PyPI - regscale-cli - Versions diffs - 6.21.2.2__py3-none-any.whl → 6.22.0.1__py3-none-any.whl - Mend - Supply Chain Defender

regscale-cli 6.21.2.2py3-none-any.whl → 6.22.0.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of regscale-cli might be problematic. Click here for more details.

Files changed (32) hide show

regscale/models/integration_models/cisa_kev_data.json CHANGED Viewed

@@ -1,9 +1,70 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.08.25",
-    "dateReleased": "2025-08-25T17:04:19.9796Z",
-    "count": 1404,
+    "catalogVersion": "2025.09.02",
+    "dateReleased": "2025-09-02T14:00:03.8096Z",
+    "count": 1408,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2020-24363",
+            "vendorProject": "TP-Link",
+            "product": "TL-WA855RE",
+            "vulnerabilityName": "TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability",
+            "dateAdded": "2025-09-02",
+            "shortDescription": "TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. The impacted products could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-09-23",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.tp-link.com\/us\/home-networking\/range-extender\/tl-wa855re\/#overview ; https:\/\/www.tp-link.com\/us\/support\/download\/tl-wa855re\/#FAQs ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-24363",
+            "cwes": [
+                "CWE-306"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-55177",
+            "vendorProject": "Meta Platforms",
+            "product": "WhatsApp",
+            "vulnerabilityName": "Meta Platforms WhatsApp Incorrect Authorization Vulnerability",
+            "dateAdded": "2025-09-02",
+            "shortDescription": "Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could allow an unrelated user to trigger processing of content from an arbitrary URL on a target\u2019s device.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-09-23",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.whatsapp.com\/security\/advisories\/2025\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-55177",
+            "cwes": [
+                "CWE-863"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-57819",
+            "vendorProject": "Sangoma",
+            "product": "FreePBX",
+            "vulnerabilityName": "Sangoma FreePBX Authentication Bypass Vulnerability",
+            "dateAdded": "2025-08-29",
+            "shortDescription": "Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-09-19",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/github.com\/FreePBX\/security-reporting\/security\/advisories\/GHSA-m42g-xg4c-5f3h ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-57819",
+            "cwes": [
+                "CWE-89",
+                "CWE-288"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-7775",
+            "vendorProject": "Citrix",
+            "product": "NetScaler",
+            "vulnerabilityName": "Citrix NetScaler Memory Overflow Vulnerability",
+            "dateAdded": "2025-08-26",
+            "shortDescription": "Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that could allow for remote code execution and\/or denial of service.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-08-28",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.citrix.com\/support-home\/kbsearch\/article?articleNumber=CTX694938 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-7775",
+            "cwes": [
+                "CWE-119"
+            ]
+        },
         {
             "cveID": "CVE-2025-48384",
             "vendorProject": "Git",