regscale-cli 6.21.2.0__py3-none-any.whl → 6.28.2.1__py3-none-any.whl

regscale/models/integration_models/cisa_kev_data.json

@@ -1,9 +1,803 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.08.21",
-    "dateReleased": "2025-08-21T17:02:19.8046Z",
-    "count": 1401,
+    "catalogVersion": "2025.11.04",
+    "dateReleased": "2025-11-04T17:55:00.4405Z",
+    "count": 1455,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2025-48703",
+            "vendorProject": "CWP",
+            "product": "Control Web Panel",
+            "vulnerabilityName": "CWP Control Web Panel OS Command Injection Vulnerability",
+            "dateAdded": "2025-11-04",
+            "shortDescription": "CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command Injection vulnerability that allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-25",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/control-webpanel.com\/changelog ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-48703",
+            "cwes": [
+                "CWE-78"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-11371",
+            "vendorProject": "Gladinet",
+            "product": "CentreStack and Triofox",
+            "vulnerabilityName": "Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability",
+            "dateAdded": "2025-11-04",
+            "shortDescription": "Gladinet CentreStack and Triofox contains a files or directories accessible to external parties vulnerability that allows unintended disclosure of system files.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-25",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.centrestack.com\/p\/gce_latest_release.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-11371",
+            "cwes": [
+                "CWE-552"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-41244",
+            "vendorProject": "Broadcom",
+            "product": "VMware Aria Operations and VMware Tools",
+            "vulnerabilityName": "Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability",
+            "dateAdded": "2025-10-30",
+            "shortDescription": "Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-20",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.broadcom.com\/web\/ecx\/support-content-notification\/-\/external\/content\/SecurityAdvisories\/0\/36149 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-41244",
+            "cwes": [
+                "CWE-267"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-24893",
+            "vendorProject": "XWiki",
+            "product": "Platform",
+            "vulnerabilityName": "XWiki Platform Eval Injection Vulnerability",
+            "dateAdded": "2025-10-30",
+            "shortDescription": "XWiki Platform contains an eval injection vulnerability that could allow any guest to perform arbitrary remote code execution through a request to SolrSearch.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-20",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/github.com\/xwiki\/xwiki-platform\/security\/advisories\/GHSA-rr6p-3pfg-562j ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24893",
+            "cwes": [
+                "CWE-95"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-6204",
+            "vendorProject": "Dassault Syst\u00e8mes",
+            "product": "DELMIA Apriso",
+            "vulnerabilityName": "Dassault Syst\u00e8mes DELMIA Apriso Code Injection Vulnerability",
+            "dateAdded": "2025-10-28",
+            "shortDescription": "Dassault Syst\u00e8mes DELMIA Apriso contains a code injection vulnerability that could allow an attacker to execute arbitrary code.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-18",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.3ds.com\/trust-center\/security\/security-advisories\/cve-2025-6204 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-6204",
+            "cwes": [
+                "CWE-94"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-6205",
+            "vendorProject": "Dassault Syst\u00e8mes",
+            "product": "DELMIA Apriso",
+            "vulnerabilityName": "Dassault Syst\u00e8mes DELMIA Apriso Missing Authorization Vulnerability",
+            "dateAdded": "2025-10-28",
+            "shortDescription": "Dassault Syst\u00e8mes DELMIA Apriso contains a missing authorization vulnerability that could allow an attacker to gain privileged access to the application.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-18",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.3ds.com\/trust-center\/security\/security-advisories\/cve-2025-6205 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-6205",
+            "cwes": [
+                "CWE-862"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-54236",
+            "vendorProject": "Adobe",
+            "product": "Commerce and\u202fMagento",
+            "vulnerabilityName": "Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability",
+            "dateAdded": "2025-10-24",
+            "shortDescription": "Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-14",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/experienceleague.adobe.com\/en\/docs\/experience-cloud-kcs\/kbarticles\/ka-27397 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-54236",
+            "cwes": [
+                "CWE-20"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-59287",
+            "vendorProject": "Microsoft",
+            "product": "Windows",
