CVE-2024-21182 — Oracle WebLogic Server — Oracle WebLogic Server Unspecified Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-06-04
CVE-2026-0257 — Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-06-01
CVE-2026-8398 — Daemon Daemon Tools Lite — Daemon Tools Lite Embedded Malicious Code Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-30
CVE-2026-45321 — TanStack TanStack — TanStack Unspecified Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-06-10
CVE-2026-48027 — Nx Nx Console — Nx Console Embedded Malicious Code Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-06-10
CVE-2026-48172 — LiteSpeed cPanel Plugin — LiteSpeed cPanel Plugin Privilege Escalation Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-29
CVE-2026-9082 — Drupal Core — Drupal Core SQL Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-27
CVE-2026-34926 — Trend Micro Apex One — Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-06-04
CVE-2025-34291 — Langflow Langflow — Langflow Origin Validation Error Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-06-04
CVE-2026-45498 — Microsoft Defender — Microsoft Defender Denial of Service Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-06-03
CVE-2026-41091 — Microsoft Defender — Microsoft Defender Link Following Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-06-03
CVE-2010-0806 — Microsoft Internet Explorer — Microsoft Internet Explorer Use-After-Free Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-06-03
CVE-2009-3459 — Adobe Acrobat and Reader — Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-06-03
CVE-2009-1537 — Microsoft DirectX — Microsoft DirectX NULL Byte Overwrite Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-06-03
CVE-2008-4250 — Microsoft Windows — Microsoft Windows Buffer Overflow Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-06-03
CVE-2026-42897 — Microsoft Microsoft — Microsoft Exchange Server Cross-Site Scripting Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-29
CVE-2026-20182 — Cisco Catalyst SD-WAN — Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlined in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Due: 2026-05-17
CVE-2026-42208 — BerriAI LiteLLM — BerriAI LiteLLM SQL Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-11
CVE-2026-6973 — Ivanti Endpoint Manager Mobile (EPMM) — Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-10
CVE-2026-0300 — Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Until the vendor releases an official fix, the following workaround should be implemented: - Restrict User-ID Authentication Portal access to only trusted zones. - Disable User-ID Authentication Portal if not required.
Due: 2026-05-09
CVE-2026-31431 — Linux Kernel — Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability
Action: "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-15
CVE-2026-41940 — WebPros cPanel & WHM and WP2 (WordPress Squared) — WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-03
CVE-2026-32202 — Microsoft Windows — Microsoft Windows Protection Mechanism Failure Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-12
CVE-2024-1708 — ConnectWise ScreenConnect — ConnectWise ScreenConnect Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-12
