PyPI - regscale-cli - Versions diffs - 6.27.2.0__py3-none-any.whl → 6.28.0.0__py3-none-any.whl - Mend - Supply Chain Defender

regscale-cli 6.27.2.0py3-none-any.whl → 6.28.0.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of regscale-cli might be problematic. Click here for more details.

Files changed (140) hide show

regscale/models/integration_models/cisa_kev_data.json CHANGED Viewed

@@ -1,9 +1,84 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.10.20",
-    "dateReleased": "2025-10-20T13:56:54.0593Z",
-    "count": 1447,
+    "catalogVersion": "2025.10.29",
+    "dateReleased": "2025-10-29T18:39:31.8373Z",
+    "count": 1451,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2025-6204",
+            "vendorProject": "Dassault Syst\u00e8mes",
+            "product": "DELMIA Apriso",
+            "vulnerabilityName": "Dassault Syst\u00e8mes DELMIA Apriso Code Injection Vulnerability",
+            "dateAdded": "2025-10-28",
+            "shortDescription": "Dassault Syst\u00e8mes DELMIA Apriso contains a code injection vulnerability that could allow an attacker to execute arbitrary code.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-18",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.3ds.com\/trust-center\/security\/security-advisories\/cve-2025-6204 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-6204",
+            "cwes": [
+                "CWE-94"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-6205",
+            "vendorProject": "Dassault Syst\u00e8mes",
+            "product": "DELMIA Apriso",
+            "vulnerabilityName": "Dassault Syst\u00e8mes DELMIA Apriso Missing Authorization Vulnerability",
+            "dateAdded": "2025-10-28",
+            "shortDescription": "Dassault Syst\u00e8mes DELMIA Apriso contains a missing authorization vulnerability that could allow an attacker to gain privileged access to the application.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-18",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.3ds.com\/trust-center\/security\/security-advisories\/cve-2025-6205 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-6205",
+            "cwes": [
+                "CWE-862"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-54236",
+            "vendorProject": "Adobe",
+            "product": "Commerce and\u202fMagento",
+            "vulnerabilityName": "Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability",
+            "dateAdded": "2025-10-24",
+            "shortDescription": "Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-14",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/experienceleague.adobe.com\/en\/docs\/experience-cloud-kcs\/kbarticles\/ka-27397 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-54236",
+            "cwes": [
+                "CWE-20"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-59287",
+            "vendorProject": "Microsoft",
+            "product": "Windows",
+            "vulnerabilityName": "Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability",
+            "dateAdded": "2025-10-24",
+            "shortDescription": "Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-14",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-59287 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-59287",
+            "cwes": [
+                "CWE-502"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-61932",
+            "vendorProject": "Motex",
+            "product": "LANSCOPE Endpoint Manager",
+            "vulnerabilityName": "Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability",
+            "dateAdded": "2025-10-22",
+            "shortDescription": "Motex LANSCOPE Endpoint Manager contains an improper verification of source of a communication channel vulnerability allowing an attacker to execute arbitrary code by sending specially crafted packets.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-12",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.motex.co.jp\/news\/notice\/2025\/release251020\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-61932",
+            "cwes": [
+                "CWE-940"
+            ]
+        },
         {
             "cveID": "CVE-2022-48503",
             "vendorProject": "Apple",
@@ -71,7 +146,7 @@
             "shortDescription": "Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication.",
             "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-11-10",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/www.oracle.com\/security-alerts\/alert-cve-2025-61884.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-61884",
             "cwes": [
                 "CWE-918"
@@ -135,21 +210,6 @@
                 "CWE-284"
             ]
         },
-        {
-            "cveID": "CVE-2025-6264",
-            "vendorProject": "Rapid7",
-            "product": "Velociraptor",
-            "vulnerabilityName": "Rapid7 Velociraptor Incorrect Default Permissions Vulnerability",
-            "dateAdded": "2025-10-14",
-            "shortDescription": "Rapid7 Velociraptor contains an incorrect default permissions vulnerability that can lead to arbitrary command execution and endpoint takeover. To successfully exploit this vulnerability the user must already have access to collect artifacts from the endpoint.",
-            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
-            "dueDate": "2025-11-04",
-            "knownRansomwareCampaignUse": "Known",
-            "notes": "https:\/\/docs.velociraptor.app\/announcements\/advisories\/cve-2025-6264\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-6264",
-            "cwes": [
-                "CWE-276"
-            ]
-        },
         {
             "cveID": "CVE-2016-7836",
             "vendorProject": "SKYSEA",
@@ -3429,7 +3489,7 @@
             "shortDescription": "Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.",
             "dueDate": "2024-12-09",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/security.paloaltonetworks.com\/CVE-2024-9474 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-9474",
             "cwes": [
                 "CWE-77"