+            "vulnerabilityName": "Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability",
+            "dateAdded": "2025-10-24",
+            "shortDescription": "Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-14",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-59287 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-59287",
+            "cwes": [
+                "CWE-502"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-61932",
+            "vendorProject": "Motex",
+            "product": "LANSCOPE Endpoint Manager",
+            "vulnerabilityName": "Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability",
+            "dateAdded": "2025-10-22",
+            "shortDescription": "Motex LANSCOPE Endpoint Manager contains an improper verification of source of a communication channel vulnerability allowing an attacker to execute arbitrary code by sending specially crafted packets.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-12",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.motex.co.jp\/news\/notice\/2025\/release251020\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-61932",
+            "cwes": [
+                "CWE-940"
+            ]
+        },
+        {
+            "cveID": "CVE-2022-48503",
+            "vendorProject": "Apple",
+            "product": "Multiple Products",
+            "vulnerabilityName": "Apple Multiple Products Unspecified Vulnerability",
+            "dateAdded": "2025-10-20",
+            "shortDescription": "Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-10",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.apple.com\/en-us\/HT213340 ; https:\/\/support.apple.com\/en-us\/HT213341 ; https:\/\/support.apple.com\/en-us\/HT213342 ; https:\/\/support.apple.com\/en-us\/HT213345 ; https:\/\/support.apple.com\/en-us\/HT213346 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-48503",
+            "cwes": []
+        },
+        {
+            "cveID": "CVE-2025-2746",
+            "vendorProject": "Kentico",
+            "product": "Xperience CMS",
+            "vulnerabilityName": "Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability",
+            "dateAdded": "2025-10-20",
+            "shortDescription": "Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-10",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/devnet.kentico.com\/download\/hotfixes ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-2746",
+            "cwes": [
+                "CWE-288"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-2747",
+            "vendorProject": "Kentico",
+            "product": "Xperience CMS",
+            "vulnerabilityName": "Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability",
+            "dateAdded": "2025-10-20",
+            "shortDescription": "Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-10",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/devnet.kentico.com\/download\/hotfixes ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-2747",
+            "cwes": [
+                "CWE-288"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-33073",
+            "vendorProject": "Microsoft",
+            "product": "Windows",
+            "vulnerabilityName": "Microsoft Windows SMB Client Improper Access Control Vulnerability",
+            "dateAdded": "2025-10-20",
+            "shortDescription": "Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-10",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33073 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-33073",
+            "cwes": [
+                "CWE-284"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-61884",
+            "vendorProject": "Oracle",
+            "product": "E-Business Suite",
+            "vulnerabilityName": "Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability",
+            "dateAdded": "2025-10-20",
+            "shortDescription": "Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-10",
+            "knownRansomwareCampaignUse": "Known",
+            "notes": "https:\/\/www.oracle.com\/security-alerts\/alert-cve-2025-61884.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-61884",
+            "cwes": [
+                "CWE-918"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-54253",
+            "vendorProject": "Adobe",
+            "product": "Experience Manager (AEM) Forms",
+            "vulnerabilityName": "Adobe Experience Manager Forms Code Execution Vulnerability",
+            "dateAdded": "2025-10-15",
+            "shortDescription": "Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-05",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/helpx.adobe.com\/security\/products\/aem-forms\/apsb25-82.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-54253",
+            "cwes": []
+        },
+        {
+            "cveID": "CVE-2025-47827",
+            "vendorProject": "IGEL",
+            "product": "IGEL OS",
+            "vulnerabilityName": "IGEL OS Use of a Key Past its Expiration Date Vulnerability",
+            "dateAdded": "2025-10-14",
+            "shortDescription": "IGEL OS contains a use of a key past its expiration date vulnerability that allows for Secure Boot bypass. The igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-04",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-47827 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-47827",
+            "cwes": [
