regscale-cli 6.19.2.0__py3-none-any.whl → 6.20.1.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of regscale-cli might be problematic. Click here for more details.
- regscale/__init__.py +1 -1
- regscale/airflow/config.py +2 -0
- regscale/airflow/tasks/groups.py +11 -47
- regscale/core/app/internal/login.py +49 -43
- regscale/core/app/internal/model_editor.py +2 -1
- regscale/dev/code_gen.py +2 -5
- regscale/integrations/commercial/synqly/assets.py +26 -0
- regscale/integrations/public/fedramp/appendix_parser.py +499 -104
- regscale/integrations/public/fedramp/fedramp_cis_crm.py +5 -3
- regscale/integrations/public/fedramp/fedramp_five.py +89 -43
- regscale/models/integration_models/cisa_kev_data.json +277 -22
- regscale/models/integration_models/synqly_models/capabilities.json +1 -1
- regscale/models/regscale_models/__init__.py +7 -0
- regscale/models/regscale_models/business_impact_assessment.py +71 -0
- regscale/models/regscale_models/control_implementation.py +15 -0
- regscale/models/regscale_models/evidence.py +72 -4
- regscale/models/regscale_models/evidence_mapping.py +1 -1
- regscale/models/regscale_models/master_assessment.py +19 -0
- regscale/models/regscale_models/policy.py +90 -0
- regscale/models/regscale_models/question.py +30 -2
- regscale/models/regscale_models/questionnaire.py +4 -3
- regscale/models/regscale_models/questionnaire_instance.py +37 -14
- regscale/models/regscale_models/rbac.py +0 -1
- regscale/models/regscale_models/risk_trend.py +67 -0
- regscale/models/regscale_models/task.py +14 -1
- {regscale_cli-6.19.2.0.dist-info → regscale_cli-6.20.1.0.dist-info}/METADATA +114 -55
- {regscale_cli-6.19.2.0.dist-info → regscale_cli-6.20.1.0.dist-info}/RECORD +31 -28
- {regscale_cli-6.19.2.0.dist-info → regscale_cli-6.20.1.0.dist-info}/LICENSE +0 -0
- {regscale_cli-6.19.2.0.dist-info → regscale_cli-6.20.1.0.dist-info}/WHEEL +0 -0
- {regscale_cli-6.19.2.0.dist-info → regscale_cli-6.20.1.0.dist-info}/entry_points.txt +0 -0
- {regscale_cli-6.19.2.0.dist-info → regscale_cli-6.20.1.0.dist-info}/top_level.txt +0 -0
|
@@ -1,9 +1,264 @@
|
|
|
1
1
|
{
|
|
2
2
|
"title": "CISA Catalog of Known Exploited Vulnerabilities",
|
|
3
|
-
"catalogVersion": "2025.05.
|
|
4
|
-
"dateReleased": "2025-05-
|
|
5
|
-
"count":
|
|
3
|
+
"catalogVersion": "2025.05.27",
|
|
4
|
+
"dateReleased": "2025-05-27T16:31:36.689Z",
|
|
5
|
+
"count": 1352,
|
|
6
6
|
"vulnerabilities": [
|
|
7
|
+
{
|
|
8
|
+
"cveID": "CVE-2025-4632",
|
|
9
|
+
"vendorProject": "Samsung",
|
|
10
|
+
"product": "MagicINFO 9 Server",
|
|
11
|
+
"vulnerabilityName": "Samsung MagicINFO 9 Server Path Traversal Vulnerability",
|
|
12
|
+
"dateAdded": "2025-05-22",
|
|
13
|
+
"shortDescription": "Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.",
|
|
14
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
15
|
+
"dueDate": "2025-06-12",
|
|
16
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
17
|
+
"notes": "https:\/\/security.samsungtv.com\/securityUpdates#SVP-MAY-2025 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-4632",
|
|
18
|
+
"cwes": [
|
|
19
|
+
"CWE-22"
|
|
20
|
+
]
|
|
21
|
+
},
|
|
22
|
+
{
|
|
23
|
+
"cveID": "CVE-2023-38950",
|
|
24
|
+
"vendorProject": "ZKTeco",
|
|
25
|
+
"product": "BioTime",
|
|
26
|
+
"vulnerabilityName": "ZKTeco BioTime Path Traversal Vulnerability",
|
|
27
|
+
"dateAdded": "2025-05-19",
|
|
28
|
+
"shortDescription": "ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to read arbitrary files via supplying a crafted payload.",
|
|
29
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
30
|
+
"dueDate": "2025-06-09",
|
|
31
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
32
|
+
"notes": "https:\/\/www.zkteco.com\/en\/Security_Bulletinsibs ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-38950",
