CVE-2009-0556 — Microsoft Office — Microsoft Office PowerPoint Code Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-01-28
CVE-2025-14847 — MongoDB MongoDB and MongoDB Server — MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-01-19
CVE-2023-52163 — Digiever DS-2105 Pro — Digiever DS-2105 Pro Missing Authorization Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-01-12
CVE-2025-14733 — WatchGuard Firebox — WatchGuard Firebox Out of Bounds Write Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-12-26
CVE-2025-20393 — Cisco Multiple Products — Cisco Multiple Products Improper Input Validation Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-12-24
CVE-2025-40602 — SonicWall SMA1000 appliance — SonicWall SMA1000 Missing Authorization Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable
Due: 2025-12-24
CVE-2025-59374 — ASUS Live Update — ASUS Live Update Embedded Malicious Code Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-01-07
CVE-2025-59718 — Fortinet Multiple Products — Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-12-23
CVE-2025-43529 — Apple Multiple Products — Apple Multiple Products Use-After-Free WebKit Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-01-05
CVE-2025-14611 — Gladinet CentreStack and Triofox — Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-01-05
CVE-2025-14174 — Google Chromium — Google Chromium Out of Bounds Memory Access Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-01-02
CVE-2018-4063 — Sierra Wireless AirLink ALEOS — Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-01-02
CVE-2025-58360 — OSGeo GeoServer — OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-01-01
CVE-2025-62221 — Microsoft Windows — Microsoft Windows Use After Free Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-12-30
CVE-2025-6218 — RARLAB WinRAR — RARLAB WinRAR Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-12-30
CVE-2025-66644 — Array Networks ArrayOS AG — Array Networks ArrayOS AG OS Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-12-29
CVE-2022-37055 — D-Link Routers — D-Link Routers Buffer Overflow Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-12-29
CVE-2025-55182 — Meta React Server Components — Meta React Server Components Remote Code Execution Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-12-26
CVE-2021-26828 — OpenPLC ScadaBR — OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-12-24
CVE-2025-48572 — Android Framework — Android Framework Privilege Escalation Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-12-23
CVE-2025-48633 — Android Framework — Android Framework Information Disclosure Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-12-23
CVE-2021-26829 — OpenPLC ScadaBR — OpenPLC ScadaBR Cross-site Scripting Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-12-19
CVE-2025-61757 — Oracle Fusion Middleware — Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-12-12
CVE-2025-13223 — Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-12-10