+                "CWE-324"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-24990",
+            "vendorProject": "Microsoft",
+            "product": "Windows",
+            "vulnerabilityName": "Microsoft Windows Untrusted Pointer Dereference Vulnerability",
+            "dateAdded": "2025-10-14",
+            "shortDescription": "Microsoft Windows Agere Modem Driver contains an untrusted pointer dereference vulnerability that allows for privilege escalation. An attacker who successfully exploited this vulnerability could gain administrator privileges.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-04",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-24990 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24990",
+            "cwes": [
+                "CWE-822"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-59230",
+            "vendorProject": "Microsoft",
+            "product": "Windows",
+            "vulnerabilityName": "Microsoft Windows Improper Access Control Vulnerability",
+            "dateAdded": "2025-10-14",
+            "shortDescription": "Microsoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges locally.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-04",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-59230 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-59230",
+            "cwes": [
+                "CWE-284"
+            ]
+        },
+        {
+            "cveID": "CVE-2016-7836",
+            "vendorProject": "SKYSEA",
+            "product": "Client View",
+            "vulnerabilityName": "SKYSEA Client View Improper Authentication Vulnerability",
+            "dateAdded": "2025-10-14",
+            "shortDescription": "SKYSEA Client View contains an improper authentication vulnerability that allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-04",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.skyseaclientview.net\/news\/161221\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-7836",
+            "cwes": [
+                "CWE-287"
+            ]
+        },
+        {
+            "cveID": "CVE-2021-43798",
+            "vendorProject": "Grafana Labs",
+            "product": "Grafana",
+            "vulnerabilityName": "Grafana Path Traversal Vulnerability",
+            "dateAdded": "2025-10-09",
+            "shortDescription": "Grafana contains a path traversal vulnerability that could allow access to local files.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-30",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/grafana.com\/blog\/2021\/12\/07\/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-43798",
+            "cwes": [
+                "CWE-22"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-27915",
+            "vendorProject": "Synacor",
+            "product": "Zimbra Collaboration Suite (ZCS)",
+            "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability",
+            "dateAdded": "2025-10-07",
+            "shortDescription": "Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-28",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/wiki.zimbra.com\/wiki\/Security_Center ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-27915",
+            "cwes": [
+                "CWE-79"
+            ]
+        },
+        {
+            "cveID": "CVE-2021-22555",
+            "vendorProject": "Linux",
+            "product": "Kernel",
+            "vulnerabilityName": "Linux Kernel Heap Out-of-Bounds Write Vulnerability",
+            "dateAdded": "2025-10-06",
+            "shortDescription": "Linux Kernel contains a heap out-of-bounds write vulnerability that could allow an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-27",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/torvalds\/linux.git\/commit\/net\/netfilter\/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21 ; https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/torvalds\/linux.git\/commit\/net\/netfilter\/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d ; https:\/\/security.netapp.com\/advisory\/ntap-20210805-0010\/ ; https:\/\/github.com\/google\/security-research\/security\/advisories\/GHSA-xxx5-8mvq-3528 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-22555",
+            "cwes": [
+                "CWE-787"
+            ]
+        },
+        {
+            "cveID": "CVE-2010-3962",
+            "vendorProject": "Microsoft",
+            "product": "Internet Explorer",
+            "vulnerabilityName": "Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability",
+            "dateAdded": "2025-10-06",
+            "shortDescription": "Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-27",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/learn.microsoft.com\/en-us\/security-updates\/SecurityAdvisories\/2010\/2458511?redirectedfrom=MSDN ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2010-3962",
+            "cwes": []
+        },
+        {
+            "cveID": "CVE-2021-43226",
+            "vendorProject": "Microsoft",
+            "product": "Windows",
+            "vulnerabilityName": "Microsoft Windows Privilege Escalation Vulnerability",
+            "dateAdded": "2025-10-06",
+            "shortDescription": "Microsoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain security mechanisms.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-27",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-43226 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-43226",
+            "cwes": []
+        },
+        {
+            "cveID": "CVE-2013-3918",
+            "vendorProject": "Microsoft",
+            "product": "Windows",
+            "vulnerabilityName": "Microsoft Windows Out-of-Bounds Write Vulnerability",
+            "dateAdded": "2025-10-06",
+            "shortDescription": "Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. The impacted product could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-27",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/docs.microsoft.com\/en-us\/security-updates\/securitybulletins\/2013\/ms13-090 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2013-3918",
+            "cwes": []
+        },
+        {
+            "cveID": "CVE-2011-3402",
+            "vendorProject": "Microsoft",
+            "product": "Windows",
+            "vulnerabilityName": "Microsoft Windows Remote Code Execution Vulnerability",
+            "dateAdded": "2025-10-06",
+            "shortDescription": "Microsoft Windows Kernel contains an unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers that allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-27",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/docs.microsoft.com\/en-us\/security-updates\/securitybulletins\/2011\/ms11-087 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2011-3402",
+            "cwes": []
+        },
+        {
+            "cveID": "CVE-2010-3765",
+            "vendorProject": "Mozilla",
+            "product": "Multiple Products",
+            "vulnerabilityName": "Mozilla Multiple Products Remote Code Execution Vulnerability",
+            "dateAdded": "2025-10-06",
+            "shortDescription": "Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-27",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2010-73 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2010-3765",
+            "cwes": []
+        },
+        {
+            "cveID": "CVE-2025-61882",
+            "vendorProject": "Oracle",
+            "product": "E-Business Suite",
+            "vulnerabilityName": "Oracle E-Business Suite Unspecified Vulnerability",
+            "dateAdded": "2025-10-06",
+            "shortDescription": "Oracle E-Business Suite contains an unspecified vulnerability in the BI Publisher Integration component. The vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks can result in takeover of Oracle Concurrent Processing.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-27",
+            "knownRansomwareCampaignUse": "Known",
+            "notes": "https:\/\/www.oracle.com\/security-alerts\/alert-cve-2025-61882.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-61882",
+            "cwes": []
+        },
+        {
+            "cveID": "CVE-2014-6278",
+            "vendorProject": "GNU",
+            "product": "GNU Bash",
+            "vulnerabilityName": "GNU Bash OS Command Injection Vulnerability",
+            "dateAdded": "2025-10-02",
+            "shortDescription": "GNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. ",
+            "dueDate": "2025-10-23",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: http:\/\/ftp.gnu.org\/gnu\/bash\/bash-4.3-patches\/bash43-027 ; https:\/\/support.broadcom.com\/web\/ecx\/support-content-notification\/-\/external\/content\/SecurityAdvisories\/0\/23467 ; https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20140926-bash ; https:\/\/www.ibm.com\/support\/pages\/security-bulletin-update-vulnerabilities-bash-affect-aix-toolbox-linux-applications-cve-2014-6271-cve-2014-6277-cve-2014-6278-cve-2014-7169-cve-2014-7186-and-cve-2014-7187 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2014-6278",
+            "cwes": [
+                "CWE-78"
+            ]
+        },
+        {
+            "cveID": "CVE-2017-1000353",
+            "vendorProject": "Jenkins",
+            "product": "Jenkins",
+            "vulnerabilityName": "Jenkins Remote Code Execution Vulnerability",
+            "dateAdded": "2025-10-02",
+            "shortDescription": "Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would be deserialized using a new ObjectInputStream, bypassing the existing blocklist-based protection mechanism.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-23",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.jenkins.io\/security\/advisory\/2017-04-26\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-1000353",
+            "cwes": []
+        },
+        {
+            "cveID": "CVE-2015-7755",
+            "vendorProject": "Juniper",
+            "product": "ScreenOS",
+            "vulnerabilityName": "Juniper ScreenOS Improper Authentication Vulnerability",
+            "dateAdded": "2025-10-02",
+            "shortDescription": "Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-23",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/supportportal.juniper.net\/s\/article\/2015-12-Out-of-Cycle-Security-Bulletin-ScreenOS-Multiple-Security-issues-with-ScreenOS-CVE-2015-7755-CVE-2015-7756 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2015-7755",
+            "cwes": [
+                "CWE-287"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-21043",
+            "vendorProject": "Samsung",
+            "product": "Mobile Devices",
+            "vulnerabilityName": "Samsung Mobile Devices Out-of-Bounds Write Vulnerability",
+            "dateAdded": "2025-10-02",
+            "shortDescription": "Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so which allows remote attackers to execute arbitrary code.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-23",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/security.samsungmobile.com\/securityUpdate.smsb?year=2025&month=09 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-21043",
+            "cwes": [
+                "CWE-787"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-4008",
+            "vendorProject": "Smartbedded",
+            "product": "Meteobridge",
+            "vulnerabilityName": "Smartbedded Meteobridge Command Injection Vulnerability",
+            "dateAdded": "2025-10-02",
+            "shortDescription": "Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges (root) on affected devices.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-23",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/forum.meteohub.de\/viewtopic.php?t=18687 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-4008",
+            "cwes": [
+                "CWE-306",
+                "CWE-77"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-32463",
+            "vendorProject": "Sudo",
+            "product": "Sudo",
+            "vulnerabilityName": "Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability",
+            "dateAdded": "2025-09-29",
+            "shortDescription": "Sudo contains an inclusion of functionality from untrusted control sphere vulnerability. This vulnerability could allow local attacker to leverage sudo\u2019s -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-20",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https:\/\/www.sudo.ws\/security\/advisories\/chroot_bug\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-32463",
+            "cwes": [
+                "CWE-829"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-59689",
+            "vendorProject": "Libraesva",
+            "product": "Email Security Gateway",
+            "vulnerabilityName": "Libraesva Email Security Gateway Command Injection Vulnerability",
+            "dateAdded": "2025-09-29",
+            "shortDescription": "Libraesva Email Security Gateway (ESG) contains a command injection vulnerability which allows command injection via a compressed e-mail attachment.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-20",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/docs.libraesva.com\/knowledgebase\/security-advisory-command-injection-vulnerability-cve-2025-59689\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-59689",
+            "cwes": [
+                "CWE-77"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-10035",
+            "vendorProject": "Fortra",
+            "product": "GoAnywhere MFT",
+            "vulnerabilityName": "Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability",
+            "dateAdded": "2025-09-29",
+            "shortDescription": "Fortra GoAnywhere MFT contains a deserialization of untrusted data vulnerability allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-20",
+            "knownRansomwareCampaignUse": "Known",
+            "notes": "https:\/\/www.fortra.com\/security\/advisories\/product-security\/fi-2025-012 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-10035",
+            "cwes": [
+                "CWE-502",
+                "CWE-77"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-20352",
+            "vendorProject": "Cisco",
+            "product": "IOS and IOS XE",
+            "vulnerabilityName": "Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability",
+            "dateAdded": "2025-09-29",
+            "shortDescription": "Cisco IOS and IOS XE contains a stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow for denial of service or remote code execution. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-20",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-snmp-x4LPhte ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-20352",
+            "cwes": [
+                "CWE-121"
+            ]
+        },
+        {
+            "cveID": "CVE-2021-21311",
+            "vendorProject": "Adminer",
+            "product": "Adminer",
+            "vulnerabilityName": "Adminer Server-Side Request Forgery Vulnerability",
+            "dateAdded": "2025-09-29",
+            "shortDescription": "Adminer contains a server-side request forgery vulnerability that, when exploited, allows a remote attacker to obtain potentially sensitive information.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-20",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/github.com\/vrana\/adminer\/security\/advisories\/GHSA-x5r2-hj5c-8jx6 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-21311",
+            "cwes": [
+                "CWE-918"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-20362",
+            "vendorProject": "Cisco",
+            "product": "Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense",
+            "vulnerabilityName": "Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability",
+            "dateAdded": "2025-09-25",
+            "shortDescription": "Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a missing authorization vulnerability. This vulnerability could be chained with CVE-2025-20333.",
+            "requiredAction": "The KEV due date refers to the deadline by which FCEB agencies are expected to review and begin implementing the guidance outlined in Emergency Directive (ED) 25-03 (URL listed below in Notes). Agencies must follow the mitigation steps provided by CISA (URL listed below in Notes) and vendor\u2019s instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.",
+            "dueDate": "2025-09-26",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/news-events\/directives\/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices ; https:\/\/www.cisa.gov\/news-events\/directives\/supplemental-direction-ed-25-03-core-dump-and-hunt-instructions ; https:\/\/www.cisa.gov\/eviction-strategies-tool\/create-from-template ; https:\/\/sec.cloudapps.cisco.com\/security\/center\/resources\/asa_ftd_continued_attacks ;   https:\/\/sec.cloudapps.cisco.com\/security\/center\/private\/resources\/asa_ftd_continued_attacks#Details ; https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-asaftd-webvpn-YROOTUW ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-20362",
+            "cwes": [
+                "CWE-862"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-20333",
+            "vendorProject": "Cisco",
+            "product": "Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense",
+            "vulnerabilityName": "Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability",
+            "dateAdded": "2025-09-25",
+            "shortDescription": "Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a buffer overflow vulnerability that allows for remote code execution. This vulnerability could be chained with CVE-2025-20362.",
+            "requiredAction": "The KEV due date refers to the deadline by which FCEB agencies are expected to review and begin implementing the guidance outlined in Emergency Directive (ED) 25-03 (URL listed below in Notes). Agencies must follow the mitigation steps provided by CISA (URL listed below in Notes) and vendor\u2019s instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.",
+            "dueDate": "2025-09-26",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/news-events\/directives\/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices ; https:\/\/www.cisa.gov\/news-events\/directives\/supplemental-direction-ed-25-03-core-dump-and-hunt-instructions ; https:\/\/www.cisa.gov\/eviction-strategies-tool\/create-from-template ; https:\/\/sec.cloudapps.cisco.com\/security\/center\/resources\/asa_ftd_continued_attacks ;    https:\/\/sec.cloudapps.cisco.com\/security\/center\/private\/resources\/asa_ftd_continued_attacks#Details ; https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-asaftd-webvpn-z5xP8EUB ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-20333",
+            "cwes": [
+                "CWE-120"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-10585",
+            "vendorProject": "Google",
+            "product": "Chromium V8",
+            "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability",
+            "dateAdded": "2025-09-23",
+            "shortDescription": "Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-14",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/chromereleases.googleblog.com\/2025\/09\/stable-channel-update-for-desktop_17.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-10585",
+            "cwes": [
+                "CWE-843"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-5086",
+            "vendorProject": "Dassault Syst\u00e8mes",
+            "product": "DELMIA Apriso",
+            "vulnerabilityName": "Dassault Syst\u00e8mes DELMIA Apriso Deserialization of Untrusted Data Vulnerability",
+            "dateAdded": "2025-09-11",
+            "shortDescription": "Dassault Syst\u00e8mes DELMIA Apriso contains a deserialization of untrusted data vulnerability that could lead to a remote code execution.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-02",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.3ds.com\/trust-center\/security\/security-advisories\/cve-2025-5086 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-5086",
+            "cwes": [
+                "CWE-502"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-38352",
+            "vendorProject": "Linux",
+            "product": "Kernel",
+            "vulnerabilityName": "Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability",
+            "dateAdded": "2025-09-04",
+            "shortDescription": "Linux kernel contains a time-of-check time-of-use (TOCTOU) race condition vulnerability that has a high impact on confidentiality, integrity, and availability.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-09-25",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/stable\/linux.git\/commit\/?id=2c72fe18cc5f9f1750f5bc148cf1c94c29e106ff ; https:\/\/source.android.com\/docs\/security\/bulletin\/2025-09-01 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-38352",
+            "cwes": [
+                "CWE-367"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-48543",
+            "vendorProject": "Android",
+            "product": "Runtime",
+            "vulnerabilityName": "Android Runtime Use-After-Free Vulnerability",
+            "dateAdded": "2025-09-04",
+            "shortDescription": "Android Runtime contains a use-after-free vulnerability potentially allowing a chrome sandbox escape leading to local privilege escalation.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-09-25",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/source.android.com\/docs\/security\/bulletin\/2025-09-01 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-48543",
+            "cwes": []
+        },
+        {