|
|
33
|
+
"cwes": [
|
|
34
|
+
"CWE-22"
|
|
35
|
+
]
|
|
36
|
+
},
|
|
37
|
+
{
|
|
38
|
+
"cveID": "CVE-2024-27443",
|
|
39
|
+
"vendorProject": "Synacor",
|
|
40
|
+
"product": "Zimbra Collaboration Suite (ZCS)",
|
|
41
|
+
"vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability",
|
|
42
|
+
"dateAdded": "2025-05-19",
|
|
43
|
+
"shortDescription": "Zimbra Collaboration contains a cross-site scripting (XSS) vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this vulnerability via an email message containing a crafted calendar header, leading to the execution of arbitrary JavaScript code.",
|
|
44
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
45
|
+
"dueDate": "2025-06-09",
|
|
46
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
47
|
+
"notes": "https:\/\/wiki.zimbra.com\/wiki\/Zimbra_Releases\/8.8.15\/P46#Security_Fixes ; https:\/\/wiki.zimbra.com\/wiki\/Zimbra_Releases\/9.0.0\/P39#Security_Fixes ; https:\/\/wiki.zimbra.com\/wiki\/Zimbra_Releases\/10.0.7#Security_Fixes ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-27443",
|
|
48
|
+
"cwes": [
|
|
49
|
+
"CWE-79"
|
|
50
|
+
]
|
|
51
|
+
},
|
|
52
|
+
{
|
|
53
|
+
"cveID": "CVE-2025-27920",
|
|
54
|
+
"vendorProject": "Srimax",
|
|
55
|
+
"product": "Output Messenger",
|
|
56
|
+
"vulnerabilityName": "Srimax Output Messenger Directory Traversal Vulnerability",
|
|
57
|
+
"dateAdded": "2025-05-19",
|
|
58
|
+
"shortDescription": "Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.",
|
|
59
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
60
|
+
"dueDate": "2025-06-09",
|
|
61
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
62
|
+
"notes": "https:\/\/www.outputmessenger.com\/cve-2025-27920\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-27920",
|
|
63
|
+
"cwes": [
|
|
64
|
+
"CWE-22"
|
|
65
|
+
]
|
|
66
|
+
},
|
|
67
|
+
{
|
|
68
|
+
"cveID": "CVE-2024-11182",
|
|
69
|
+
"vendorProject": "MDaemon",
|
|
70
|
+
"product": "Email Server",
|
|
71
|
+
"vulnerabilityName": "MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability",
|
|
72
|
+
"dateAdded": "2025-05-19",
|
|
73
|
+
"shortDescription": "MDaemon Email Server contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message.",
|
|
74
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
75
|
+
"dueDate": "2025-06-09",
|
|
76
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
77
|
+
"notes": "https:\/\/files.mdaemon.com\/mdaemon\/beta\/RelNotes_en.html ; https:\/\/mdaemon.com\/pages\/downloads-critical-updates ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-11182",
|
|
78
|
+
"cwes": [
|
|
79
|
+
"CWE-79"
|
|
80
|
+
]
|
|
81
|
+
},
|
|
82
|
+
{
|
|
83
|
+
"cveID": "CVE-2025-4428",
|
|
84
|
+
"vendorProject": "Ivanti",
|
|
85
|
+
"product": "Endpoint Manager Mobile (EPMM)",
|
|
86
|
+
"vulnerabilityName": "Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability",
|
|
87
|
+
"dateAdded": "2025-05-19",
|
|
88
|
+
"shortDescription": "Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library.",
|
|
89
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
90
|
+
"dueDate": "2025-06-09",
|
|
91
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
92
|
+
"notes": "https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-4428",
|
|
93
|
+
"cwes": [
|
|
94
|
+
"CWE-94"
|
|
95
|
+
]
|
|
96
|
+
},
|
|
97
|
+
{
|
|
98
|
+
"cveID": "CVE-2025-4427",
|
|
99
|
+
"vendorProject": "Ivanti",
|
|
100
|
+
"product": "Endpoint Manager Mobile (EPMM)",
|
|
101
|
+
"vulnerabilityName": "Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability",
|
|
102
|
+
"dateAdded": "2025-05-19",
|
|
103
|
+
"shortDescription": "Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library.",
|
|
104
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
105
|
+
"dueDate": "2025-06-09",
|
|
106
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
107
|
+
"notes": "https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-4427",
|
|
108
|
+
"cwes": [
|
|
109
|
+
"CWE-288"
|
|
110
|
+
]
|
|
111
|
+
},
|
|
112
|
+
{
|
|
113
|
+
"cveID": "CVE-2025-42999",
|
|
114
|
+
"vendorProject": "SAP",
|
|
115
|
+
"product": "NetWeaver",
|
|
116
|
+
"vulnerabilityName": "SAP NetWeaver Deserialization Vulnerability",
|
|
117
|
+
"dateAdded": "2025-05-15",
|
|
118
|
+
"shortDescription": "SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, integrity, and availability of the host system by deserializing untrusted or malicious content.",
|
|
119
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
120
|
+
"dueDate": "2025-06-05",
|
|
121
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
122
|
+
"notes": "SAP users must have an account to log in and access the patch: https:\/\/me.sap.com\/notes\/3604119 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-42999",
|
|
123
|
+
"cwes": [
|
|
124
|
+
"CWE-502"
|
|
125
|
+
]
|
|
126
|
+
},
|
|
127
|
+
{
|
|
128
|
+
"cveID": "CVE-2024-12987",
|
|
129
|
+
"vendorProject": "DrayTek",
|
|
130
|
+
"product": "Vigor Routers",
|
|
131
|
+
"vulnerabilityName": "DrayTek Vigor Routers OS Command Injection Vulnerability",
|
|
132
|
+
"dateAdded": "2025-05-15",
|
|
133
|
+
"shortDescription": "DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown function of the file \/cgi-bin\/mainfunction.cgi\/apmcfgupload of the component web management interface.",
|
|
134
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
135
|
+
"dueDate": "2025-06-05",
|
|
136
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
137
|
+
"notes": "https:\/\/fw.draytek.com.tw\/Vigor2960\/Firmware\/v1.5.1.5\/DrayTek_Vigor2960_V1.5.1.5_01release-note.pdf ; https:\/\/fw.draytek.com.tw\/Vigor300B\/Firmware\/v1.5.1.5\/DrayTek_Vigor300B_V1.5.1.5_01release-note.pdf ; https:\/\/fw.draytek.com.tw\/Vigor3900\/Firmware\/v1.5.1.5\/DrayTek_Vigor3900_V1.5.1.5_01release-note.pdf ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-12987",
|
|
138
|
+
"cwes": [
|
|
139
|
+
"CWE-78"
|
|
140
|
+
]
|
|
141
|
+
},
|
|
142
|
+
{
|
|
143
|
+
"cveID": "CVE-2025-4664",
|
|
144
|
+
"vendorProject": "Google",
|
|
145
|
+
"product": "Chromium",
|
|
146
|
+
"vulnerabilityName": "Google Chromium Loader Insufficient Policy Enforcement Vulnerability",
|
|
147
|
+
"dateAdded": "2025-05-15",
|
|
148
|
+
"shortDescription": "Google Chromium contains an insufficient policy enforcement vulnerability that allows a remote attacker to leak cross-origin data via a crafted HTML page.",
|
|
149
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
150
|
+
"dueDate": "2025-06-05",
|
|
151
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
152
|
+
"notes": "https:\/\/chromereleases.googleblog.com\/2025\/05\/stable-channel-update-for-desktop_14.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-4664",
|
|
153
|
+
"cwes": [
|
|
154
|
+
"CWE-346"
|
|
155
|
+
]
|
|
156
|
+
},
|
|
157
|
+
{
|
|
158
|
+
"cveID": "CVE-2025-32756",
|
|
159
|
+
"vendorProject": "Fortinet",
|
|
160
|
+
"product": "Multiple Products",
|
|
161
|
+
"vulnerabilityName": "Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability",
|
|
162
|
+
"dateAdded": "2025-05-14",
|
|
163
|
+
"shortDescription": "Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests.",
|
|
164
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
165
|
+
"dueDate": "2025-06-04",
|
|
166
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
167
|
+
"notes": "https:\/\/fortiguard.fortinet.com\/psirt\/FG-IR-25-254 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-32756",
|
|
168
|
+
"cwes": [
|
|
169
|
+
"CWE-124"
|
|
170
|
+
]
|
|
171
|
+
},
|
|
172
|
+
{
|
|
173
|
+
"cveID": "CVE-2025-32709",
|
|
174
|
+
"vendorProject": "Microsoft",
|
|
175
|
+
"product": "Windows",
|
|
176
|
+
"vulnerabilityName": "Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability",
|
|
177
|
+
"dateAdded": "2025-05-13",
|
|
178
|
+
"shortDescription": "Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to administrator.",
|
|
179
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
180
|
+
"dueDate": "2025-06-03",
|
|
181
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
182
|
+
"notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-32709 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-32709",
|
|
183
|
+
"cwes": [
|
|
184
|
+
"CWE-416"
|
|
185
|
+
]
|
|
186
|
+
},
|
|
187
|
+
{
|
|
188
|
+
"cveID": "CVE-2025-30397",
|
|
189
|
+
"vendorProject": "Microsoft",
|
|
190
|
+
"product": "Windows",
|
|
191
|
+
"vulnerabilityName": "Microsoft Windows Scripting Engine Type Confusion Vulnerability",
|
|
192
|
+
"dateAdded": "2025-05-13",
|
|
193
|
+
"shortDescription": "Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL.",
|
|
194
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
195
|
+
"dueDate": "2025-06-03",
|
|
196
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
197
|
+
"notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-30397 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-30397",
|
|
198
|
+
"cwes": [
|
|
199
|
+
"CWE-843"
|
|
200
|
+
]
|
|
201
|
+
},
|
|
202
|
+
{
|
|
203
|
+
"cveID": "CVE-2025-32706",
|
|
204
|
+
"vendorProject": "Microsoft",
|
|
205
|
+
"product": "Windows",
|
|
206
|
+
"vulnerabilityName": "Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability",
|
|
207
|
+
"dateAdded": "2025-05-13",
|
|
208
|
+
"shortDescription": "Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows an authorized attacker to elevate privileges locally.",
|
|
209
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
210
|
+
"dueDate": "2025-06-03",
|
|
211
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
212
|
+
"notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-32706 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-32706",
|
|
213
|
+
"cwes": [
|
|
214
|
+
"CWE-122"
|
|
215
|
+
]
|
|
216
|
+
},
|
|
217
|
+
{
|
|
218
|
+
"cveID": "CVE-2025-32701",
|
|
219
|
+
"vendorProject": "Microsoft",
|
|
220
|
+
"product": "Windows",
|
|
221
|
+
"vulnerabilityName": "Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability",
|
|
222
|
+
"dateAdded": "2025-05-13",
|
|
223
|
+
"shortDescription": "Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.",
|
|
224
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
225
|
+
"dueDate": "2025-06-03",
|
|
226
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
227
|
+
"notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-32701 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-32701",
|
|
228
|
+
"cwes": [
|
|
229
|
+
"CWE-416"
|
|
230
|
+
]
|
|
231
|
+
},
|
|
232
|
+
{
|
|
233
|
+
"cveID": "CVE-2025-30400",
|
|
234
|
+
"vendorProject": "Microsoft",
|
|
235
|
+
"product": "Windows",
|
|
236
|
+
"vulnerabilityName": "Microsoft Windows DWM Core Library Use-After-Free Vulnerability",
|
|
237
|
+
"dateAdded": "2025-05-13",
|
|
238
|
+
"shortDescription": "Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.",
|
|
239
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
240
|
+
"dueDate": "2025-06-03",
|
|
241
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
242
|
+
"notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-30400 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-30400",
|
|
243
|
+
"cwes": [
|
|
244
|
+
"CWE-416"
|
|
245
|
+
]
|
|
246
|
+
},
|
|
247
|
+
{
|
|
248
|
+
"cveID": "CVE-2025-47729",
|
|
249
|
+
"vendorProject": "TeleMessage",
|
|
250
|
+
"product": "TM SGNL",
|
|
251
|
+
"vulnerabilityName": "TeleMessage TM SGNL Hidden Functionality Vulnerability",
|
|
252
|
+
"dateAdded": "2025-05-12",
|
|
253
|
+
"shortDescription": "TeleMessage TM SGNL contains a hidden functionality vulnerability in which the archiving backend holds cleartext copies of messages from TM SGNL application users.",
|
|
254
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
255
|
+
"dueDate": "2025-06-02",
|
|
256
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
257
|
+
"notes": "Apply mitigations per vendor instructions. Absent mitigating instructions from the vendor, discontinue use of the product. ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-47729",
|
|
258
|
+
"cwes": [
|
|
259
|
+
"CWE-912"
|
|
260
|
+
]
|
|
261
|
+
},
|
|
7
262
|
{
|
|
8
263
|
"cveID": "CVE-2024-11120",
|
|
9
264
|
"vendorProject": "GeoVision",
|
|
@@ -133,7 +388,7 @@
|
|
|
133
388
|
"shortDescription": "SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.",
|
|
134
389
|
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
135
390
|
"dueDate": "2025-05-20",
|
|
136
|
-
"knownRansomwareCampaignUse": "
|
|
391
|
+
"knownRansomwareCampaignUse": "Known",
|
|
137
392
|
"notes": "https:\/\/me.sap.com\/notes\/3594142 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-31324",
|
|
138
393
|
"cwes": [
|
|
139
394
|
"CWE-434"
|
|
@@ -322,7 +577,7 @@
|
|
|
322
577
|
"shortDescription": "Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. ",
|
|
323
578
|
"requiredAction": "Apply mitigations as set forth in the CISA instructions linked below.",
|
|
324
579
|
"dueDate": "2025-04-11",
|
|
325
|
-
"knownRansomwareCampaignUse": "
|
|
580
|
+
"knownRansomwareCampaignUse": "Known",
|
|
326
581
|
"notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/cisa-mitigation-instructions-cve-2025-22457 ; Additional References: https:\/\/forums.ivanti.com\/s\/article\/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-22457",
|
|
327
582
|
"cwes": [
|
|
328
583
|
"CWE-121"
|
|
@@ -967,7 +1222,7 @@
|
|
|
967
1222
|
"shortDescription": "SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords.",
|
|
968
1223
|
"requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
|
|
969
1224
|
"dueDate": "2025-03-06",
|
|
970
|
-
"knownRansomwareCampaignUse": "
|
|
1225
|
+
"knownRansomwareCampaignUse": "Known",
|
|
971
1226
|
"notes": "https:\/\/simple-help.com\/kb---security-vulnerabilities-01-2025 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-57727",
|
|
972
1227
|
"cwes": [
|
|
973
1228
|
"CWE-22"
|
|
@@ -1250,7 +1505,7 @@
|
|
|
1250
1505
|
"shortDescription": "SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands.",
|
|
1251
1506
|
"requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
|
|
1252
1507
|
"dueDate": "2025-02-14",
|
|
1253
|
-
"knownRansomwareCampaignUse": "
|
|
1508
|
+
"knownRansomwareCampaignUse": "Known",
|
|
1254
1509
|
"notes": "https:\/\/psirt.global.sonicwall.com\/vuln-detail\/SNWLID-2025-0002 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-23006",
|
|
1255
1510
|
"cwes": [
|
|
1256
1511
|
"CWE-502"
|
|
@@ -1385,7 +1640,7 @@
|
|
|
1385
1640
|
"shortDescription": "Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.",
|
|
1386
1641
|
"requiredAction": "Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.",
|
|
1387
1642
|
"dueDate": "2025-01-15",
|
|
1388
|
-
"knownRansomwareCampaignUse": "
|
|
1643
|
+
"knownRansomwareCampaignUse": "Known",
|
|
1389
1644
|
"notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/cisa-mitigation-instructions-CVE-2025-0282 Additional References: https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-0282",
|
|
1390
1645
|
"cwes": [
|
|
1391
1646
|
"CWE-121"
|
|
@@ -1413,7 +1668,7 @@
|
|
|
1413
1668
|
"shortDescription": "Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated, remote attacker to read arbitrary files on the server.",
|
|
1414
1669
|
"requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
|
|
1415
1670
|
"dueDate": "2025-01-28",
|
|
1416
|
-
"knownRansomwareCampaignUse": "
|
|
1671
|
+
"knownRansomwareCampaignUse": "Known",
|
|
1417
1672
|
"notes": "https:\/\/www.mitel.com\/support\/security-advisories\/mitel-product-security-advisory-misa-2024-0029 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-55550",
|
|
1418
1673
|
"cwes": [
|
|
1419
1674
|
"CWE-22"
|
|
@@ -1428,7 +1683,7 @@
|
|
|
1428
1683
|
"shortDescription": "Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized and unauthenticated access. This vulnerability can be chained with CVE-2024-55550, which allows an unauthenticated, remote attacker to read arbitrary files on the server.",
|
|
1429
1684
|
"requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
|
|
1430
1685
|
"dueDate": "2025-01-28",
|
|
1431
|
-
"knownRansomwareCampaignUse": "
|
|
1686
|
+
"knownRansomwareCampaignUse": "Known",
|
|
1432
1687
|
"notes": "https:\/\/www.mitel.com\/support\/security-advisories\/mitel-product-security-advisory-misa-2024-0029 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-41713 ",
|
|
1433
1688
|
"cwes": [
|
|
1434
1689
|
"CWE-22"
|
|
@@ -1787,7 +2042,7 @@
|
|
|
1787
2042
|
"shortDescription": "Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.",
|
|
1788
2043
|
"requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.",
|
|
1789
2044
|
"dueDate": "2024-12-09",
|
|
1790
|
-
"knownRansomwareCampaignUse": "
|
|
2045
|
+
"knownRansomwareCampaignUse": "Known",
|
|
1791
2046
|
"notes": "https:\/\/security.paloaltonetworks.com\/CVE-2024-0012 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-0012",
|
|
1792
2047
|
"cwes": [
|
|
1793
2048
|
"CWE-306"
|
|
@@ -5029,7 +5284,7 @@
|
|
|
5029
5284
|
"shortDescription": "Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert\/maintenance\/diagnostic\/nslookup URI.",
|
|
5030
5285
|
"requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
|
|
5031
5286
|
"dueDate": "2023-10-09",
|
|
5032
|
-
"knownRansomwareCampaignUse": "
|
|
5287
|
+
"knownRansomwareCampaignUse": "Known",
|
|
5033
5288
|
"notes": "https:\/\/www.zyxel.com\/global\/en\/support\/security-advisories\/zyxel-security-advisory-for-command-injection-vulnerability-in-emg2926-q10a-ethernet-cpe, https:\/\/www.zyxelguard.com\/Zyxel-EOL.asp; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-6884",
|
|
5034
5289
|
"cwes": [
|
|
5035
5290
|
"CWE-78"
|
|
@@ -7170,7 +7425,7 @@
|
|
|
7170
7425
|
"shortDescription": "Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.",
|
|
7171
7426
|
"requiredAction": "Apply updates per vendor instructions.",
|
|
7172
7427
|
"dueDate": "2022-12-09",
|
|
7173
|
-
"knownRansomwareCampaignUse": "
|
|
7428
|
+
"knownRansomwareCampaignUse": "Known",
|
|
7174
7429
|
"notes": "https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2022-41091; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-41091",
|
|
7175
7430
|
"cwes": [
|
|
7176
7431
|
"CWE-863"
|
|
@@ -7875,7 +8130,7 @@
|
|
|
7875
8130
|
"shortDescription": "WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome.",
|
|
7876
8131
|
"requiredAction": "Apply updates per vendor instructions.",
|
|
7877
8132
|
"dueDate": "2022-09-15",
|
|
7878
|
-
"knownRansomwareCampaignUse": "
|
|
8133
|
+
"knownRansomwareCampaignUse": "Known",
|
|
7879
8134
|
"notes": "https:\/\/groups.google.com\/g\/discuss-webrtc\/c\/5KBtZx2gvcQ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-2294",
|
|
7880
8135
|
"cwes": [
|
|
7881
8136
|
"CWE-122"
|
|
@@ -8326,7 +8581,7 @@
|
|
|
8326
8581
|
"shortDescription": "A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.",
|
|
8327
8582
|
"requiredAction": "Apply updates per vendor instructions.",
|
|
8328
8583
|
"dueDate": "2022-07-05",
|
|
8329
|
-
"knownRansomwareCampaignUse": "
|
|
8584
|
+
"knownRansomwareCampaignUse": "Known",
|
|
8330
8585
|
"notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-30190",
|
|
8331
8586
|
"cwes": [
|
|
8332
8587
|
"CWE-610"
|
|
@@ -11412,7 +11667,7 @@
|
|
|
11412
11667
|
"shortDescription": "Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.",
|
|
11413
11668
|
"requiredAction": "Apply updates per vendor instructions.",
|
|
11414
11669
|
"dueDate": "2022-04-15",
|
|
11415
|
-
"knownRansomwareCampaignUse": "
|
|
11670
|
+
"knownRansomwareCampaignUse": "Known",
|
|
11416
11671
|
"notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-21999",
|
|
11417
11672
|
"cwes": [
|
|
11418
11673
|
"CWE-40",
|
|
@@ -13604,7 +13859,7 @@
|
|
|
13604
13859
|
"shortDescription": "Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.",
|
|
13605
13860
|
"requiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
|
|
13606
13861
|
"dueDate": "2022-03-24",
|
|
13607
|
-
"knownRansomwareCampaignUse": "
|
|
13862
|
+
"knownRansomwareCampaignUse": "Known",
|
|
13608
13863
|
"notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2015-7645",
|
|
13609
13864
|
"cwes": []
|
|
13610
13865
|
},
|
|
@@ -14098,7 +14353,7 @@
|
|
|
14098
14353
|
"shortDescription": "Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.",
|
|
14099
14354
|
"requiredAction": "Apply updates per vendor instructions.",
|
|
14100
14355
|
"dueDate": "2022-03-24",
|
|
14101
|
-
"knownRansomwareCampaignUse": "
|
|
14356
|
+
"knownRansomwareCampaignUse": "Known",
|
|
14102
14357
|
"notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2008-2992",
|
|
14103
14358
|
"cwes": [
|
|
14104
14359
|
"CWE-119"
|
|
@@ -15215,7 +15470,7 @@
|
|
|
15215
15470
|
"shortDescription": "Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.",
|
|
15216
15471
|
"requiredAction": "Apply updates per vendor instructions.",
|
|
15217
15472
|
"dueDate": "2021-12-29",
|
|
15218
|
-
"knownRansomwareCampaignUse": "
|
|
15473
|
+
"knownRansomwareCampaignUse": "Known",
|
|
15219
15474
|
"notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-43890",
|
|
15220
15475
|
"cwes": []
|
|
15221
15476
|
},
|
|
@@ -16340,7 +16595,7 @@
|
|
|
16340
16595
|
"shortDescription": "Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds.",
|
|
16341
16596
|
"requiredAction": "Apply updates per vendor instructions.",
|
|
16342
16597
|
"dueDate": "2022-05-03",
|
|
16343
|
-
"knownRansomwareCampaignUse": "
|
|
16598
|
+
"knownRansomwareCampaignUse": "Known",
|
|
16344
16599
|
"notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-11580",
|
|
16345
16600
|
"cwes": []
|
|
16346
16601
|
},
|
|
@@ -16756,7 +17011,7 @@
|
|
|
16756
17011
|
"shortDescription": "GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.",
|
|
16757
17012
|
"requiredAction": "Apply updates per vendor instructions.",
|
|
16758
17013
|
"dueDate": "2021-11-17",
|
|
16759
|
-
"knownRansomwareCampaignUse": "
|
|
17014
|
+
"knownRansomwareCampaignUse": "Known",
|
|
16760
17015
|
"notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-22205",
|
|
16761
17016
|
"cwes": [
|
|
16762
17017
|
"CWE-20",
|
|
@@ -17421,7 +17676,7 @@
|
|
|
17421
17676
|
"shortDescription": "Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.",
|
|
17422
17677
|
"requiredAction": "Apply updates per vendor instructions.",
|
|
17423
17678
|
"dueDate": "2022-05-03",
|
|
17424
|
-
"knownRansomwareCampaignUse": "
|
|
17679
|
+
"knownRansomwareCampaignUse": "Known",
|
|
17425
17680
|
"notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2014-1812",
|
|
17426
17681
|
"cwes": [
|
|
17427
17682
|
"CWE-255"
|