CVE-2026-3909 — Google Skia — Google Skia Out-of-Bounds Write Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-27
CVE-2026-3910 — Google Chromium V8 — Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-27
CVE-2025-68613 — n8n n8n — n8n Improper Control of Dynamically-Managed Code Resources Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-25
CVE-2026-1603 — Ivanti Endpoint Manager (EPM) — Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-23
CVE-2025-26399 — SolarWinds Web Help Desk — SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-12
CVE-2021-22054 — Omnissa Workspace One UEM — Omnissa Workspace ONE Server-Side Request Forgery
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-23
CVE-2023-41974 — Apple iOS and iPadOS — Apple iOS and iPadOS Use-After-Free Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-26
CVE-2021-30952 — Apple Multiple Products — Apple Multiple Products Integer Overflow or Wraparound Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-26
CVE-2023-43000 — Apple Multiple Products — Apple Multiple products Use-After-Free Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-26
CVE-2021-22681 — Rockwell Multiple Products — Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-26
CVE-2017-7921 — Hikvision Multiple Products — Hikvision Multiple Products Improper Authentication Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-26
CVE-2026-21385 — Qualcomm Multiple Chipsets — Qualcomm Multiple Chipsets Memory Corruption Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-24
CVE-2026-22719 — Broadcom VMware Aria Operations — Broadcom VMware Aria Operations Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-24
CVE-2026-20127 — Cisco Catalyst SD-WAN Controller and Manager — Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability
Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Due: 2026-02-27
CVE-2022-20775 — Cisco SD-WAN — Cisco SD-WAN Path Traversal Vulnerability
Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Due: 2026-02-27
CVE-2026-25108 — Soliton Systems K.K FileZen — Soliton Systems K.K FileZen OS Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-17
CVE-2025-68461 — Roundcube Webmail — RoundCube Webmail Cross-site Scripting Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-13
CVE-2025-49113 — Roundcube Webmail — RoundCube Webmail Deserialization of Untrusted Data Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-13
CVE-2026-22769 — Dell RecoverPoint for Virtual Machines (RP4VMs) — Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-21
CVE-2021-22175 — GitLab GitLab — GitLab Server-Side Request Forgery (SSRF) Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-11
CVE-2026-2441 — Google Chromium — Google Chromium CSS Use-After-Free Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-10
CVE-2008-0015 — Microsoft Windows — Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-10
CVE-2024-7694 — TeamT5 ThreatSonar Anti-Ransomware — TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-10
CVE-2020-7796 — Synacor Zimbra Collaboration Suite — Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-10