CVE-2024-57726 — SimpleHelp SimpleHelp — SimpleHelp Missing Authorization Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-08
CVE-2024-57728 — SimpleHelp SimpleHelp — SimpleHelp Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-08
CVE-2024-7399 — Samsung MagicINFO 9 Server — Samsung MagicINFO 9 Server Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-08
CVE-2025-29635 — D-Link DIR-823X — D-Link DIR-823X Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-08
CVE-2026-39987 — Marimo Marimo — Marimo Remote Code Execution Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-07
CVE-2026-33825 — Microsoft Defender — Microsoft Defender Insufficient Granularity of Access Control Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-06
CVE-2024-27199 — JetBrains TeamCity — JetBrains TeamCity Relative Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-04
CVE-2025-32975 — Quest KACE Systems Management Appliance (SMA) — Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-04
CVE-2026-20128 — Cisco Catalyst SD-WAN Manager — Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Due: 2026-04-23
CVE-2025-48700 — Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-23
CVE-2023-27351 — PaperCut NG/MF — PaperCut NG/MF Improper Authentication Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-04
CVE-2025-2749 — Kentico Kentico Xperience — Kentico Xperience Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-05-04
CVE-2026-20133 — Cisco Catalyst SD-WAN Manager — Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Due: 2026-04-23
CVE-2026-20122 — Cisco Catalyst SD-WAN Manger — Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Due: 2026-04-23
CVE-2026-34197 — Apache ActiveMQ — Apache ActiveMQ Improper Input Validation Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-30
CVE-2026-32201 — Microsoft SharePoint Server — Microsoft SharePoint Server Improper Input Validation Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-28
CVE-2009-0238 — Microsoft Office — Microsoft Office Remote Code Execution
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-28
CVE-2026-34621 — Adobe Acrobat and Reader — Adobe Acrobat and Reader Prototype Pollution Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-27
CVE-2026-21643 — Fortinet FortiClient EMS — Fortinet SQL Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-16
CVE-2020-9715 — Adobe Acrobat — Adobe Acrobat Use-After-Free Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-27
CVE-2023-36424 — Microsoft Windows — Microsoft Windows Out-of-Bounds Read Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-27
CVE-2023-21529 — Microsoft Exchange Server — Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-27
CVE-2025-60710 — Microsoft Windows — Microsoft Windows Link Following Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-27
CVE-2012-1854 — Microsoft Visual Basic for Applications (VBA) — Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-04-27
