CVEs

CVE-2025-48700 — Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability

CISA KEV•CVE-2025-48700•Synacor Zimbra Collaboration Suite (ZCS)• April 20, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-04-23

Details NVD

CVE-2023-27351 — PaperCut NG/MF — PaperCut NG/MF Improper Authentication Vulnerability

CISA KEV•CVE-2023-27351•PaperCut NG/MF• April 20, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-05-04

Details NVD

CVE-2025-2749 — Kentico Kentico Xperience — Kentico Xperience Path Traversal Vulnerability

CISA KEV•CVE-2025-2749•Kentico Kentico Xperience• April 20, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-05-04

Details NVD

CVE-2026-20133 — Cisco Catalyst SD-WAN Manager — Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

CISA KEV•CVE-2026-20133•Cisco Catalyst SD-WAN Manager• April 20, 2026

Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Due: 2026-04-23

Details NVD

CVE-2026-20122 — Cisco Catalyst SD-WAN Manger — Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability

CISA KEV•CVE-2026-20122•Cisco Catalyst SD-WAN Manger• April 20, 2026

Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Due: 2026-04-23

Details NVD

CVE-2026-34197 — Apache ActiveMQ — Apache ActiveMQ Improper Input Validation Vulnerability

CISA KEV•CVE-2026-34197•Apache ActiveMQ• April 16, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-04-30

Details NVD

CVE-2026-32201 — Microsoft SharePoint Server — Microsoft SharePoint Server Improper Input Validation Vulnerability

CISA KEV•CVE-2026-32201•Microsoft SharePoint Server• April 14, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-04-28

Details NVD

CVE-2009-0238 — Microsoft Office — Microsoft Office Remote Code Execution

CISA KEV•CVE-2009-0238•Microsoft Office• April 14, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-04-28

Details NVD

CVE-2026-34621 — Adobe Acrobat and Reader — Adobe Acrobat and Reader Prototype Pollution Vulnerability

CISA KEV•CVE-2026-34621•Adobe Acrobat and Reader• April 13, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-04-27

Details NVD

CVE-2026-21643 — Fortinet FortiClient EMS — Fortinet SQL Injection Vulnerability

CISA KEV•CVE-2026-21643•Fortinet FortiClient EMS• April 13, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-04-16

Details NVD

CVE-2020-9715 — Adobe Acrobat — Adobe Acrobat Use-After-Free Vulnerability

CISA KEV•CVE-2020-9715•Adobe Acrobat• April 13, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-04-27

Details NVD

CVE-2023-36424 — Microsoft Windows — Microsoft Windows Out-of-Bounds Read Vulnerability

CISA KEV•CVE-2023-36424•Microsoft Windows• April 13, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-04-27

Details NVD

CVE-2023-21529 — Microsoft Exchange Server — Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability

CISA KEV•CVE-2023-21529•Microsoft Exchange Server• April 13, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-04-27

Details NVD

CVE-2025-60710 — Microsoft Windows — Microsoft Windows Link Following Vulnerability

CISA KEV•CVE-2025-60710•Microsoft Windows• April 13, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-04-27

Details NVD

CVE-2012-1854 — Microsoft Visual Basic for Applications (VBA) — Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability

CISA KEV•CVE-2012-1854•Microsoft Visual Basic for Applications (VBA)• April 13, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-04-27

Details NVD

CVE-2026-1340 — Ivanti Endpoint Manager Mobile (EPMM) — Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability

CISA KEV•CVE-2026-1340•Ivanti Endpoint Manager Mobile (EPMM)• April 8, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-04-11

Details NVD

CVE-2026-35616 — Fortinet FortiClient EMS — Fortinet FortiClient EMS Improper Access Control Vulnerability

CISA KEV•CVE-2026-35616•Fortinet FortiClient EMS• April 6, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-04-09

Details NVD

CVE-2026-3502 — TrueConf Client — TrueConf Client Download of Code Without Integrity Check Vulnerability

CISA KEV•CVE-2026-3502•TrueConf Client• April 2, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-04-16

Details NVD

CVE-2026-5281 — Google Dawn — Google Dawn Use-After-Free Vulnerability

CISA KEV•CVE-2026-5281•Google Dawn• April 1, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-04-15

Details NVD

CVE-2026-3055 — Citrix NetScaler — Citrix NetScaler Out-of-Bounds Read Vulnerability

CISA KEV•CVE-2026-3055•Citrix NetScaler• March 30, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-04-02

Details NVD

CVE-2025-53521 — F5 BIG-IP — F5 BIG-IP Unspecified Vulnerability

CISA KEV•CVE-2025-53521•F5 BIG-IP• March 27, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-03-30

Details NVD

CVE-2026-33634 — Aquasecurity Trivy — Aquasecurity Trivy Embedded Malicious Code Vulnerability

CISA KEV•CVE-2026-33634•Aquasecurity Trivy• March 26, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-04-09

Details NVD

CVE-2026-33017 — Langflow Langflow — Langflow Code Injection Vulnerability

CISA KEV•CVE-2026-33017•Langflow Langflow• March 25, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-04-08

Details NVD

CVE-2025-31277 — Apple Multiple Products — Apple Multiple Products Buffer Overflow Vulnerability

CISA KEV•CVE-2025-31277•Apple Multiple Products• March 20, 2026

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2026-04-03

Details NVD