CVE-2025-68461 — Roundcube Webmail — RoundCube Webmail Cross-site Scripting Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-13
CVE-2025-49113 — Roundcube Webmail — RoundCube Webmail Deserialization of Untrusted Data Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-13
CVE-2026-22769 — Dell RecoverPoint for Virtual Machines (RP4VMs) — Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-21
CVE-2021-22175 — GitLab GitLab — GitLab Server-Side Request Forgery (SSRF) Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-11
CVE-2026-2441 — Google Chromium — Google Chromium CSS Use-After-Free Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-10
CVE-2008-0015 — Microsoft Windows — Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-10
CVE-2024-7694 — TeamT5 ThreatSonar Anti-Ransomware — TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-10
CVE-2020-7796 — Synacor Zimbra Collaboration Suite — Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-10
CVE-2026-1731 — BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) — BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-16
CVE-2025-40536 — SolarWinds Web Help Desk — SolarWinds Web Help Desk Security Control Bypass Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-15
CVE-2025-15556 — Notepad++ Notepad++ — Notepad++ Download of Code Without Integrity Check Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-05
CVE-2024-43468 — Microsoft Configuration Manager — Microsoft Configuration Manager SQL Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-05
CVE-2026-20700 — Apple Multiple Products — Apple Multiple Buffer Overflow Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-05
CVE-2026-21514 — Microsoft Office — Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-03
CVE-2026-21519 — Microsoft Windows — Microsoft Windows Type Confusion Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-03
CVE-2026-21533 — Microsoft Windows — Microsoft Windows Improper Privilege Management Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-03
CVE-2026-21510 — Microsoft Windows — Microsoft Windows Shell Protection Mechanism Failure Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-03
CVE-2026-21525 — Microsoft Windows — Microsoft Windows NULL Pointer Dereference Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-03
CVE-2026-21513 — Microsoft Windows — Microsoft Internet Explorer Protection Mechanism Failure Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-03-03
CVE-2026-24423 — SmarterTools SmarterMail — SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-26
CVE-2025-11953 — React Native Community CLI — React Native Community CLI OS Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-26
CVE-2025-40551 — SolarWinds Web Help Desk — SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-06
CVE-2019-19006 — Sangoma FreePBX — Sangoma FreePBX Improper Authentication Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-24
CVE-2025-64328 — Sangoma FreePBX — Sangoma FreePBX OS Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-24