+            "cveID": "CVE-2025-53690",
+            "vendorProject": "Sitecore",
+            "product": "Multiple Products",
+            "vulnerabilityName": "Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability",
+            "dateAdded": "2025-09-04",
+            "shortDescription": "Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerability involving the use of default machine keys. This flaw allows attackers to exploit exposed ASP.NET machine keys to achieve remote code execution. ",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-09-25",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.sitecore.com\/kb?id=kb_article_view&sysparm_article=KB1003865 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-53690",
+            "cwes": [
+                "CWE-502"
+            ]
+        },
+        {
+            "cveID": "CVE-2023-50224",
+            "vendorProject": "TP-Link",
+            "product": "TL-WR841N",
+            "vulnerabilityName": "TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability",
+            "dateAdded": "2025-09-03",
+            "shortDescription": "TP-Link TL-WR841N contains an authentication bypass by spoofing vulnerability within the httpd service, which listens on TCP port 80 by default, leading to the disclose of stored credentials. The impacted products could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-09-24",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.tp-link.com\/us\/support\/faq\/4308\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-50224",
+            "cwes": [
+                "CWE-290"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-9377",
+            "vendorProject": "TP-Link",
+            "product": "Multiple Routers",
+            "vulnerabilityName": "TP-Link Archer C7(EU) and TL-WR841N\/ND(MS) OS Command Injection Vulnerability",
+            "dateAdded": "2025-09-03",
+            "shortDescription": "TP-Link Archer C7(EU) and TL-WR841N\/ND(MS) contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-09-24",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.tp-link.com\/us\/support\/faq\/4308\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-9377",
+            "cwes": [
+                "CWE-78"
+            ]
+        },
+        {
+            "cveID": "CVE-2020-24363",
+            "vendorProject": "TP-Link",
+            "product": "TL-WA855RE",
+            "vulnerabilityName": "TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability",
+            "dateAdded": "2025-09-02",
+            "shortDescription": "TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. The impacted products could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-09-23",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.tp-link.com\/us\/home-networking\/range-extender\/tl-wa855re\/#overview ; https:\/\/www.tp-link.com\/us\/support\/download\/tl-wa855re\/#FAQs ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-24363",
+            "cwes": [
+                "CWE-306"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-55177",
+            "vendorProject": "Meta Platforms",
+            "product": "WhatsApp",
+            "vulnerabilityName": "Meta Platforms WhatsApp Incorrect Authorization Vulnerability",
+            "dateAdded": "2025-09-02",
+            "shortDescription": "Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could allow an unrelated user to trigger processing of content from an arbitrary URL on a target\u2019s device.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-09-23",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.whatsapp.com\/security\/advisories\/2025\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-55177",
+            "cwes": [
+                "CWE-863"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-57819",
+            "vendorProject": "Sangoma",
+            "product": "FreePBX",
+            "vulnerabilityName": "Sangoma FreePBX Authentication Bypass Vulnerability",
+            "dateAdded": "2025-08-29",
+            "shortDescription": "Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-09-19",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/github.com\/FreePBX\/security-reporting\/security\/advisories\/GHSA-m42g-xg4c-5f3h ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-57819",
+            "cwes": [
+                "CWE-89",
+                "CWE-288"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-7775",
+            "vendorProject": "Citrix",
+            "product": "NetScaler",
+            "vulnerabilityName": "Citrix NetScaler Memory Overflow Vulnerability",
+            "dateAdded": "2025-08-26",
+            "shortDescription": "Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that could allow for remote code execution and\/or denial of service.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-08-28",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.citrix.com\/support-home\/kbsearch\/article?articleNumber=CTX694938 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-7775",
+            "cwes": [
+                "CWE-119"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-48384",
+            "vendorProject": "Git",
+            "product": "Git",
+            "vulnerabilityName": "Git Link Following Vulnerability",
+            "dateAdded": "2025-08-25",
+            "shortDescription": "Git contains a link following vulnerability that stems from Git\u2019s inconsistent handling of carriage return characters in configuration files.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-09-15",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https:\/\/github.com\/git\/git\/security\/advisories\/GHSA-vwqx-4fm8-6qc9 ; https:\/\/access.redhat.com\/errata\/RHSA-2025:13933 ; https:\/\/alas.aws.amazon.com\/AL2\/ALAS2-2025-2941.html ; https:\/\/linux.oracle.com\/errata\/ELSA-2025-11534.html ; https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-48384 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-48384",
+            "cwes": [
+                "CWE-59",
+                "CWE-436"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-8068",
+            "vendorProject": "Citrix",
+            "product": "Session Recording",
+            "vulnerabilityName": "Citrix Session Recording Improper Privilege Management Vulnerability",
+            "dateAdded": "2025-08-25",
+            "shortDescription": "Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-09-15",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.citrix.com\/external\/article\/691941\/citrix-session-recording-security-bullet.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-8068",
+            "cwes": [
+                "CWE-269"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-8069",
+            "vendorProject": "Citrix",
+            "product": "Session Recording",
+            "vulnerabilityName": "Citrix Session Recording Deserialization of Untrusted Data Vulnerability",
+            "dateAdded": "2025-08-25",
+            "shortDescription": "Citrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account access. Attacker must be an authenticated user on the same intranet as the session recording server.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-09-15",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.citrix.com\/external\/article\/691941\/citrix-session-recording-security-bullet.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-8069",
+            "cwes": [
+                "CWE-502"
+            ]
+        },
         {
             "cveID": "CVE-2025-43300",
             "vendorProject": "Apple",
@@ -2249,7 +3043,7 @@
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-02-13",
             "knownRansomwareCampaignUse": "Unknown",
-            "notes": "https:\/\/blog.jquery.com\/2020\/04\/10\/jquery-3-5-0-released\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-11023",
+            "notes": "This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https:\/\/github.com\/jquery\/jquery\/security\/advisories\/GHSA-jpcq-cgw6-v4j6 ; https:\/\/blog.jquery.com\/2020\/04\/10\/jquery-3-5-0-released\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-11023",
             "cwes": [
                 "CWE-79"
             ]
@@ -2755,7 +3549,7 @@
             "shortDescription": "Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.",
             "dueDate": "2024-12-09",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/security.paloaltonetworks.com\/CVE-2024-9474 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-9474",
             "cwes": [
                 "CWE-77"
@@ -4246,7 +5040,7 @@
             "shortDescription": "Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2024-06-20",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/torvalds\/linux.git\/commit\/?id=f342de4e2f33e0e39165d8639387aa6c19dff660;   https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-1086",
             "cwes": [
                 "CWE-416"
@@ -4815,7 +5609,7 @@
             "shortDescription": "Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2024-03-05",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2024-21412; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-21412",
             "cwes": [
                 "CWE-693"
@@ -4905,8 +5699,8 @@
             "shortDescription": "Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2024-02-02",
-            "knownRansomwareCampaignUse": "Unknown",
-            "notes": "https:\/\/forums.ivanti.com\/s\/article\/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US;  https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-21893",
+            "knownRansomwareCampaignUse": "Known",
+            "notes": "https:\/\/forums.ivanti.com\/s\/article\/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-21893",
             "cwes": [
                 "CWE-918"
             ]
@@ -5055,7 +5849,7 @@
             "shortDescription": "Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to access restricted resources by bypassing control checks. This vulnerability can be leveraged in conjunction with CVE-2024-21887, a command injection vulnerability.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2024-01-22",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "Please apply mitigations per vendor instructions. For more information, please see: https:\/\/forums.ivanti.com\/s\/article\/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US ;  https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-46805",
             "cwes": [
                 "CWE-287"
@@ -5070,7 +5864,7 @@
             "shortDescription": "Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2024-01-22",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "Please apply mitigations per vendor instructions. For more information, please see: https:\/\/forums.ivanti.com\/s\/article\/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-21887",
             "cwes": [
                 "CWE-77"