PyPI - regscale-cli - Versions diffs - 6.27.3.0__py3-none-any.whl → 6.28.1.0__py3-none-any.whl - Mend - Supply Chain Defender

regscale-cli 6.27.3.0py3-none-any.whl → 6.28.1.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of regscale-cli might be problematic. Click here for more details.

Files changed (113) hide show

regscale/models/integration_models/cisa_kev_data.json CHANGED Viewed

@@ -1,9 +1,69 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.10.24",
-    "dateReleased": "2025-10-24T16:55:58.321Z",
-    "count": 1449,
+    "catalogVersion": "2025.10.30",
+    "dateReleased": "2025-10-30T17:58:16.1627Z",
+    "count": 1453,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2025-41244",
+            "vendorProject": "Broadcom",
+            "product": "VMware Aria Operations and VMware Tools",
+            "vulnerabilityName": "Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability",
+            "dateAdded": "2025-10-30",
+            "shortDescription": "Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-20",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.broadcom.com\/web\/ecx\/support-content-notification\/-\/external\/content\/SecurityAdvisories\/0\/36149 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-41244",
+            "cwes": [
+                "CWE-267"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-24893",
+            "vendorProject": "XWiki",
+            "product": "Platform",
+            "vulnerabilityName": "XWiki Platform Eval Injection Vulnerability",
+            "dateAdded": "2025-10-30",
+            "shortDescription": "XWiki Platform contains an eval injection vulnerability that could allow any guest to perform arbitrary remote code execution through a request to SolrSearch.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-20",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/github.com\/xwiki\/xwiki-platform\/security\/advisories\/GHSA-rr6p-3pfg-562j ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24893",
+            "cwes": [
+                "CWE-95"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-6204",
+            "vendorProject": "Dassault Syst\u00e8mes",
+            "product": "DELMIA Apriso",
+            "vulnerabilityName": "Dassault Syst\u00e8mes DELMIA Apriso Code Injection Vulnerability",
+            "dateAdded": "2025-10-28",
+            "shortDescription": "Dassault Syst\u00e8mes DELMIA Apriso contains a code injection vulnerability that could allow an attacker to execute arbitrary code.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-18",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.3ds.com\/trust-center\/security\/security-advisories\/cve-2025-6204 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-6204",
+            "cwes": [
+                "CWE-94"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-6205",
+            "vendorProject": "Dassault Syst\u00e8mes",
+            "product": "DELMIA Apriso",
+            "vulnerabilityName": "Dassault Syst\u00e8mes DELMIA Apriso Missing Authorization Vulnerability",
+            "dateAdded": "2025-10-28",
+            "shortDescription": "Dassault Syst\u00e8mes DELMIA Apriso contains a missing authorization vulnerability that could allow an attacker to gain privileged access to the application.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-11-18",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.3ds.com\/trust-center\/security\/security-advisories\/cve-2025-6205 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-6205",
+            "cwes": [
+                "CWE-862"
+            ]
+        },
         {
             "cveID": "CVE-2025-54236",
             "vendorProject": "Adobe",
@@ -3459,7 +3519,7 @@
             "shortDescription": "Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.",
             "dueDate": "2024-12-09",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/security.paloaltonetworks.com\/CVE-2024-9474 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-9474",
             "cwes": [
                 "CWE-77"
@@ -4950,7 +5010,7 @@
             "shortDescription": "Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2024-06-20",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/torvalds\/linux.git\/commit\/?id=f342de4e2f33e0e39165d8639387aa6c19dff660;   https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-1086",
             "cwes": [
                 "CWE-416"