NIS2 & DORA Compliance

Regulatory triage for vulnerability prioritization – classification based on existing CVE data

Regulatory Triage ICT Providers
NIS2 Relevant
450
DORA Relevant
62
Internet-Facing
388
Third-Party ICT
62
Unpatched
429
Exploited
73
Framework:
Period:
Sort:
CVE-2026-6069
Stack-based buffer overflow in NASM's disasm() function enables unauthenticated denial-of-service when processing malicious assembly input. Attacker-controlled disassembly formatting triggers out-of-bounds write when string length exceeds buffer capacity, causing application crash. Affects NASM assembler version 3.02rc5. Publicly available exploit code exists. CVSS 7.5 (High) reflects network-accessible attack vector requiring no privileges or user interaction, with availability impact only.
No patch available
Why flagged?
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-39376
Unbounded recursion in FastFeedParser (Python RSS/Atom parser) allows remote attackers to crash applications via malicious HTML meta-refresh redirect chains. Affecting all versions prior to 0.5.10, attackers can trigger denial-of-service by serving infinite meta-refresh redirects when parse() fetches attacker-controlled URLs, exhausting the Python call stack with no recursion depth limit. EPSS data not available, no public exploit identified at time of analysis, but exploit development is trivial given the straightforward attack vector requiring only HTTP server control.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: ssrf
  • Strong evidence (KEV / high EPSS / multi-source)
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-24146
NVIDIA Triton Inference Server crashes when processing inference requests with insufficient input validation combined with large output counts, enabling remote denial of service without authentication (CVSS 7.5, EPSS data not available). The vulnerability affects all versions prior to r26.02, with no public exploit identified at time of analysis. Unauthenticated remote attackers can exploit this flaw with low complexity (AV:N/AC:L/PR:N) to completely disrupt machine learning inference services.
No patch available
Why flagged?
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-24173
Integer overflow in NVIDIA Triton Inference Server allows unauthenticated remote attackers to crash the server through malformed requests, causing denial of service. All versions prior to r26.02 are affected. CVSS 7.5 (High) with network attack vector, low complexity, and no authentication required. EPSS and KEV data not provided; no public exploit identified at time of analysis. Organizations running Triton Inference Server for ML model deployment should prioritize patching to prevent service disruption.
No patch available
Why flagged?
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-24174
Remote denial of service in NVIDIA Triton Inference Server (all versions prior to r26.02) allows unauthenticated attackers to crash the server via malformed requests. The vulnerability has a CVSS score of 7.5 with network-accessible attack vector and low complexity, requiring no privileges or user interaction. EPSS data not provided; no public exploit identified at time of analysis. The issue stems from improper conversion between numeric types (CWE-681), enabling trivial service disruption for ML inference workloads.
No patch available
Why flagged?
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-24175
Remote denial of service in NVIDIA Triton Inference Server versions prior to r26.02 allows unauthenticated attackers to crash the server by sending malformed HTTP request headers over the network. The vulnerability scores 7.5 (High) with maximum availability impact, requires no authentication or user interaction, and has low attack complexity. EPSS and KEV data not provided; no public exploit identified at time of analysis.
No patch available
Why flagged?
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-31940
Session fixation in Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 enables unauthenticated remote attackers to hijack user sessions via main/lp/aicc_hacp.php. User-controlled request parameters directly manipulate PHP session IDs before application bootstrap, allowing attackers to force victims into attacker-controlled sessions. Successful exploitation grants high-severity access to confidential data and platform integrity. No public exploit identified at time of analysis.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-384: Session Fixation)
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-3902
Header spoofing in Django 4.2 through 6.0 allows remote attackers to bypass security controls by exploiting ambiguous ASGI header normalization. The ASGIRequest handler incorrectly maps both hyphenated and underscored header variants to the same underscored version, enabling attackers to send conflicting headers where the malicious version overwrites legitimate security headers. Affects Django 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. No public exploit identified at time of analysis. EPSS data not available, but the unauthenticated network attack vector and high integrity impact warrant immediate patching.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • Strong evidence (KEV / high EPSS / multi-source)
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-40116
Unauthenticated resource exhaustion in PraisonAI versions prior to 4.5.128 allows remote attackers to drain OpenAI API credits and exhaust server resources. The /media-stream WebSocket endpoint in the call module accepts connections without authentication or Twilio signature validation, enabling unlimited concurrent sessions to OpenAI's Realtime API using the server's credentials. No public exploit identified at time of analysis. Affects PraisonAI deployments exposing the call module's WebSocket interface.
Why flagged?
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-30075
Buffer overflow in OpenAirInterface 2.2.0 AUSF component crashes service when processing oversized NAS PDU Authentication Response via UplinkNASTransport messages. Unauthenticated remote attackers can send malformed authentication responses (e.g., 100-byte payloads exceeding expected bounds) triggering AUSF component crash, preventing legitimate user registration and verification. Affects 5G core network deployments using OpenAirInterface AUSF. No public exploit identified at time of analysis. CVSS 7.5 High severity due to network-accessible denial of service without authentication requirements.
No patch available
Why flagged?
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-22750
SSL bundle configuration bypass in VMware Spring Cloud Gateway 4.2.0 allows unaneticated remote attackers to compromise integrity through forced fallback to default SSL settings. When administrators configure custom SSL bundles via spring.ssl.bundle property, the framework silently ignores this configuration and applies insecure defaults instead, enabling man-in-the-middle attacks against intended encrypted communications. Affects Spring Cloud Gateway 4.2.0 with no public exploit identified at time of analysis.
Why flagged?
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-40198
Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. _pack_ipv6() does not check that uncompressed IPv6 addresses (without ::) have exactly
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-39356
SQL injection in Drizzle ORM (TypeScript) allows unauthenticated remote attackers to extract database contents via improperly escaped SQL identifiers in versions prior to 0.45.2 and 1.0.0-beta.20. Applications passing user-controlled input to sql.identifier() or .as() methods are vulnerable to identifier termination and arbitrary SQL injection. CVSS 7.5 (High) with network attack vector and low complexity. EPSS data not available; no public exploit identified at time of analysis, though the GitHub security advisory provides technical details that could enable exploitation.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-89: SQL Injection)
  • Strong evidence (KEV / high EPSS / multi-source)
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-39885
Server-Side Request Forgery in mcp-from-openapi (<= 2.1.2) allows unauthenticated remote attackers to retrieve cloud metadata credentials, scan internal networks, and read local files by providing malicious OpenAPI specifications containing $ref pointers to internal URLs (http://169.254.169.254/) or file:// paths. The library's json-schema-ref-parser fetches referenced resources without protocol or hostname restrictions during OpenAPI document initialization, enabling AWS/GCP/Azure credential theft and arbitrary file disclosure with no privileges required beyond spec submission.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-918: Server-Side Request Forgery (SSRF))
  • Strong evidence (KEV / high EPSS / multi-source)
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-35486
Server-Side Request Forgery (SSRF) in oobabooga text-generation-webui versions prior to 4.3 allows unauthenticated remote attackers to access cloud metadata endpoints, exfiltrate IAM credentials, and probe internal network services via malicious URLs processed by the superbooga/superboogav2 RAG extensions. The vulnerability stems from unvalidated requests.get() calls with no scheme, IP, or hostname filtering. No public exploit identified at time of analysis, though exploitation complexity is low (CVSS AC:L). EPSS data not provided, but the attack vector is network-accessible without authentication (AV:N/PR:N), making this a significant risk for publicly exposed instances in cloud environments.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-918: Server-Side Request Forgery (SSRF))
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-4660
Arbitrary file read vulnerability in HashiCorp go-getter library versions up to 1.8.5 enables unauthenticated remote attackers to access sensitive files from the target filesystem through specially crafted git operation URLs. The vulnerability permits confidentiality breach without authentication requirements, affecting network-accessible services utilizing the library for repository cloning or fetching operations. Fixed in version 1.8.6; go-getter/v2 branch unaffected. No public exploit identified at time of analysis.
NIS2 DORA ICT dependency HashiCorp
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Third-party ICT: HashiCorp
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: HashiCorp (Dev Platforms & CI/CD)
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-40069
Incorrect transaction broadcast failure detection in BSV Ruby SDK 0.1.0 through 0.8.1 allows unauthenticated remote attackers to manipulate application logic by exploiting incomplete ARC response validation. The SDK's BSV::Network::ARC module only recognizes REJECTED and DOUBLE_SPEND_ATTEMPTED status codes as failures, silently treating INVALID, MALFORMED, MINED_IN_STALE_BLOCK, and ORPHAN-containing responses as successful broadcasts. Applications relying on broadcast confirmation for gating critical actions accept failed transactions as valid, enabling integrity compromise in blockchain-dependent workflows. No public exploit identified at time of analysis.
Why flagged?
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-33710
Predictable API key generation in Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 allows unauthenticated remote attackers to brute-force valid REST API keys. The md5-based generation algorithm uses a flawed random seed (rand(10000,10000) always returns 10000), reducing the keyspace to md5(timestamp + user_id*5 - 10000). Attackers with knowledge of target usernames and approximate key creation timestamps can enumerate valid API keys through offline computation, enabling unauthorized access to REST API endpoints and confidential data exposure. No public exploit identified at time of analysis.
No patch available
Why flagged?
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-28390
NULL pointer dereference in OpenSSL CMS EnvelopedData processing enables unauthenticated remote denial of service. Affects OpenSSL 1.0.2 through 3.6.x when processing attacker-controlled CMS messages with KeyTransportRecipientInfo using RSA-OAEP encryption. Missing optional parameters field in algorithm identifier triggers crash before authentication occurs. Applications calling CMS_decrypt() on untrusted input (S/MIME, CMS-based protocols) vulnerable. FIPS modules unaffected. No public exploit identified at time of analysis. EPSS indicates low observed exploitation activity.
Why flagged?
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-28389
Null pointer dereference in OpenSSL 1.0.2 through 3.6 CMS EnvelopedData processing crashes applications before authentication when KeyAgreeRecipientInfo messages lack optional parameters field. Unauthenticated remote attackers can trigger denial of service against S/MIME processors and CMS-based protocol handlers calling CMS_decrypt() on untrusted input. FIPS modules unaffected. Vendor-released patches available for all affected branches (1.0.2zp, 1.1.1zg, 3.0.20, 3.3.7, 3.4.5, 3.5.6, 3.6.2). Low observed exploitation activity; no public exploit identified at time of analysis.
Why flagged?
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-33034
Unbounded memory consumption in Django ASGI applications allows unauthenticated remote attackers to bypass DATA_UPLOAD_MAX_MEMORY_SIZE protections via malformed Content-Length headers, leading to denial of service. Affects Django 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. CVSS 7.5 (High) with network-accessible, low-complexity attack vector requiring no privileges. EPSS data not available; no public exploit identified at time of analysis. Vendor patches released April 2026 across all affected major branches.
Why flagged?
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2025-12664
Denial of service in GitLab CE/EE versions 13.0 through 18.10.2 allows unauthenticated remote attackers to exhaust server resources via repeated GraphQL queries. Affects all installations from version 13.0 before patched releases 18.8.9, 18.9.5, and 18.10.3. Attackers can degrade or halt GitLab service availability without authentication, impacting development workflows and CI/CD pipelines. No public exploit identified at time of analysis.
NIS2 DORA ICT dependency No patch available GitLab
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Third-party ICT: GitLab
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
  • HIGH severity
  • ICT provider: GitLab (Dev Platforms & CI/CD)
  • No remediation available
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2025-50672
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 via /yyxz_dlink.asp endpoint enables unauthenticated network-based denial of service attacks. Improper parameter validation allows remote attackers to crash the device or trigger service interruption without authentication, user interaction, or elevated privileges. CVSS 7.5 (High) severity reflects network accessibility and availability impact. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).
No patch available
Why flagged?
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2025-50646
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks through malformed input to the name parameter at /qos_type_asp.asp endpoint. Attackers can trigger service disruption without authentication or user interaction by exploiting insufficient input validation in the QoS management interface. EPSS indicates low observed exploitation activity; no public exploit identified at time of analysis.
No patch available
Why flagged?
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2025-56015
Unauthenticated remote information disclosure in GenieACS 1.2.13 NBI API allows network-based attackers to read sensitive configuration data without authentication. The CVSS vector confirms zero authentication requirements (PR:N), enabling attackers to directly access the NBI API endpoint and exfiltrate high-confidentiality information. Publicly available exploit code exists. Attack complexity is low with no user interaction required. EPSS indicates low observed exploitation activity.
NIS2 Edge exposure No patch available Management plane
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • No patch available
  • Management plane (Improper Access Control)
  • Strong evidence (KEV / high EPSS / multi-source)
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
Prev Page 19 of 25 (621 CVEs) Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy