Skip to main content

NIS2 & DORA Compliance

Regulatory triage for vulnerability prioritization – classification based on existing CVE data

Regulatory Triage ICT Providers
NIS2 Relevant
355
DORA Relevant
47
Internet-Facing
308
Third-Party ICT
47
Unpatched
218
Exploited
14
Framework:
Period:
Sort:
CVE-2026-48027
Embedded malicious code in Nx Console (the editor extension for Nx and Lerna) version 18.95.0 turned a trusted developer tool into a trojan during a brief publish window on 19 May 2026. The poisoned build was live on the Visual Studio Marketplace for roughly 18 minutes (12:30-12:48 UTC) and on OpenVSX for roughly 36 minutes (12:33-13:09 UTC); any developer who installed or auto-updated during those windows executed attacker-controlled code inside their IDE, tagged here as information disclosure. It is confirmed actively exploited (CISA KEV) and publicly available exploit code exists, with CISA SSVC rating exploitation as active, automatable, and total technical impact; the clean release 18.100.0 is the fix.
Active exploitation No patch available KEV PoC
Why flagged?
9.3
CVSS 4.0
26.8%
EPSS
116
Priority
CVE-2026-24444
Unauthenticated remote root access on SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 is achievable by submitting a hardcoded credential to recovery endpoints (mgmt.php, npcmd.php) in the web management interface. Attackers can then enable filtered SSH/Telnet services to obtain persistent root-level shell access. CVSS is 9.8 with publicly available exploit code, though no public exploit identified at time of analysis in CISA KEV.
NIS2 Edge exposure No patch available Management plane PoC
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: authentication-bypass
  • Proof of concept available
  • No patch available
  • Management plane (Use of Hard-coded Credentials)
  • Moderate evidence (PoC / elevated EPSS)
9.3
CVSS 4.0
66
Priority
CVE-2026-7862
Unauthenticated refund abuse in the Eupago Gateway for WooCommerce WordPress plugin before 4.7.2 lets remote attackers trigger refunds on arbitrary WooCommerce orders using the merchant's own payment gateway credentials, and for certain payment methods divert the refunded funds to an attacker-controlled bank account. The CVSS 8.6 score reflects the network-reachable, no-auth, no-interaction attack path against a financial workflow; publicly available exploit code exists per WPScan, though there is no public exploit identified at time of analysis confirming active exploitation in CISA KEV.
NIS2 Edge exposure Management plane PoC
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • Proof of concept available
  • Management plane (Improper Access Control)
  • Moderate evidence (PoC / elevated EPSS)
8.6
CVSS 3.1
0.0%
EPSS
63
Priority
CVE-2026-47114
Arbitrary command execution in IINA media player for macOS versions prior to 1.4.3 allows remote attackers to run shell commands as the logged-in user by tricking the victim into approving an iina://open URL containing malicious mpv_-prefixed parameters. Publicly available exploit code exists and a vendor patch has been released; exploitation requires a single browser protocol prompt approval (UI:A) but no authentication and no valid media file.
NIS2 DORA ICT dependency Apple PoC
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Third-party ICT: Apple
  • Proof of concept available
  • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
  • HIGH severity
  • ICT provider: Apple (Operating Systems)
8.6
CVSS 4.0
0.2%
EPSS
63
Priority
CVE-2026-9346
Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 enables authenticated remote attackers to execute arbitrary code via crafted POST requests to the wireless table management interface. The vulnerability affects the formWirelessTbl function when processing the submit-url parameter, with publicly available exploit code on GitHub demonstrating the attack method.
No patch available PoC
Why flagged?
7.4
CVSS 4.0
0.0%
EPSS
57
Priority
CVE-2026-9345
Buffer overflow in Edimax EW-7438RPn WiFi range extender firmware versions up to 1.31 enables authenticated remote attackers to execute arbitrary code by sending malformed parameters to the device configuration interface. The vulnerability affects the formWizSurvey function in /goform/formWizSurvey when processing ssid, manualssid, ip, mask, or gateway parameters, with publicly available exploit code existing on GitHub.
No patch available PoC
Why flagged?
7.4
CVSS 4.0
0.0%
EPSS
57
Priority
CVE-2026-9348
Stack-based buffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 enables authenticated remote attackers to execute arbitrary code by sending malicious input to the /goform/mp endpoint in the web server component. Public exploit code exists on GitHub, though the vulnerability is not listed in CISA KEV. The vendor failed to respond to responsible disclosure attempts, leaving devices unpatched.
No patch available PoC
Why flagged?
7.4
CVSS 4.0
0.0%
EPSS
57
Priority
CVE-2026-9344
Stack-based buffer overflow in Edimax EW-7438RPn WiFi range extender firmware up to version 1.31 allows authenticated remote attackers to crash or execute code on the device by sending malicious input to the WPS configuration interface. The vulnerability occurs when processing the pinCode or wlan-url parameters in /goform/formWpsStart, with publicly available exploit code on GitHub demonstrating the attack.
No patch available PoC
Why flagged?
7.4
CVSS 4.0
0.0%
EPSS
57
Priority
CVE-2026-9360
Buffer overflow in Edimax EW-7438RPn Wi-Fi range extender firmware 1.28a enables authenticated remote attackers to execute arbitrary code via malformed POST requests to the wireless encryption configuration endpoint. The vulnerability requires low-privilege authentication and has publicly available exploit code. No vendor response or patch has been provided despite early disclosure attempts.
No patch available PoC
Why flagged?
7.4
CVSS 4.0
0.0%
EPSS
57
Priority
CVE-2026-9294
Stack buffer overflow in the Edimax BR-6428NS 1.10 wireless router allows authenticated remote attackers to corrupt memory by sending an overlong pppUserName parameter to the /goform/formWanTcpipSetup endpoint. Publicly available exploit code exists, and the vendor failed to respond to the coordinated disclosure attempt, leaving devices without an official fix. With a CVSS of 8.8 and full CIA impact, successful exploitation can result in arbitrary code execution or device takeover on the embedded router.
No patch available PoC
Why flagged?
7.4
CVSS 4.0
0.0%
EPSS
57
Priority
CVE-2026-9295
Buffer overflow in the Edimax BR-6428NS 1.10 router's web management interface allows authenticated remote attackers to corrupt memory by submitting a crafted vapurl parameter to the formWirelessTbl POST handler at /goform/formWirelessTbl. Publicly available exploit code exists (released via VulDB and a Notion writeup), and the vendor has not responded to coordinated disclosure attempts. The flaw is not currently listed in CISA KEV, but the combination of public PoC, low attack complexity, and an unpatched/unresponsive vendor makes this a tangible risk for any exposed device.
No patch available PoC
Why flagged?
7.4
CVSS 4.0
0.0%
EPSS
57
Priority
CVE-2025-70103
Heap buffer overflow in libjxl 0.12.0 lets remote attackers corrupt heap memory by feeding a crafted PBM/PNM image to the jxl::extras::DecodeImagePNM routine, which writes decoded rows into an output buffer without first checking that the buffer is large enough for the header-declared dimensions. The CVSS vector (AV:N/AC:L/PR:N/UI:N) describes unauthenticated, low-complexity exploitation with no user interaction, and CISA's SSVC framework rates it automatable with partial technical impact. Publicly available exploit code exists, though it is not listed in CISA KEV and no public exploit has been tied to active exploitation.
No patch available PoC
Why flagged?
7.3
CVSS 3.1
0.0%
EPSS
56
Priority
CVE-2026-31266
Unauthorized invocation of the database migration endpoint (/actions/app/migrate) in Craft CMS 5.9.5 and earlier lets remote, unauthenticated attackers reach functionality that should be gated behind administrative authorization. The flaw stems from a missing authorization check (CWE-862) rather than a credential bypass on the login flow, and publicly available exploit code exists, though it is not listed in CISA KEV. CVSS is 7.3 with Low impact across confidentiality, integrity, and availability, reflecting partial rather than total compromise.
NIS2 Edge exposure No patch available Management plane PoC
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • Proof of concept available
  • No patch available
  • Management plane (Missing Authorization)
  • Moderate evidence (PoC / elevated EPSS)
7.3
CVSS 3.1
0.0%
EPSS
56
Priority
CVE-2026-8054
SQL injection in dotCMS Core (versions 25.11.04-1 through 26.04.28-02) lets remote unauthenticated attackers read, modify, or destroy arbitrary database content through the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll, which neither enforced authentication nor sanitized input before constructing SQL. The flaw carries a maximum CVSS 4.0 base score of 10.0, reflecting full confidentiality, integrity, and availability impact extending to subsequent systems. No public exploit was identified at time of analysis and EPSS is low (0.38%, 60th percentile), but the network-reachable, no-privilege, no-interaction profile makes this an urgent patch for affected (non-LTS) deployments.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-89: SQL Injection)
  • Strong evidence (KEV / high EPSS / multi-source)
10.0
CVSS 4.0
0.4%
EPSS
50
Priority
CVE-2026-40412
Remote code execution in Microsoft Azure Orbital Spatio allows unauthenticated network attackers to upload dangerous file types and execute arbitrary code, earning a maximum CVSS 10.0 score with scope change (S:C). Per Microsoft's MSRC advisory, a vendor patch is available, though no public exploit has been identified at time of analysis and the EPSS score was not provided in the source data.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-434: Unrestricted Upload of File)
  • Strong evidence (KEV / high EPSS / multi-source)
10.0
CVSS 3.1
0.3%
EPSS
50
Priority
CVE-2026-41104
Unsafe deserialization in Microsoft Planetary Computer Pro (Geocatalog) lets a remote unauthenticated attacker craft malicious serialized payloads that the service processes, resulting in information disclosure across a trust boundary. The maximum CVSS 10.0 score reflects network-reachable exploitation with no privileges or user interaction and a scope change, though no public exploit identified at time of analysis and EPSS data was not provided.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-502: Deserialization of Untrusted Data)
  • Strong evidence (KEV / high EPSS / multi-source)
10.0
CVSS 3.1
0.3%
EPSS
50
Priority
CVE-2026-23652
Remote code execution in Microsoft Power Pages allows unauthenticated network attackers to inject and execute operating-system commands against the platform, with a maximum CVSS score of 10.0 reflecting changed scope and full confidentiality, integrity, and availability impact. The flaw stems from improper neutralization of special elements in command construction (CWE-77), and while no public exploit has been identified at time of analysis, Microsoft has released a patch via MSRC. Given Power Pages is a multi-tenant SaaS offering, a successful exploit could pivot beyond the initial site boundary.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-77: Command Injection)
  • Strong evidence (KEV / high EPSS / multi-source)
10.0
CVSS 3.1
0.1%
EPSS
50
Priority
CVE-2026-47280
Privilege elevation in Microsoft Azure Resource Manager (ARM) allows remote unauthenticated attackers to bypass authentication and gain elevated privileges across the cloud control plane. The flaw carries a maximum CVSS score of 10.0 due to a scope change combined with full confidentiality, integrity, and availability impact, and although Microsoft has released a fix there is no public exploit identified at time of analysis. Given ARM is the central management layer for nearly all Azure resources, successful exploitation could have broad tenant-wide consequences.
NIS2 Edge exposure Management plane
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-287: Improper Authentication)
  • Management plane (Improper Authentication)
  • Strong evidence (KEV / high EPSS / multi-source)
10.0
CVSS 3.1
0.1%
EPSS
50
Priority
CVE-2026-42901
Privilege escalation in Microsoft Entra ID enables remote unauthenticated attackers to bypass origin validation and gain elevated privileges across tenant boundaries (scope-changed). The CVSS 10.0 rating reflects maximum impact across confidentiality, integrity, and availability with no authentication or user interaction required, though no public exploit has been identified at time of analysis and EPSS data is not provided.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: authentication-bypass
  • Strong evidence (KEV / high EPSS / multi-source)
10.0
CVSS 3.1
0.0%
EPSS
50
Priority
CVE-2026-46595
Authorization bypass in the Go golang.org/x/crypto/ssh package before version 0.52.0 allows remote attackers to circumvent source-address restrictions when SSH server configurations use callback authentication types other than public key. This is an incomplete-fix follow-up to CVE-2024-45337, which only addressed the public-key callback path while leaving other callback types vulnerable to the same source-address validation skip. No public exploit identified at time of analysis, EPSS is very low at 0.02%, and SSVC indicates no observed exploitation though the issue is automatable with partial technical impact.
NIS2 Edge exposure Management plane
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: authentication-bypass
  • Management plane (Incorrect Authorization)
  • Strong evidence (KEV / high EPSS / multi-source)
10.0
CVSS 3.1
0.0%
EPSS
50
Priority
CVE-2026-34910
Unauthenticated command injection in Ubiquiti UniFi OS devices allows remote attackers with network access to execute arbitrary operating system commands by sending crafted input that bypasses validation. The flaw carries a maximum CVSS 10.0 score with scope change (S:C) impacting confidentiality, integrity, and availability, and affects a broad fleet of UniFi gateways, NVRs, NAS units, and Cloud Keys. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-20: Improper Input Validation)
  • Moderate evidence (PoC / elevated EPSS)
10.0
CVSS 3.1
0.1%
EPSS
50
Priority
CVE-2026-34909
Path traversal in Ubiquiti UniFi OS devices allows network-adjacent attackers to read sensitive files from the underlying system, which can then be leveraged to take over an underlying account. The flaw carries a maximum CVSS 10.0 score reflecting unauthenticated network exploitation with scope change and full confidentiality, integrity, and availability impact across a broad fleet of UniFi gateways, cameras, NVRs, and NAS appliances. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-22: Path Traversal)
  • Moderate evidence (PoC / elevated EPSS)
10.0
CVSS 3.1
0.0%
EPSS
50
Priority
CVE-2026-33712
Server-Side Request Forgery in Typebot chatbot builder versions 3.15.2 and prior allows unauthenticated remote attackers to abuse the preview chat endpoint to make arbitrary internal HTTP requests from the server. The flaw stems from the isolated-vm sandbox's fetch function calling Node.js native fetch without the SSRF validation (validateHttpReqUrl) that protects HTTP Request blocks, bypassing mitigations added after GHSA-8gq9-rw7v-3jpr. No public exploit identified at time of analysis, but the CVSS 10.0 (Critical) score with scope-changed impact indicates severe risk for both self-hosted and hosted deployments.
NIS2 Edge exposure No patch available Management plane
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: authentication-bypass, ssrf
  • No patch available
  • Management plane (Missing Authorization)
  • Moderate evidence (PoC / elevated EPSS)
10.0
CVSS 3.1
0.1%
EPSS
50
Priority
CVE-2026-46695
Sandbox escape in Boxlite versions prior to 0.9.0 lets untrusted code running inside the lightweight VM remount host-shared virtiofs directories from read-only to read-write, enabling arbitrary writes to host files that operators believed were protected. Because the container is granted all 41 Linux capabilities (including CAP_SYS_ADMIN), a trivial 'mount -o remount,rw' bypasses the client-side MS_RDONLY enforcement, and in AI-agent deployments this leads to host code execution by tampering with mounted code, virtualenvs, or credentials. Publicly available exploit code exists (working PoC published in the GHSA advisory) and the issue carries a CVSS 10.0 with scope change; no public exploit identified at time of analysis in CISA KEV.
NIS2 DORA Edge exposure ICT dependency Management plane Docker
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: authentication-bypass, rce
  • Third-party ICT: Docker
  • Management plane (Improper Access Control)
  • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
  • CRITICAL severity
  • ICT provider: Docker (Dev Platforms & CI/CD)
  • Authentication / access control weakness
10.0
CVSS 3.1
50
Priority
CVE-2026-34908
Unauthorized system modification on Ubiquiti UniFi OS devices allows network-adjacent attackers to alter device configuration without authentication, affecting a broad range of UniFi gateways, dream machines, NVRs, NAS units, and cloud keys. The maximum CVSS 10.0 score reflects network-reachable, unauthenticated exploitation with scope change and full confidentiality, integrity, and availability impact; no public exploit identified at time of analysis, but the authentication bypass nature elevates urgency for any UniFi management plane exposed beyond trusted segments.
NIS2 Edge exposure Management plane
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: authentication-bypass
  • Management plane (Improper Access Control)
  • Moderate evidence (PoC / elevated EPSS)
10.0
CVSS 3.1
0.0%
EPSS
50
Priority
Page 1 of 17 (410 CVEs) Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy