NIS2 & DORA Compliance

Regulatory triage for vulnerability prioritization – classification based on existing CVE data

Regulatory Triage ICT Providers
NIS2 Relevant
442
DORA Relevant
65
Internet-Facing
377
Third-Party ICT
65
Unpatched
444
Exploited
72
Framework:
Period:
Sort:
CVE-2026-34402
Time-based blind SQL injection in ChurchCRM versions prior to 7.1.0 allows authenticated users with Edit Records or Manage Groups permissions to exfiltrate or modify database content including credentials, PII, and configuration secrets via the PropertyAssign.php endpoint. Attack requires low-privilege authentication (PR:L) but enables high confidentiality and integrity impact through database manipulation. No public exploit identified at time of analysis, though EPSS data was not provided. CVSS 8.1 reflects network-accessible exploitation with low complexity requiring only basic user privileges.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-89: SQL Injection)
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
8.1
CVSS 3.1
0.0%
EPSS
40
Priority
CVE-2026-39393
Remote attackers can achieve full application takeover in CI4MS (CodeIgniter 4 CMS skeleton) versions prior to 0.31.4.0 by exploiting a fail-open authentication bypass in the installation route guard. When cache expires or database connectivity fails, unauthenticated attackers can re-access the setup wizard to overwrite .env configuration with malicious database credentials, gaining complete control of the application. No public exploit identified at time of analysis, though the attack vector is network-accessible with high complexity (CVSS:3.1/AV:N/AC:H/PR:N). EPSS data not available; real-world risk depends on deployment environments with intermittent database connectivity.
NIS2 Edge exposure Management plane
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-306: Missing Authentication for Critical Function)
  • Management plane (Missing Authentication for Critical Function)
  • Moderate evidence (PoC / elevated EPSS)
8.1
CVSS 3.1
0.0%
EPSS
40
Priority
CVE-2025-58913
Local file inclusion in CactusThemes VideoPro WordPress theme through version 2.3.8.1 allows unauthenticated remote attackers to read arbitrary files on the server via improper filename control in PHP include/require statements. Exploitation requires high attack complexity but no user interaction. EPSS score indicates low observed exploitation activity; no public exploit identified at time of analysis.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-98: Improper Control of Filename (LFI/RFI))
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
8.1
CVSS 3.1
0.1%
EPSS
40
Priority
CVE-2026-40070
Signature verification bypass in BSV Ruby SDK versions 0.3.1 through 0.8.1 allows authenticated attackers to forge blockchain identity certificates. The WalletClient#acquire_certificate method persists certificates without validating certifier signatures in both 'direct' acquisition (where attackers supply all fields including forged signatures) and 'issuance' protocols (where malicious certifier endpoints inject invalid signatures). Forged certificates appear authentic to list_certificates and prove_certificate operations, enabling impersonation attacks. CVSS 8.1 (AV:N/AC:L/PR:L/UI:N) reflects network-accessible exploitation requiring low-privilege authentication. No public exploit identified at time of analysis.
Why flagged?
8.1
CVSS 3.1
0.0%
EPSS
40
Priority
CVE-2026-40259
Unauthorized deletion of attribute view definitions in SiYuan note-taking application allows authenticated publish-service readers to permanently destroy arbitrary workspace data. Attackers with low-privilege publish credentials can extract attribute view IDs from published content markup (exposed as data-av-id attributes) and invoke the /api/av/removeUnusedAttributeView endpoint to delete corresponding JSON definition files. The endpoint lacks proper authorization controls, accepting RoleReader tokens despite performing destructive write operations. Successful exploitation corrupts database views, breaks local workspace rendering, and causes operational disruption requiring manual restoration.
NIS2 Edge exposure Management plane
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • Management plane (Improper Authorization)
  • Moderate evidence (PoC / elevated EPSS)
8.1
CVSS 3.1
40
Priority
CVE-2026-40093
Timestamp manipulation in Nimiq Core Rust implementation (nimiq-blockchain 1.3.0 and earlier) allows authenticated block-producing validators to set arbitrarily future block timestamps, bypassing validation constraints and directly inflating the blockchain's monetary supply beyond the intended emission schedule through compromised Policy::supply_at() and batch_delay() reward calculations. The vulnerability exploits absent upper-bound wall-clock validation in non-skip and skip block timestamp verification logic, enabling integrity compromise of the blockchain's economic model. No public exploit identified at time of analysis.
No patch available
Why flagged?
8.1
CVSS 3.1
0.1%
EPSS
40
Priority
CVE-2026-5436
Arbitrary file manipulation in MW WP Form plugin (WordPress) versions ≤5.1.1 allows unauthenticated attackers to move sensitive server files into web-accessible directories, enabling remote code execution. The vulnerability stems from insufficient validation of upload field keys in generate_user_file_dirpath(), exploiting WordPress's path_join() behavior with absolute paths. Attackers inject malicious keys via mwf_upload_files[] POST parameter to relocate critical files like wp-config.php. Exploitation requires forms with enabled file upload fields and 'Saving inquiry data in database' option. No public exploit identified at time of analysis.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-22: Path Traversal)
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
8.1
CVSS 3.1
0.2%
EPSS
40
Priority
CVE-2026-39394
Environment variable injection in CI4MS CMS allows remote attackers to inject arbitrary configuration directives into the .env file during installation, potentially leading to full system compromise. Versions before 0.31.4.0 fail to sanitize newline characters in the host POST parameter, enabling attackers to bypass CSRF-disabled install routes and inject malicious configuration when InstallFilter validation fails. No public exploit identified at time of analysis, though EPSS exploitation probability warrants monitoring given the unauthenticated network attack vector.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: csrf
  • Strong evidence (KEV / high EPSS / multi-source)
8.1
CVSS 3.1
0.0%
EPSS
40
Priority
CVE-2026-33466
Remote code execution in Elastic Logstash versions 8.0.0 through 8.19.13 allows unauthenticated network attackers to write arbitrary files and execute code via malicious compressed archives. The vulnerability exploits improper path validation in archive extraction utilities, enabling attackers who compromise or control update endpoints to deliver path traversal payloads. When automatic pipeline reloading is enabled, arbitrary file writes escalate to full RCE with Logstash process privileges. CVSS 8.1 (High) with network vector but high attack complexity. EPSS data and KEV status not provided; no public exploit confirmed at time of analysis, though the technical details disclosed increase weaponization risk for environments with exposed update mechanisms.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-22: Path Traversal)
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
8.1
CVSS 3.1
0.3%
EPSS
40
Priority
CVE-2026-25208
Integer overflow in Samsung Escargot JavaScript engine allows remote attackers to trigger buffer overflows without authentication via network-delivered crafted JavaScript code. Affects commit 97e8115ab and prior versions. No public exploit identified at time of analysis, though upstream fix available (PR/commit); released patched version not independently confirmed. With CVSS 8.1 (High) and network attack vector requiring high complexity, this represents significant risk for devices and applications embedding the Escargot engine, particularly Samsung smart TV and appliance platforms.
No patch available
Why flagged?
8.1
CVSS 3.1
40
Priority
CVE-2026-40200
Stack-based buffer overflow in musl libc 0.7.10 through 1.2.6 allows local attackers with high complexity requirements to corrupt memory during qsort operations on exceptionally large arrays (exceeding ~7 million elements on 32-bit systems, corresponding to the 32nd Leonardo number). Exploitation requires sorting arrays approaching billion-element scale on 64-bit platforms. Vulnerability stems from incorrect double-word primitive implementation in smoothsort algorithm. Successful exploitation enables arbitrary code execution with scope change, impacting confidentiality, integrity, and availability. No public exploit identified at time of analysis.
No patch available
Why flagged?
8.1
CVSS 3.1
0.0%
EPSS
40
Priority
CVE-2026-40393
Out-of-bounds memory access in Mesa's WebGPU implementation allows remote attackers to achieve code execution, data corruption, or denial of service through untrusted allocation sizes passed to alloca. Affects Mesa versions before 25.3.6 and 26.x before 26.0.1. CVSS 8.1 (High) with network attack vector but high complexity. EPSS data not provided; no public exploit identified at time of analysis. Patch available via upstream merge request with fixed versions released.
No patch available
Why flagged?
8.1
CVSS 3.1
40
Priority
CVE-2025-24818
OS command injection in Nokia MantaRay NM Log Search application allows authenticated adjacent network attackers to execute arbitrary OS commands with high impact to confidentiality, integrity, and availability. The vulnerability affects versions prior to 25R1-NM due to improper neutralization of special elements in OS commands (CWE-77). CVSS score of 8.0 reflects high severity with low attack complexity requiring low-level authentication from adjacent network position. No public exploit identified at time of analysis, though command injection vulnerabilities are well-understood and relatively straightforward to exploit once access requirements are met.
NIS2 DORA Edge exposure ICT dependency No patch available Nokia
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-77: Command Injection)
  • Third-party ICT: Nokia
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: Nokia (Telecom & Critical Infra (NIS2))
  • No remediation available
8.0
CVSS 3.1
0.1%
EPSS
40
Priority
CVE-2025-24817
OS command injection in Nokia MantaRay NM Symptom Collector application allows authenticated adjacent network attackers to execute arbitrary OS commands with high confidentiality, integrity, and availability impact. The vulnerability affects all versions prior to 25R1-NM and requires low-privilege authenticated access over adjacent network with low attack complexity. No public exploit identified at time of analysis, with EPSS exploitation probability at 0.06% (19th percentile), indicating relatively low observed real-world exploitation likelihood despite the high CVSS score.
NIS2 DORA Edge exposure ICT dependency No patch available Nokia
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-78: OS Command Injection)
  • Third-party ICT: Nokia
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
  • HIGH severity
  • ICT provider: Nokia (Telecom & Critical Infra (NIS2))
  • No remediation available
8.0
CVSS 3.1
0.1%
EPSS
40
Priority
CVE-2026-20432
Out-of-bounds write in MediaTek modem chipset implementations allows remote privilege escalation when user equipment connects to an attacker-controlled rogue cellular base station. Affects 57 MediaTek chipset models across MT67xx, MT68xx, MT69xx, MT87xx, and MT27xx families used in mobile devices. Authentication not required (CVSS PR:N) but requires adjacent network access and user interaction to connect to malicious base station. EPSS score of 0.06% (18th percentile) indicates low observed exploitation probability. No public exploit identified at time of analysis, though vendor patch MOLY01406170 has been released per April 2026 MediaTek security bulletin.
No patch available
Why flagged?
8.0
CVSS 3.1
0.1%
EPSS
40
Priority
CVE-2026-35575
Stored Cross-Site Scripting in ChurchCRM admin panel enables session hijacking and administrative account takeover through malicious group names. Authenticated users with group-creation privileges can inject JavaScript that executes when administrators view group listings, stealing session cookies. ChurchCRM versions prior to 6.5.3 are affected. No public exploit identified at time of analysis, with EPSS data unavailable, though the low attack complexity (AC:L) and availability of technical details in the GitHub Security Advisory increase exploitation risk for authenticated internal threats.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-79: Cross-site Scripting (XSS))
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
8.0
CVSS 3.1
0.0%
EPSS
40
Priority
CVE-2026-34444
Arbitrary code execution in Lupa (Python-Lua integration library) versions ≤2.6 allows unauthenticated remote attackers to bypass attribute filtering controls via Python's getattr/setattr built-ins. The vulnerability enables attackers to circumvent sandbox restrictions designed to limit Lua runtime access to sensitive Python objects, ultimately achieving code execution in the CPython host process. EPSS data unavailable; no CISA KEV listing or public exploit identified at time of analysis, though exploitation complexity is low per CVSS vector (AC:L, PR:N).
NIS2 Edge exposure No patch available Management plane
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass, rce
  • No patch available
  • Management plane (Improper Access Control)
  • Strong evidence (KEV / high EPSS / multi-source)
7.9
CVSS 4.0
0.1%
EPSS
40
Priority
CVE-2026-40149
Unauthenticated modification of the tool approval allowlist in PraisonAI multi-agent system (versions prior to 4.5.128) enables attackers to bypass human-in-the-loop safety controls by injecting dangerous tool names (shell_exec, file_write) into the allowlist via the /api/approval/allow-list gateway endpoint. The ExecApprovalManager then auto-approves agent invocations of these tools, circumventing the approval mechanism's core security function. Attack requires local access; no public exploit identified at time of analysis. CVSS 7.9 reflects high integrity impact with scope change due to compromised safety boundaries in agent workflows.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • Moderate evidence (PoC / elevated EPSS)
7.9
CVSS 3.1
0.0%
EPSS
40
Priority
CVE-2026-4151
Remote code execution in GIMP via integer overflow during ANI (animated cursor) file parsing allows unauthenticated attackers to execute arbitrary code with user privileges when malicious ANI files are opened. Exploitation requires user interaction (opening crafted file or visiting attacker-controlled page). Insufficient validation of user-supplied data triggers integer overflow before buffer allocation, enabling memory corruption. No public exploit identified at time of analysis. CVSS 7.8 (High) reflects local attack vector with no privilege requirements.
NIS2 DORA Edge exposure ICT dependency SUSE
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: rce
  • Third-party ICT: SUSE
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: SUSE (Infrastructure & Virtualization)
7.8
CVSS 3.0
0.1%
EPSS
39
Priority
CVE-2026-4150
Integer overflow in GIMP PSD file parser enables remote code execution when users open malicious PSD files. Affects GIMP installations across platforms. Exploitation requires user interaction (opening crafted file). Attacker achieves arbitrary code execution in application context with high confidentiality, integrity, and availability impact. Publicly available exploit code exists. Insufficient validation of user-supplied data during buffer allocation causes overflow, allowing memory corruption and code execution.
NIS2 DORA Edge exposure ICT dependency SUSE
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: rce
  • Third-party ICT: SUSE
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: SUSE (Infrastructure & Virtualization)
7.8
CVSS 3.0
0.1%
EPSS
39
Priority
CVE-2026-4154
Integer overflow in GIMP XPM file parser enables remote code execution when processing malicious XPM image files. Affects GIMP installations across platforms. Attackers can execute arbitrary code in victim's process context by delivering crafted XPM files via social engineering or drive-by downloads. Vulnerability requires user interaction (opening malicious file). CVSS 7.8 (High severity). No public exploit identified at time of analysis. Upstream patch committed to GIMP repository; vendor-released version not independently confirmed.
NIS2 DORA Edge exposure ICT dependency SUSE
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: rce
  • Third-party ICT: SUSE
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: SUSE (Infrastructure & Virtualization)
7.8
CVSS 3.0
0.1%
EPSS
39
Priority
CVE-2026-4152
Heap-based buffer overflow in GIMP's JP2 image parser enables unauthenticated remote code execution when users open crafted JPEG 2000 files. The vulnerability stems from insufficient validation of user-supplied data length before copying to heap memory, allowing attackers to execute arbitrary code with user privileges. Exploitation requires social engineering to convince targets to open malicious JP2 files. No public exploit identified at time of analysis.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: rce
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
7.8
CVSS 3.0
0.1%
EPSS
39
Priority
CVE-2026-4153
Heap-based buffer overflow in GIMP's PSP (Paint Shop Pro) file parser enables remote code execution when processing malicious PSP image files. Unauthenticated attackers can execute arbitrary code with user privileges by convincing targets to open crafted PSP files. CVSS 7.8 (High) reflects local attack vector requiring user interaction. No public exploit identified at time of analysis. Vulnerability tracked as ZDI-CAN-28874 by Zero Day Initiative.
NIS2 DORA Edge exposure ICT dependency SUSE
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: rce
  • Third-party ICT: SUSE
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: SUSE (Infrastructure & Virtualization)
7.8
CVSS 3.0
0.1%
EPSS
39
Priority
CVE-2026-5496
Type confusion in Labcenter Electronics Proteus PDSPRJ file parser enables remote code execution when users open malicious project files. Attackers exploit insufficient validation during file parsing to trigger memory corruption, achieving arbitrary code execution with victim user privileges. Requires social engineering to deliver weaponized PDSPRJ files via email, web download, or file sharing. Publicly available exploit code exists (ZDI advisory disclosure). CVSS 7.8 reflects local attack vector requiring user interaction but no authentication.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: rce
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
7.8
CVSS 3.0
0.0%
EPSS
39
Priority
CVE-2026-5494
Out-of-bounds write in Labcenter Electronics Proteus PDSPRJ file parser enables unauthenticated remote code execution with high integrity impact. Exploitation requires user interaction (opening malicious PDSPRJ file or visiting attacker-controlled page). Insufficient input validation during PDSPRJ processing allows buffer overflow, writing arbitrary data beyond allocated memory boundaries. Successful exploitation grants attacker code execution in application context with full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: rce
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
7.8
CVSS 3.0
0.0%
EPSS
39
Priority
Prev Page 15 of 26 (626 CVEs) Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy