CVE-2025-4428 — Ivanti Endpoint Manager Mobile (EPMM) — Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-09
CVE-2024-11182 — MDaemon Email Server — MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-09
CVE-2025-27920 — Srimax Output Messenger — Srimax Output Messenger Directory Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-09
CVE-2024-27443 — Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-09
CVE-2023-38950 — ZKTeco BioTime — ZKTeco BioTime Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-09
CVE-2024-12987 — DrayTek Vigor Routers — DrayTek Vigor Routers OS Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-05
CVE-2025-42999 — SAP NetWeaver — SAP NetWeaver Deserialization Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-05
CVE-2025-32756 — Fortinet Multiple Products — Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-04
CVE-2025-30400 — Microsoft Windows — Microsoft Windows DWM Core Library Use-After-Free Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-03
CVE-2025-32701 — Microsoft Windows — Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-03
CVE-2025-32706 — Microsoft Windows — Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-03
CVE-2025-30397 — Microsoft Windows — Microsoft Windows Scripting Engine Type Confusion Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-03
CVE-2025-32709 — Microsoft Windows — Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-03
CVE-2025-47729 — TeleMessage TM SGNL — TeleMessage TM SGNL Hidden Functionality Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-06-02
CVE-2024-6047 — GeoVision Multiple Devices — GeoVision Devices OS Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-05-28
CVE-2024-11120 — GeoVision Multiple Devices — GeoVision Devices OS Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-05-28
CVE-2025-27363 — FreeType FreeType — FreeType Out-of-Bounds Write Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-05-27
CVE-2025-3248 — Langflow Langflow — Langflow Missing Authentication Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-05-26
CVE-2024-58136 — Yiiframework Yii — Yiiframework Yii Improper Protection of Alternate Path Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-05-23
CVE-2025-34028 — Commvault Command Center — Commvault Command Center Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-05-23
CVE-2023-44221 — SonicWall SMA100 Appliances — SonicWall SMA100 Appliances OS Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-05-22
CVE-2024-38475 — Apache HTTP Server — Apache HTTP Server Improper Escaping of Output Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-05-22
CVE-2025-31324 — SAP NetWeaver — SAP NetWeaver Unrestricted File Upload Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-05-20
Ransomware: Known
CVE-2025-3928 — Commvault Web Server — Commvault Web Server Unspecified Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-05-19