-IR-25-254 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-32756",
63
+ "cwes": [
64
+ "CWE-124"
65
+ ]
66
+ },
67
+ {
68
+ "cveID": "CVE-2025-32709",
69
+ "vendorProject": "Microsoft",
70
+ "product": "Windows",
71
+ "vulnerabilityName": "Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability",
72
+ "dateAdded": "2025-05-13",
73
+ "shortDescription": "Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to administrator.",
74
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
75
+ "dueDate": "2025-06-03",
76
+ "knownRansomwareCampaignUse": "Unknown",
77
+ "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-32709 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-32709",
78
+ "cwes": [
79
+ "CWE-416"
80
+ ]
81
+ },
82
+ {
83
+ "cveID": "CVE-2025-30397",
84
+ "vendorProject": "Microsoft",
85
+ "product": "Windows",
86
+ "vulnerabilityName": "Microsoft Windows Scripting Engine Type Confusion Vulnerability",
87
+ "dateAdded": "2025-05-13",
88
+ "shortDescription": "Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL.",
89
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
90
+ "dueDate": "2025-06-03",
91
+ "knownRansomwareCampaignUse": "Unknown",
92
+ "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-30397 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-30397",
93
+ "cwes": [
94
+ "CWE-843"
95
+ ]
96
+ },
97
+ {
98
+ "cveID": "CVE-2025-32706",
99
+ "vendorProject": "Microsoft",
100
+ "product": "Windows",
101
+ "vulnerabilityName": "Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability",
102
+ "dateAdded": "2025-05-13",
103
+ "shortDescription": "Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows an authorized attacker to elevate privileges locally.",
104
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
105
+ "dueDate": "2025-06-03",
106
+ "knownRansomwareCampaignUse": "Unknown",
107
+ "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-32706 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-32706",
108
+ "cwes": [
109
+ "CWE-122"
110
+ ]
111
+ },
112
+ {
113
+ "cveID": "CVE-2025-32701",
114
+ "vendorProject": "Microsoft",
115
+ "product": "Windows",
116
+ "vulnerabilityName": "Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability",
117
+ "dateAdded": "2025-05-13",
118
+ "shortDescription": "Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.",
119
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
120
+ "dueDate": "2025-06-03",
121
+ "knownRansomwareCampaignUse": "Unknown",
122
+ "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-32701 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-32701",
123
+ "cwes": [
124
+ "CWE-416"
125
+ ]
126
+ },
127
+ {
128
+ "cveID": "CVE-2025-30400",
129
+ "vendorProject": "Microsoft",
130
+ "product": "Windows",
131
+ "vulnerabilityName": "Microsoft Windows DWM Core Library Use-After-Free Vulnerability",
132
+ "dateAdded": "2025-05-13",
133
+ "shortDescription": "Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.",
134
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
135
+ "dueDate": "2025-06-03",
136
+ "knownRansomwareCampaignUse": "Unknown",
137
+ "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-30400 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-30400",
138
+ "cwes": [
139
+ "CWE-416"
140
+ ]
141
+ },
142
+ {
143
+ "cveID": "CVE-2025-47729",
144
+ "vendorProject": "TeleMessage",
145
+ "product": "TM SGNL",
146
+ "vulnerabilityName": "TeleMessage TM SGNL Hidden Functionality Vulnerability",
147
+ "dateAdded": "2025-05-12",
148
+ "shortDescription": "TeleMessage TM SGNL contains a hidden functionality vulnerability in which the archiving backend holds cleartext copies of messages from TM SGNL application users.",
149
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
150
+ "dueDate": "2025-06-02",
151
+ "knownRansomwareCampaignUse": "Unknown",
152
+ "notes": "Apply mitigations per vendor instructions. Absent mitigating instructions from the vendor, discontinue use of the product. ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-47729",
153
+ "cwes": [
154
+ "CWE-912"
155
+ ]
156
+ },
157
+ {
158
+ "cveID": "CVE-2024-11120",
159
+ "vendorProject": "GeoVision",
160
+ "product": "Multiple Devices",
161
+ "vulnerabilityName": "GeoVision Devices OS Command Injection Vulnerability",
162
+ "dateAdded": "2025-05-07",
163
+ "shortDescription": "Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
164
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
165
+ "dueDate": "2025-05-28",
166
+ "knownRansomwareCampaignUse": "Unknown",
167
+ "notes": "https:\/\/dlcdn.geovision.com.tw\/TechNotice\/CyberSecurity\/Security_Advisory_IP_Device_2024-11.pdf ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-11120",
168
+ "cwes": [
169
+ "CWE-78"
170
+ ]
171
+ },
172
+ {
173
+ "cveID": "CVE-2024-6047",
174
+ "vendorProject": "GeoVision",
175
+ "product": "Multiple Devices",
176
+ "vulnerabilityName": "GeoVision Devices OS Command Injection Vulnerability",
177
+ "dateAdded": "2025-05-07",
178
+ "shortDescription": "Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
179
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
180
+ "dueDate": "2025-05-28",
181
+ "knownRansomwareCampaignUse": "Unknown",
182
+ "notes": "https:\/\/dlcdn.geovision.com.tw\/TechNotice\/CyberSecurity\/Security_Advisory_IP_Device_2024-11.pdf ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-6047",
183
+ "cwes": [
184
+ "CWE-78"
185
+ ]
186
+ },
187
+ {
188
+ "cveID": "CVE-2025-27363",
189
+ "vendorProject": "FreeType",
190
+ "product": "FreeType",
191
+ "vulnerabilityName": "FreeType Out-of-Bounds Write Vulnerability",
192
+ "dateAdded": "2025-05-06",
193
+ "shortDescription": "FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files that may allow for arbitrary code execution.",
194
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
195
+ "dueDate": "2025-05-27",
196
+ "knownRansomwareCampaignUse": "Unknown",
197
+ "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https:\/\/source.android.com\/docs\/security\/bulletin\/2025-05-01 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-27363",
198
+ "cwes": [
199
+ "CWE-787"
200
+ ]
201
+ },
202
+ {
203
+ "cveID": "CVE-2025-3248",
204
+ "vendorProject": "Langflow",
205
+ "product": "Langflow",
206
+ "vulnerabilityName": "Langflow Missing Authentication Vulnerability",
207
+ "dateAdded": "2025-05-05",
208
+ "shortDescription": "Langflow contains a missing authentication vulnerability in the \/api\/v1\/validate\/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests.",
209
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
210
+ "dueDate": "2025-05-26",
211
+ "knownRansomwareCampaignUse": "Unknown",
212
+ "notes": "This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https:\/\/github.com\/advisories\/GHSA-c995-4fw3-j39m ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-3248",
213
+ "cwes": [
214
+ "CWE-306"
215
+ ]
216
+ },
217
+ {
218
+ "cveID": "CVE-2025-34028",
219
+ "vendorProject": "Commvault",
220
+ "product": "Command Center",
221
+ "vulnerabilityName": "Commvault Command Center Path Traversal Vulnerability",
222
+ "dateAdded": "2025-05-02",
223
+ "shortDescription": "Commvault Command Center contains a path traversal vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code.",
224
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
225
+ "dueDate": "2025-05-23",
226
+ "knownRansomwareCampaignUse": "Unknown",
227
+ "notes": "https:\/\/documentation.commvault.com\/securityadvisories\/CV_2025_04_1.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-34028",
228
+ "cwes": [
229
+ "CWE-22"
230
+ ]
231
+ },
232
+ {
233
+ "cveID": "CVE-2024-58136",
234
+ "vendorProject": "Yiiframework",
235
+ "product": "Yii",
236
+ "vulnerabilityName": "Yiiframework Yii Improper Protection of Alternate Path Vulnerability",
237
+ "dateAdded": "2025-05-02",
238
+ "shortDescription": "Yii Framework contains an improper protection of alternate path vulnerability that may allow a remote attacker to execute arbitrary code. This vulnerability could affect other products that implement Yii, including\u2014but not limited to\u2014Craft CMS, as represented by CVE-2025-32432.",
239
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
240
+ "dueDate": "2025-05-23",
241
+ "knownRansomwareCampaignUse": "Unknown",
242
+ "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https:\/\/www.yiiframework.com\/news\/709\/please-upgrade-to-yii-2-0-52 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-58136",
243
+ "cwes": [
244
+ "CWE-424"
245
+ ]
246
+ },
247
+ {
248
+ "cveID": "CVE-2024-38475",
249
+ "vendorProject": "Apache",
250
+ "product": "HTTP Server",
251
+ "vulnerabilityName": "Apache HTTP Server Improper Escaping of Output Vulnerability",
252
+ "dateAdded": "2025-05-01",
253
+ "shortDescription": "Apache HTTP Server contains an improper escaping of output vulnerability in mod_rewrite that allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally\/directly reachable by any URL, resulting in code execution or source code disclosure.",
254
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
255
+ "dueDate": "2025-05-22",
256
+ "knownRansomwareCampaignUse": "Unknown",
257
+ "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https:\/\/httpd.apache.org\/security\/vulnerabilities_24.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-38475",
258
+ "cwes": [
259
+ "CWE-116"
260
+ ]
261
+ },
262
+ {
263
+ "cveID": "CVE-2023-44221",
264
+ "vendorProject": "SonicWall",
265
+ "product": "SMA100 Appliances",
266
+ "vulnerabilityName": "SonicWall SMA100 Appliances OS Command Injection Vulnerability",
267
+ "dateAdded": "2025-05-01",
268
+ "shortDescription": "SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user.",
269
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
270
+ "dueDate": "2025-05-22",
271
+ "knownRansomwareCampaignUse": "Unknown",
272
+ "notes": "https:\/\/psirt.global.sonicwall.com\/vuln-detail\/SNWLID-2023-0018 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-44221",
273
+ "cwes": [
274
+ "CWE-78"
275
+ ]
276
+ },
277
+ {
278
+ "cveID": "CVE-2025-31324",
279
+ "vendorProject": "SAP",
280
+ "product": "NetWeaver",
281
+ "vulnerabilityName": "SAP NetWeaver Unrestricted File Upload Vulnerability",
282
+ "dateAdded": "2025-04-29",
283
+ "shortDescription": "SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.",
284
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
285
+ "dueDate": "2025-05-20",
286
+ "knownRansomwareCampaignUse": "Known",
287
+ "notes": "https:\/\/me.sap.com\/notes\/3594142 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-31324",
288
+ "cwes": [
289
+ "CWE-434"
290
+ ]
291
+ },
292
+ {
293
+ "cveID": "CVE-2025-1976",
294
+ "vendorProject": "Broadcom",
295
+ "product": "Brocade Fabric OS",
296
+ "vulnerabilityName": "Broadcom Brocade Fabric OS Code Injection Vulnerability",
297
+ "dateAdded": "2025-04-28",
298
+ "shortDescription": "Broadcom Brocade Fabric OS contains a code injection vulnerability that allows a local user with administrative privileges to execute arbitrary code with full root privileges.",
299
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
300
+ "dueDate": "2025-05-19",
301
+ "knownRansomwareCampaignUse": "Unknown",
302
+ "notes": "https:\/\/support.broadcom.com\/web\/ecx\/support-content-notification\/-\/external\/content\/SecurityAdvisories\/0\/25602 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-1976",
303
+ "cwes": [
304
+ "CWE-94"
305
+ ]
306
+ },
307
+ {
308
+ "cveID": "CVE-2025-42599",
309
+ "vendorProject": "Qualitia",
310
+ "product": "Active! Mail",
311
+ "vulnerabilityName": "Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability",
312
+ "dateAdded": "2025-04-28",
313
+ "shortDescription": "Qualitia Active! Mail contains a stack-based buffer overflow vulnerability that allows a remote, unauthenticated attacker to execute arbitrary or trigger a denial-of-service via a specially crafted request.",
314
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
315
+ "dueDate": "2025-05-19",
316
+ "knownRansomwareCampaignUse": "Unknown",
317
+ "notes": "https:\/\/www.qualitia.com\/jp\/news\/2025\/04\/18_1030.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-42599",
318
+ "cwes": [
319
+ "CWE-121"
320
+ ]
321
+ },
322
+ {
323
+ "cveID": "CVE-2025-3928",
324
+ "vendorProject": "Commvault",
325
+ "product": "Web Server",
326
+ "vulnerabilityName": "Commvault Web Server Unspecified Vulnerability",
327
+ "dateAdded": "2025-04-28",
328
+ "shortDescription": "Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells.",
329
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
330
+ "dueDate": "2025-05-19",
331
+ "knownRansomwareCampaignUse": "Unknown",
332
+ "notes": "https:\/\/documentation.commvault.com\/securityadvisories\/CV_2025_03_1.html; https:\/\/www.commvault.com\/blogs\/notice-security-advisory-update; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-3928 ",
333
+ "cwes": []
334
+ },
7
335
  {
8
336
  "cveID": "CVE-2025-24054",
9
337
  "vendorProject": "Microsoft",
@@ -138,14 +466,14 @@
138
466
  {
139
467
  "cveID": "CVE-2025-22457",
140
468
  "vendorProject": "Ivanti",
141
- "product": "Connect Secure, Policy Secure and ZTA Gateways",
142
- "vulnerabilityName": "Ivanti Connect Secure, Policy Secure and ZTA Gateways Stack-Based Buffer Overflow Vulnerability",
469
+ "product": "Connect Secure, Policy Secure, and ZTA Gateways",
470
+ "vulnerabilityName": "Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability",
143
471
  "dateAdded": "2025-04-04",
144
- "shortDescription": "Ivanti Connect Secure, Policy Secure and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. ",
472
+ "shortDescription": "Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. ",
145
473
  "requiredAction": "Apply mitigations as set forth in the CISA instructions linked below.",
146
474
  "dueDate": "2025-04-11",
147
- "knownRansomwareCampaignUse": "Unknown",
148
- "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/cisa-mitigation-instructions-cve-2025-22457 ; Additional References: https:\/\/forums.ivanti.com\/s\/article\/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457) ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-22457",
475
+ "knownRansomwareCampaignUse": "Known",
476
+ "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/cisa-mitigation-instructions-cve-2025-22457 ; Additional References: https:\/\/forums.ivanti.com\/s\/article\/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-22457",
149
477
  "cwes": [
150
478
  "CWE-121"
151
479
  ]
@@ -160,7 +488,7 @@
160
488
  "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
161
489
  "dueDate": "2025-04-22",
162
490
  "knownRansomwareCampaignUse": "Unknown",
163
- "notes": "https:\/\/lists.apache.org\/thread\/j5fkjv2k477os90nczf2v9l61fb0kkgq ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24813",
491
+ "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https:\/\/lists.apache.org\/thread\/j5fkjv2k477os90nczf2v9l61fb0kkgq ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24813",
164
492
  "cwes": [
165
493
  "CWE-44",
166
494
  "CWE-502"
@@ -1043,7 +1371,7 @@
1043
1371
  "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
1044
1372
  "dueDate": "2025-02-25",
1045
1373
  "knownRansomwareCampaignUse": "Unknown",
1046
- "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https:\/\/ofbiz.apache.org\/security.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-45195",
1374
+ "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https:\/\/ofbiz.apache.org\/security.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-45195",
1047
1375
  "cwes": [
1048
1376
  "CWE-425"
1049
1377
  ]
@@ -1072,7 +1400,7 @@
1072
1400
  "shortDescription": "SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands.",
1073
1401
  "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
1074
1402
  "dueDate": "2025-02-14",
1075
- "knownRansomwareCampaignUse": "Unknown",
1403
+ "knownRansomwareCampaignUse": "Known",
1076
1404
  "notes": "https:\/\/psirt.global.sonicwall.com\/vuln-detail\/SNWLID-2025-0002 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-23006",
1077
1405
  "cwes": [
1078
1406
  "CWE-502"
@@ -1207,7 +1535,7 @@
1207
1535
  "shortDescription": "Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.",
1208
1536
  "requiredAction": "Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.",
1209
1537
  "dueDate": "2025-01-15",
1210
- "knownRansomwareCampaignUse": "Unknown",
1538
+ "knownRansomwareCampaignUse": "Known",
1211
1539
  "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/cisa-mitigation-instructions-CVE-2025-0282 Additional References: https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-0282",
1212
1540
  "cwes": [
1213
1541
  "CWE-121"
@@ -1235,7 +1563,7 @@
1235
1563
  "shortDescription": "Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated, remote attacker to read arbitrary files on the server.",
1236
1564
  "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
1237
1565
  "dueDate": "2025-01-28",
1238
- "knownRansomwareCampaignUse": "Unknown",
1566
+ "knownRansomwareCampaignUse": "Known",
1239
1567
  "notes": "https:\/\/www.mitel.com\/support\/security-advisories\/mitel-product-security-advisory-misa-2024-0029 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-55550",
1240
1568
  "cwes": [
1241
1569
  "CWE-22"
@@ -1250,7 +1578,7 @@
1250
1578
  "shortDescription": "Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized and unauthenticated access. This vulnerability can be chained with CVE-2024-55550, which allows an unauthenticated, remote attacker to read arbitrary files on the server.",
1251
1579
  "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
1252
1580
  "dueDate": "2025-01-28",
1253
- "knownRansomwareCampaignUse": "Unknown",
1581
+ "knownRansomwareCampaignUse": "Known",
1254
1582
  "notes": "https:\/\/www.mitel.com\/support\/security-advisories\/mitel-product-security-advisory-misa-2024-0029 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-41713 ",
1255
1583
  "cwes": [
1256
1584
  "CWE-22"
@@ -1609,7 +1937,7 @@
1609
1937
  "shortDescription": "Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.",
1610
1938
  "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.",
1611
1939
  "dueDate": "2024-12-09",
1612
- "knownRansomwareCampaignUse": "Unknown",
1940
+ "knownRansomwareCampaignUse": "Known",
1613
1941
  "notes": "https:\/\/security.paloaltonetworks.com\/CVE-2024-0012 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-0012",
1614
1942
  "cwes": [
1615
1943
  "CWE-306"
@@ -2205,7 +2533,7 @@
2205
2533
  "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
2206
2534
  "dueDate": "2024-10-09",
2207
2535
  "knownRansomwareCampaignUse": "Unknown",
2208
- "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https:\/\/lists.apache.org\/thread\/nx6g6htyhpgtzsocybm242781o8w5kq9 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-27348",
2536
+ "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https:\/\/lists.apache.org\/thread\/nx6g6htyhpgtzsocybm242781o8w5kq9 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-27348",
2209
2537
  "cwes": [
2210
2538
  "CWE-284"
2211
2539
  ]
@@ -4851,7 +5179,7 @@
4851
5179
  "shortDescription": "Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert\/maintenance\/diagnostic\/nslookup URI.",
4852
5180
  "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
4853
5181
  "dueDate": "2023-10-09",
4854
- "knownRansomwareCampaignUse": "Unknown",
5182
+ "knownRansomwareCampaignUse": "Known",
4855
5183
  "notes": "https:\/\/www.zyxel.com\/global\/en\/support\/security-advisories\/zyxel-security-advisory-for-command-injection-vulnerability-in-emg2926-q10a-ethernet-cpe, https:\/\/www.zyxelguard.com\/Zyxel-EOL.asp; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-6884",
4856
5184
  "cwes": [
4857
5185
  "CWE-78"
@@ -6992,7 +7320,7 @@
6992
7320
  "shortDescription": "Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.",
6993
7321
  "requiredAction": "Apply updates per vendor instructions.",
6994
7322
  "dueDate": "2022-12-09",
6995
- "knownRansomwareCampaignUse": "Unknown",
7323
+ "knownRansomwareCampaignUse": "Known",
6996
7324
  "notes": "https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2022-41091; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-41091",
6997
7325
  "cwes": [
6998
7326
  "CWE-863"
@@ -7697,7 +8025,7 @@
7697
8025
  "shortDescription": "WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome.",
7698
8026
  "requiredAction": "Apply updates per vendor instructions.",
7699
8027
  "dueDate": "2022-09-15",
7700
- "knownRansomwareCampaignUse": "Unknown",
8028
+ "knownRansomwareCampaignUse": "Known",
7701
8029
  "notes": "https:\/\/groups.google.com\/g\/discuss-webrtc\/c\/5KBtZx2gvcQ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-2294",
7702
8030
  "cwes": [
7703
8031
  "CWE-122"
@@ -8148,7 +8476,7 @@
8148
8476
  "shortDescription": "A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.",
8149
8477
  "requiredAction": "Apply updates per vendor instructions.",
8150
8478
  "dueDate": "2022-07-05",
8151
- "knownRansomwareCampaignUse": "Unknown",
8479
+ "knownRansomwareCampaignUse": "Known",
8152
8480
  "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-30190",
8153
8481
  "cwes": [
8154
8482
  "CWE-610"
@@ -11234,7 +11562,7 @@
11234
11562
  "shortDescription": "Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.",
11235
11563
  "requiredAction": "Apply updates per vendor instructions.",
11236
11564
  "dueDate": "2022-04-15",
11237
- "knownRansomwareCampaignUse": "Unknown",
11565
+ "knownRansomwareCampaignUse": "Known",
11238
11566
  "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-21999",
11239
11567
  "cwes": [
11240
11568
  "CWE-40",
@@ -13426,7 +13754,7 @@
13426
13754
  "shortDescription": "Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.",
13427
13755
  "requiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
13428
13756
  "dueDate": "2022-03-24",
13429
- "knownRansomwareCampaignUse": "Unknown",
13757
+ "knownRansomwareCampaignUse": "Known",
13430
13758
  "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2015-7645",
13431
13759
  "cwes": []
13432
13760
  },
@@ -13920,7 +14248,7 @@
13920
14248
  "shortDescription": "Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.",
13921
14249
  "requiredAction": "Apply updates per vendor instructions.",
13922
14250
  "dueDate": "2022-03-24",
13923
- "knownRansomwareCampaignUse": "Unknown",
14251
+ "knownRansomwareCampaignUse": "Known",
13924
14252
  "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2008-2992",
13925
14253
  "cwes": [
13926
14254
  "CWE-119"
@@ -15037,7 +15365,7 @@
15037
15365
  "shortDescription": "Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.",
15038
15366
  "requiredAction": "Apply updates per vendor instructions.",
15039
15367
  "dueDate": "2021-12-29",
15040
- "knownRansomwareCampaignUse": "Unknown",
15368
+ "knownRansomwareCampaignUse": "Known",
15041
15369
  "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-43890",
15042
15370
  "cwes": []
15043
15371
  },
@@ -16162,7 +16490,7 @@
16162
16490
  "shortDescription": "Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds.",
16163
16491
  "requiredAction": "Apply updates per vendor instructions.",
16164
16492
  "dueDate": "2022-05-03",
16165
- "knownRansomwareCampaignUse": "Unknown",
16493
+ "knownRansomwareCampaignUse": "Known",
16166
16494
  "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-11580",
16167
16495
  "cwes": []
16168
16496
  },
@@ -16578,7 +16906,7 @@
16578
16906
  "shortDescription": "GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.",
16579
16907
  "requiredAction": "Apply updates per vendor instructions.",
16580
16908
  "dueDate": "2021-11-17",
16581
- "knownRansomwareCampaignUse": "Unknown",
16909
+ "knownRansomwareCampaignUse": "Known",
16582
16910
  "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-22205",
16583
16911
  "cwes": [
16584
16912
  "CWE-20",
@@ -17243,7 +17571,7 @@
17243
17571
  "shortDescription": "Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.",
17244
17572
  "requiredAction": "Apply updates per vendor instructions.",
17245
17573
  "dueDate": "2022-05-03",
17246
- "knownRansomwareCampaignUse": "Unknown",
17574
+ "knownRansomwareCampaignUse": "Known",
17247
17575
  "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2014-1812",
17248
17576
  "cwes": [
17249
17577
  "CWE-255"