CVE-2025-48543 — Android Runtime — Android Runtime Unspecified Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-25
CVE-2025-38352 — Linux Kernel — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-25
CVE-2025-9377 — TP-Link Multiple Routers — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-24
CVE-2023-50224 — TP-Link TL-WR841N — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-24
CVE-2025-55177 — Meta Platforms WhatsApp — Meta Platforms WhatsApp Incorrect Authorization Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-23
CVE-2020-24363 — TP-Link TL-WA855RE — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-23
CVE-2025-57819 — Sangoma FreePBX — Sangoma FreePBX Authentication Bypass Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-19
CVE-2025-7775 — Citrix NetScaler — Citrix NetScaler Memory Overflow Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-28
CVE-2024-8069 — Citrix Session Recording — Citrix Session Recording Deserialization of Untrusted Data Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-15
CVE-2024-8068 — Citrix Session Recording — Citrix Session Recording Improper Privilege Management Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-15
CVE-2025-48384 — Git Git — Git Link Following Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-15
CVE-2025-43300 — Apple iOS, iPadOS, and macOS — Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-11
CVE-2025-54948 — Trend Micro Apex One — Trend Micro Apex One OS Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-08
CVE-2025-8875 — N-able N-Central — N-able N-Central Insecure Deserialization Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-20
CVE-2025-8876 — N-able N-Central — N-able N-Central Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-20
CVE-2013-3893 — Microsoft Internet Explorer — Microsoft Internet Explorer Resource Management Errors Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-02
CVE-2007-0671 — Microsoft Office — Microsoft Office Excel Remote Code Execution Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-02
CVE-2025-8088 — RARLAB WinRAR — RARLAB WinRAR Path Traversal Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-09-02
CVE-2022-40799 — D-Link DNR-322L — D-Link DNR-322L Download of Code Without Integrity Check Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-26
CVE-2020-25079 — D-Link DCS-2530L and DCS-2670L Devices — D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-26
CVE-2020-25078 — D-Link DCS-2530L and DCS-2670L Devices — D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-26
CVE-2025-20281 — Cisco Identity Services Engine — Cisco Identity Services Engine Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-18
CVE-2025-20337 — Cisco Identity Services Engine — Cisco Identity Services Engine Injection Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-18
CVE-2023-2533 — PaperCut NG/MF — PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability
Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due: 2025-08-18