NIS2 & DORA Compliance

Regulatory triage for vulnerability prioritization – classification based on existing CVE data

Regulatory Triage ICT Providers
NIS2 Relevant
439
DORA Relevant
65
Internet-Facing
374
Third-Party ICT
65
Unpatched
438
Exploited
70
Framework:
Period:
Sort:
CVE-2026-40036
Unbounded zlib decompression in dfir-unfurl versions through 20250810 enables unauthenticated remote attackers to exhaust server memory via crafted compressed payloads submitted to the /json/visjs endpoint. Attackers can submit highly compressed data that expands to gigabytes when decompressed, crashing the service through resource exhaustion. The vulnerability affects the parse_compressed.py module and requires no authentication. No public exploit identified at time of analysis.
Why flagged?
8.7
CVSS 4.0
0.1%
EPSS
44
Priority
CVE-2026-35169
Reflected cross-site scripting and arbitrary markdown file download in LORIS help_editor module affects versions prior to 27.0.3 and 28.0.1. Improper input sanitization allows authenticated attackers with low privileges to execute malicious scripts in victim browsers (requiring user interaction) and exfiltrate markdown files from the server. Attack requires network access and social engineering to trick users into following crafted links. No public exploit identified at time of analysis.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-79: Cross-site Scripting (XSS))
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
8.7
CVSS 3.1
0.0%
EPSS
44
Priority
CVE-2026-35063
Authorization bypass in OpenPLC_V3 REST API allows authenticated low-privilege users to delete administrator accounts or create new admin-level accounts. The API validates JWT token presence but fails to enforce role-based access control, enabling any user with basic authentication to escalate privileges to full administrator access or remove existing administrators by manipulating user ID parameters. This affects all versions of OpenPLC_V3. No public exploit identified at time of analysis.
NIS2 Edge exposure No patch available Management plane
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • No patch available
  • Management plane (Missing Authorization)
  • Moderate evidence (PoC / elevated EPSS)
8.7
CVSS 4.0
0.0%
EPSS
44
Priority
CVE-2026-35663
Privilege escalation in OpenClaw versions prior to 2026.3.25 allows authenticated low-privilege operators to bypass pairing requirements during backend reconnection, self-requesting elevated scopes to gain operator.admin privileges. Attackers with existing operator credentials exploit improper scope validation (CWE-648) to escalate from limited operator access to full administrative control over the OpenClaw system. Exploitation requires network access and low-privilege authentication (CVSS:3.1 PR:L), enabling high-impact compromise of confidentiality, integrity, and availability. No public exploit identified at time of analysis.
Why flagged?
8.7
CVSS 4.0
0.0%
EPSS
44
Priority
CVE-2026-35639
Privilege escalation in OpenClaw before 2026.3.22 enables authenticated attackers with operator.pairing approver role to escalate privileges to operator.admin through insufficient scope validation in the device.pair.approve method. Exploitation allows approval of device requests with broader operator scopes than the approver legitimately holds, ultimately enabling remote code execution on Node infrastructure. Affects OpenClaw deployments where role-based access control enforces operator privilege hierarchies. No public exploit identified at time of analysis.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: rce
  • Strong evidence (KEV / high EPSS / multi-source)
8.7
CVSS 4.0
0.2%
EPSS
44
Priority
CVE-2026-33778
Remote denial-of-service in Juniper Networks Junos OS (SRX/MX Series) allows unauthenticated attackers to crash IPsec daemons via malformed ISAKMP packets. Exploiting the improper input validation (CWE-1286) in kmd/iked IPsec library causes process restart, preventing new VPN security association establishment. Repeated attacks create sustained inability to establish VPN connections, severely degrading network connectivity for affected enterprise firewalls and routing platforms. No public exploit identified at time of analysis.
NIS2 DORA ICT dependency No patch available Juniper
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Third-party ICT: Juniper
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
  • HIGH severity
  • ICT provider: Juniper (Network & Security)
  • No remediation available
8.7
CVSS 4.0
0.1%
EPSS
44
Priority
CVE-2026-35638
Privilege escalation in OpenClaw Control UI enables unauthenticated attackers to claim arbitrary privileged scopes without device identity verification. By exploiting the trusted-proxy mechanism's device-less allow path, attackers bypass authentication requirements and maintain elevated permissions across sessions. Affects OpenClaw versions prior to 2026.3.22. Attackers with low-privilege access can escalate to high-impact confidentiality and integrity compromise. No public exploit identified at time of analysis.
Why flagged?
8.7
CVSS 4.0
0.0%
EPSS
44
Priority
CVE-2026-34621
Prototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execution in user context via malicious PDF files. Attack requires user interaction to open a crafted document. CVSS 9.6 (Critical) reflects network-deliverable code execution with scope change, though EPSS 0.24% (46th percentile) suggests moderate real-world exploitation probability. No public exploit identified at time of analysis.
NIS2 DORA Edge exposure ICT dependency No patch available Adobe PoC
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-1321: Prototype Pollution)
  • Third-party ICT: Adobe
  • Proof of concept available
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: Adobe (ERP & Business Platforms)
  • No remediation available
8.6
CVSS 3.1
0.2%
EPSS
43
Priority
CVE-2026-39338
Reflected cross-site scripting (XSS) in ChurchCRM's dashboard search parameter allows unauthenticated remote attackers to execute arbitrary JavaScript in victims' browsers. Versions prior to 7.1.0 fail to sanitize user input, enabling payload execution even when server-side validation triggers HTTP 500 errors. The CVSS v4.0 score of 8.6 reflects network accessibility (AV:N), low complexity (AC:L), no authentication required (PR:N), and high confidentiality/integrity impact (VC:H/VI:H). No public exploit identified at time of analysis, though EPSS data is unavailable for risk quantification.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-79: Cross-site Scripting (XSS))
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
8.6
CVSS 4.0
0.1%
EPSS
43
Priority
CVE-2026-33229
Privilege escalation in XWiki Platform 17.x allows users with script rights to execute arbitrary Python code via an improperly protected scripting API, bypassing Velocity sandbox protections and gaining full system access. This affects XWiki Platform oldcore and legacy-oldcore components prior to versions 17.4.8 and 17.10.1. While requiring existing script-level privileges, the vulnerability enables complete compromise of confidentiality, integrity, and availability. Vendor-released patch available; no public exploit identified at time of analysis.
NIS2 Edge exposure Management plane
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • Management plane (Missing Authorization)
  • Strong evidence (KEV / high EPSS / multi-source)
8.6
CVSS 4.0
0.0%
EPSS
43
Priority
CVE-2026-5501
Certificate chain validation bypass in wolfSSL's OpenSSL compatibility layer allows authenticated network attackers to forge arbitrary certificates. Attackers possessing any legitimate leaf certificate from a trusted CA can craft fraudulent certificates for any subject name with arbitrary keys, bypassing signature verification when an untrusted CA:FALSE intermediate is inserted. Affects nginx and haproxy integrations using wolfSSL's OpenSSL compatibility API; native wolfSSL TLS handshake (ProcessPeerCerts) not vulnerable. No public exploit identified at time of analysis.
NIS2 DORA ICT dependency No patch available F5
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Third-party ICT: F5
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: F5 (Network & Security)
  • No remediation available
8.6
CVSS 4.0
0.0%
EPSS
43
Priority
CVE-2026-34588
Integer overflow in OpenEXR's PIZ wavelet decompression leads to out-of-bounds memory access when processing malicious EXR image files. Affects OpenEXR 3.1.0 through 3.2.6, 3.3.0-3.3.8, and 3.4.0-3.4.8. Local attackers can trigger memory corruption through crafted EXR files without authentication (CVSS:4.0 AV:L/PR:N), achieving high confidentiality, integrity, and availability impact. EPSS data not available; no public exploit identified at time of analysis. Vendor-released patches available in versions 3.2.7, 3.3.9, and 3.4.9.
Why flagged?
8.6
CVSS 4.0
0.0%
EPSS
43
Priority
CVE-2026-39983
Command injection in basic-ftp npm package v5.2.0 allows unauthenticated remote attackers to inject arbitrary FTP protocol commands via CRLF sequences in file path parameters. Affected methods include cd(), remove(), rename(), uploadFrom(), downloadTo(), list(), and removeDir(). Inadequate input sanitization in protectWhitespace() combined with direct socket writes enables attackers to split single FTP commands into multiple commands, leading to unauthorized file deletion, directory manipulation, file exfiltration, or session hijacking. Vendor-released patch available in version 5.2.1. No public exploit identified at time of analysis. EPSS unavailable.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: command-injection
  • Moderate evidence (PoC / elevated EPSS)
8.6
CVSS 3.1
1.2%
EPSS
43
Priority
CVE-2026-35643
Remote code execution in OpenClaw Android application (versions before 2026.3.22) allows unauthenticated attackers to execute arbitrary code through an unvalidated WebView JavascriptInterface. Attackers craft malicious web pages that invoke the exposed canvas bridge, executing instructions within the application's Android context when users interact with untrusted content. The vulnerability requires user interaction but no authentication, enabling high-severity compromise of confidentiality, integrity, and availability. No public exploit identified at time of analysis.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: rce
  • Strong evidence (KEV / high EPSS / multi-source)
8.6
CVSS 4.0
0.0%
EPSS
43
Priority
CVE-2026-40158
Arbitrary code execution in PraisonAI multi-agent system (<4.5.128) via Python sandbox escape. Incomplete AST attribute filtering allows type.__getattribute__ trampoline to bypass restrictions on __subclasses__, __globals__, and __bases__, enabling untrusted agent code to break containment. Attack requires local access and user interaction to execute malicious code. No public exploit identified at time of analysis.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-94: Code Injection)
  • Strong evidence (KEV / high EPSS / multi-source)
8.6
CVSS 3.1
0.0%
EPSS
43
Priority
CVE-2026-35399
Stored cross-site scripting (XSS) in WeGIA Web manager for charitable institutions allows remote attackers to inject malicious scripts via specially crafted backup filenames, leading to session hijacking or unauthorized actions performed in victim browsers. Affects versions prior to 3.6.9. No public exploit identified at time of analysis, though CVSS 8.5 reflects high impact to confidentiality and integrity with low attack complexity and no authentication requirements.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-79: Cross-site Scripting (XSS))
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
8.5
CVSS 4.0
0.1%
EPSS
43
Priority
CVE-2026-39495
Blind SQL injection in NSquared Simply Schedule Appointments WordPress plugin versions ≤1.6.9.27 allows authenticated attackers with low-privilege access to extract sensitive database contents and potentially trigger denial-of-service conditions. The vulnerability stems from improper neutralization of SQL special elements in user-controlled input. Network-accessible exploitation requires valid credentials but no user interaction. CVSS 8.5 severity reflects high confidentiality impact with scope change, enabling cross-boundary data access. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.02%, 6th percentile).
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-89: SQL Injection)
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
8.5
CVSS 3.1
0.0%
EPSS
43
Priority
CVE-2026-32860
Memory corruption via out-of-bounds write in NI LabVIEW allows arbitrary code execution when processing malicious LVLIB files. Affects LabVIEW 2026 Q1 (26.1.0) and all prior versions. Attack requires local access and user interaction to open a specially crafted .lvlib project library file (CVSS 8.5, AV:L/PR:N/UI:P). No public exploit identified at time of analysis. EPSS data not available, but the local attack vector and user interaction requirement significantly limit immediate mass exploitation risk despite high CVSS score.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: rce
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
8.5
CVSS 4.0
0.0%
EPSS
43
Priority
CVE-2026-32864
Memory corruption via out-of-bounds read in NI LabVIEW's mgcore_SH_25_3!aligned_free() function enables information disclosure or arbitrary code execution when users open maliciously crafted VI files. Affects LabVIEW 2026 Q1 (26.1.0) and all prior versions. CVSS 8.5 severity stems from local attack vector requiring user interaction but no authentication. No public exploit identified at time of analysis, though the vendor advisory confirms the vulnerability's existence and technical details.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: rce
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
8.5
CVSS 4.0
0.0%
EPSS
43
Priority
CVE-2026-32861
Memory corruption via out-of-bounds write in NI LabVIEW allows arbitrary code execution and information disclosure when processing maliciously crafted .lvclass files. Affects LabVIEW 2026 Q1 (26.1.0) and all prior versions. Attack requires local access and user interaction to open the weaponized file (CVSS AV:L/UI:P). No public exploit identified at time of analysis, though the vendor advisory confirms the vulnerability and provides remediation guidance.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: rce
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
8.5
CVSS 4.0
0.0%
EPSS
43
Priority
CVE-2026-32862
Memory corruption in NI LabVIEW's ResFileFactory::InitResourceMgr() function allows arbitrary code execution or information disclosure when users open malicious VI files. Affects LabVIEW 2026 Q1 (26.1.0) and all prior versions. CVSS 8.5 severity reflects high impact potential, though exploitation requires user interaction to open a crafted file. No public exploit identified at time of analysis, with EPSS data unavailable for this recently assigned CVE. Local attack vector limits remote exploitation scenarios.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: rce
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
8.5
CVSS 4.0
0.0%
EPSS
43
Priority
CVE-2026-32863
Memory corruption in NI LabVIEW 26.1.0 and earlier allows local attackers to execute arbitrary code or disclose sensitive information via maliciously crafted VI files. The vulnerability stems from an out-of-bounds read in sentry_transaction_context_set_operation(), requiring user interaction to open a specially crafted file. CVSS 8.5 (High) with local attack vector and low complexity. No public exploit identified at time of analysis, and EPSS data not available for this recently published CVE.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: rce
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
8.5
CVSS 4.0
0.0%
EPSS
43
Priority
CVE-2026-1342
Local code execution in IBM Security Verify Access 10.0-10.0.9.1 and 11.0-11.0.2 (both container and non-container deployments) allows unauthenticated local attackers to execute malicious scripts from outside the application's control sphere. This CWE-829 inclusion of functionality from untrusted control sphere vulnerability achieves container escape (scope change to C in CVSS vector), enabling high confidentiality impact and limited integrity/availability impact. No public exploit or active exploitation confirmed at time of analysis, though the low attack complexity (AC:L) and lack of required privileges (PR:N) make this readily exploitable by local users.
NIS2 DORA ICT dependency No patch available IBM Cloud
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Third-party ICT: IBM Cloud
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: IBM Cloud (Cloud Providers)
  • No remediation available
8.5
CVSS 3.1
0.0%
EPSS
43
Priority
CVE-2026-5329
Remote code execution in Rapid7 Velociraptor server (versions <0.76.2, primarily Linux) allows authenticated attackers to write arbitrary messages to privileged internal queues via crafted client monitoring messages with malicious queue names. Improper input validation in the server's client monitoring message handler fails to sanitize queue names supplied by rogue clients, enabling queue injection attacks that escalate to RCE. Affects self-hosted instances only; Rapid7 Hosted Velociraptor instances are not vulnerable. No public exploit identified at time of analysis.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-20: Improper Input Validation)
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
8.5
CVSS 3.1
0.2%
EPSS
42
Priority
CVE-2026-39942
Authenticated file overwrite vulnerability in Directus < 11.17.0 allows low-privileged users to corrupt arbitrary files by manipulating the filename_disk parameter in PATCH /files/{id} requests. Attackers can overwrite other users' file content and forge metadata fields (e.g., uploaded_by) to hide evidence of tampering. Requires authenticated access (PR:L). Scope change (S:C) indicates potential cross-tenant impact. No public exploit identified at time of analysis.
Management plane
Why flagged?
8.5
CVSS 3.1
0.0%
EPSS
42
Priority
Prev Page 11 of 25 (620 CVEs) Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy