CVE-2021-39935 — GitLab Community and Enterprise Editions — GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-24
CVE-2026-1281 — Ivanti Endpoint Manager Mobile (EPMM) — Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-01
CVE-2026-24858 — Fortinet Multiple Products — Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-01-30
CVE-2026-21509 — Microsoft Office — Microsoft Office Security Feature Bypass Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-16
CVE-2026-24061 — GNU InetUtils — GNU InetUtils Argument Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-16
CVE-2026-23760 — SmarterTools SmarterMail — SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-16
CVE-2025-52691 — SmarterTools SmarterMail — SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-16
CVE-2018-14634 — Linux Kernal — Linux Kernel Integer Overflow Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-16
CVE-2024-37079 — Broadcom VMware vCenter Server — Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-13
CVE-2025-54313 — Prettier eslint-config-prettier — Prettier eslint-config-prettier Embedded Malicious Code Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-12
CVE-2025-31125 — Vite Vitejs — Vite Vitejs Improper Access Control Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-12
CVE-2025-34026 — Versa Concerto — Versa Concerto Improper Authentication Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-12
CVE-2025-68645 — Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-12
CVE-2026-20045 — Cisco Unified Communications Manager — Cisco Unified Communications Products Code Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-11
CVE-2026-20805 — Microsoft Windows — Microsoft Windows Information Disclosure Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-03
CVE-2025-8110 — Gogs Gogs — Gogs Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-02-02
CVE-2025-37164 — Hewlett Packard (HP) OneView — Hewlett Packard Enterprise OneView Code Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-01-28
CVE-2009-0556 — Microsoft Office — Microsoft Office PowerPoint Code Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-01-28
CVE-2025-14847 — MongoDB MongoDB and MongoDB Server — MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-01-19
CVE-2023-52163 — Digiever DS-2105 Pro — Digiever DS-2105 Pro Missing Authorization Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-01-12
CVE-2025-14733 — WatchGuard Firebox — WatchGuard Firebox Out of Bounds Write Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-12-26
CVE-2025-20393 — Cisco Multiple Products — Cisco Multiple Products Improper Input Validation Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-12-24
CVE-2025-40602 — SonicWall SMA1000 appliance — SonicWall SMA1000 Missing Authorization Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable
Due: 2025-12-24
CVE-2025-59374 — ASUS Live Update — ASUS Live Update Embedded Malicious Code Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2026-01-07