CVE-2026-34621 — Adobe Acrobat and Reader — Adobe Acrobat and Reader Prototype Pollution Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-27
CVE-2026-21643 — Fortinet FortiClient EMS — Fortinet SQL Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-16
CVE-2020-9715 — Adobe Acrobat — Adobe Acrobat Use-After-Free Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-27
CVE-2023-36424 — Microsoft Windows — Microsoft Windows Out-of-Bounds Read Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-27
CVE-2023-21529 — Microsoft Exchange Server — Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-27
CVE-2025-60710 — Microsoft Windows — Microsoft Windows Link Following Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-27
CVE-2012-1854 — Microsoft Visual Basic for Applications (VBA) — Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-27
CVE-2026-1340 — Ivanti Endpoint Manager Mobile (EPMM) — Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-11
CVE-2026-35616 — Fortinet FortiClient EMS — Fortinet FortiClient EMS Improper Access Control Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-09
CVE-2026-3502 — TrueConf Client — TrueConf Client Download of Code Without Integrity Check Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-16
CVE-2026-5281 — Google Dawn — Google Dawn Use-After-Free Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-15
CVE-2026-3055 — Citrix NetScaler — Citrix NetScaler Out-of-Bounds Read Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-02
CVE-2025-53521 — F5 BIG-IP — F5 BIG-IP Unspecified Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-30
CVE-2026-33634 — Aquasecurity Trivy — Aquasecurity Trivy Embedded Malicious Code Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-09
CVE-2026-33017 — Langflow Langflow — Langflow Code Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-08
CVE-2025-31277 — Apple Multiple Products — Apple Multiple Products Buffer Overflow Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-03
CVE-2025-43520 — Apple Multiple Products — Apple Multiple Products Classic Buffer Overflow Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-03
CVE-2025-43510 — Apple Multiple Products — Apple Multiple Products Improper Locking Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-03
CVE-2025-54068 — Laravel Livewire — Laravel Livewire Code Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-03
CVE-2025-32432 — Craft CMS Craft CMS — Craft CMS Code Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-03
CVE-2026-20131 — Cisco Secure Firewall Management Center (FMC) — Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-22
Ransomware: Known
CVE-2026-20963 — Microsoft SharePoint — Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-21
CVE-2025-66376 — Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-01
CVE-2025-47813 — Wing FTP Server Wing FTP Server — Wing FTP Server Information Disclosure Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-30