NIS2 & DORA Compliance

Regulatory triage for vulnerability prioritization – classification based on existing CVE data

Regulatory Triage ICT Providers
NIS2 Relevant
533
DORA Relevant
158
Internet-Facing
375
Third-Party ICT
158
Unpatched
252
Exploited
40
Framework:
Period:
Sort:
CVE-2026-30364
CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function.
No patch available
Why flagged?
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-6372
Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept Cryptocurrencies wit
NIS2 Edge exposure No patch available Management plane
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • No patch available
  • Management plane (Missing Authorization)
  • Strong evidence (KEV / high EPSS / multi-source)
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-30994
Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials.
NIS2 Edge exposure No patch available Management plane
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • No patch available
  • Management plane (Improper Access Control)
  • Strong evidence (KEV / high EPSS / multi-source)
7.5
CVSS 3.1
0.0%
EPSS
38
Priority
CVE-2026-40890
### Summary Processing a malformed input containing a `<` character that is not followed by a `>` character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read o
Why flagged?
7.5
CVSS 3.1
38
Priority
CVE-2026-32071
Remote denial-of-service in Windows Local Security Authority Subsystem Service (LSASS) allows unauthenticated network attackers to crash Windows systems through null pointer dereference exploitation. Affects Windows 10 (versions 1607-22H2), Windows 11 (22H3-26H1), and Windows Server (2016-2025) across multiple release channels. Microsoft has released patches for all affected versions. No public exploit identified at time of analysis, but the low attack complexity (AC:L) and unauthenticated netwo
NIS2 DORA ICT dependency Microsoft Windows
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Third-party ICT: Microsoft Windows
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: Microsoft Windows (Operating Systems)
7.5
CVSS 3.1
0.1%
EPSS
38
Priority
CVE-2026-30656
A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does not validate the in
No patch available
Why flagged?
7.5
CVSS 3.1
38
Priority
CVE-2026-26154
Windows Server Update Service (WSUS) fails to properly validate network inputs, allowing unauthenticated remote attackers to cause denial of service across all Windows Server versions from 2012 through 2025. The vulnerability (CVSS 7.5) enables network-based tampering with high availability impact (AV:N/AC:L/PR:N/UI:N/A:H), though confidentiality and integrity remain unaffected. Patch available per vendor advisory; no public exploit identified at time of analysis. The Authentication Bypass tag and PR:N vector confirm attackers require no credentials, making internet-exposed WSUS servers particularly vulnerable.
NIS2 DORA Edge exposure ICT dependency Microsoft Windows
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-20: Improper Input Validation)
  • Third-party ICT: Microsoft Windows
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: Microsoft Windows (Operating Systems)
7.5
CVSS 3.1
0.2%
EPSS
38
Priority
CVE-2026-40870
Decidim GraphQL API exposes all commentable resources platform-wide without permission checks, enabling unauthorized access to comments and associated data across public and private participation spaces. Affects decidim-api and decidim-comments Ruby gems with default configurations exposing the /api endpoint publicly. No vendor patch available - only workarounds via authentication enforcement or IP allowlisting. CVSS 7.5 (High) reflects network-accessible confidentiality breach, though real-world impact depends heavily on whether the Decidim instance hosts non-public participation spaces.
NIS2 DORA Edge exposure ICT dependency No patch available Management plane F5
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • Third-party ICT: F5
  • No patch available
  • Management plane (Missing Authorization)
  • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
  • HIGH severity
  • ICT provider: F5 (Network & Security)
  • No remediation available
  • Authentication / access control weakness
7.5
CVSS 3.1
38
Priority
CVE-2026-40901
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTr
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-502: Deserialization of Untrusted Data)
  • Moderate evidence (PoC / elevated EPSS)
7.5
CVSS 4.0
38
Priority
CVE-2026-33096
Denial of service in Windows HTTP.sys kernel-mode driver allows unauthenticated remote attackers to crash affected systems via malformed HTTP requests. Affects all currently supported Windows 11 versions (22H2 through 26H1) and Windows Server 2022/2025 editions. The vulnerability stems from an out-of-bounds read (CWE-125) triggered when HTTP.sys processes specially crafted network packets without authentication (CVSS AV:N/PR:N). Vendor-released patches available for all affected versions with specific build numbers identified. No public exploit identified at time of analysis, though low attack complexity (AC:L) suggests straightforward exploitation once technical details emerge.
NIS2 DORA ICT dependency Microsoft Windows
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Third-party ICT: Microsoft Windows
  • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
  • HIGH severity
  • ICT provider: Microsoft Windows (Operating Systems)
7.5
CVSS 3.1
0.1%
EPSS
38
Priority
CVE-2026-40170
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buf
Why flagged?
7.5
CVSS 3.1
38
Priority
CVE-2026-40245
Remote unauthenticated information disclosure in free5GC UDR service allows attackers to retrieve all subscriber permanent identifiers (SUPI/IMSI) via a single HTTP GET request to the 5G Service Based Interface. The vulnerability affects the /nudr-dr/v2/application-data/influenceData/subs-to-notify endpoint due to missing return statements after error handling in api_datarepository.go, causing HTTP 400 responses to leak full subscription data including privacy-sensitive IMSI values. This completely bypasses 3GPP's SUCI privacy mechanism designed to conceal subscriber identities. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) reflects true risk - no authentication, no complexity, network-accessible. EPSS data not available but exploit is trivial (confirmed working POC in description). Not listed in CISA KEV. Patch confirmed available via GitHub security advisory GHSA-wrwh-rpq4-87hf with specific code fix locations verified.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: deserialization
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
7.5
CVSS 3.1
0.1%
EPSS
38
Priority
CVE-2026-30996
An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET reques
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-22: Path Traversal)
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
7.5
CVSS 3.1
0.3%
EPSS
38
Priority
CVE-2026-40303
**Summary** endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls make([]string, count) with no upper bound before any token validation occurs. The function is reached on
Why flagged?
7.5
CVSS 3.1
38
Priority
CVE-2026-4525
HashiCorp Vault exposes authentication tokens to auth plugin backends when auth mounts are configured to pass through the 'Authorization' header. Authenticated attackers with low privileges can potentially capture Vault tokens that should remain confidential, leading to credential theft and privilege escalation. Affects Vault and Vault Enterprise versions 0.11.2 through 1.19.15, 1.20.9, 1.21.4, and pre-2.0.0 releases. Vendor-released patches available in versions 2.0.0, 1.21.5, 1.20.10, and 1.19.16. EPSS data not available; no CISA KEV listing indicates targeted rather than widespread exploitation.
NIS2 DORA ICT dependency HashiCorp
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Third-party ICT: HashiCorp
  • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
  • HIGH severity
  • ICT provider: HashiCorp (Dev Platforms & CI/CD)
7.5
CVSS 3.1
38
Priority
CVE-2026-4659
Path traversal in Unlimited Elements for Elementor (WordPress plugin ≤2.0.6) enables authenticated attackers with Author-level privileges to read arbitrary files from the web server via crafted URLs in the Repeater JSON/CSV URL parameter. The vulnerability chains multiple sanitization failures in URLtoRelative(), urlToPath(), and cleanPath() functions, allowing traversal sequences like ../../../../etc/passwd to bypass domain-stripping logic and access sensitive files including wp-config.php. CVSS 7.5 indicates high confidentiality impact. EPSS and KEV data not provided; no public exploit confirmed at time of analysis. Wordfence reports the issue with detailed code references to vulnerable functions in versions through 2.0.6.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-22: Path Traversal)
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
7.5
CVSS 3.1
38
Priority
CVE-2026-5807
Unauthenticated denial-of-service in HashiCorp Vault versions prior to 2.0.0 allows remote attackers to block legitimate root token generation and rekey operations by repeatedly initiating or canceling these workflows. Attackers exploit a single-slot operation queue (CWE-770: Allocation of Resources Without Limits), preventing administrative recovery and key rotation procedures. CVSS 7.5 (High) reflects network-accessible, low-complexity exploitation requiring no privileges. No active exploitation confirmed (not in CISA KEV), no public POC identified, EPSS data unavailable. Vendor-released patch available in Vault Community and Enterprise 2.0.0.
NIS2 DORA ICT dependency HashiCorp
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Third-party ICT: HashiCorp
  • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
  • HIGH severity
  • ICT provider: HashiCorp (Dev Platforms & CI/CD)
7.5
CVSS 3.1
38
Priority
CVE-2026-3690
Unauthenticated remote attackers bypass authentication in OpenClaw canvas endpoints due to improper authentication implementation (CWE-291). Exploitation requires no user interaction and yields high confidentiality/integrity impact. Network-accessible attack vector with high complexity (CVSS:3.0 7.4 AV:N/AC:H/PR:N). No public exploit identified at time of analysis. Originally reported as ZDI-CAN-29311.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
7.4
CVSS 3.0
0.1%
EPSS
37
Priority
CVE-2026-6137
Stack-based buffer overflow in Tenda F451 router firmware 1.0.0.7_cn_svn7958 allows authenticated remote attackers to achieve complete system compromise (confidentiality, integrity, availability breach) via malformed ADSL/WAN configuration parameters. The vulnerability resides in the fromAdvSetWan function handling wanmode and PPPOEPassword arguments. Publicly available exploit code exists, significantly lowering the barrier to exploitation. CVSS 7.4 (High) with low attack complexity and network-reachable attack vector indicates substantial risk for exposed management interfaces.
No patch available
Why flagged?
7.4
CVSS 4.0
0.0%
EPSS
37
Priority
CVE-2026-34727
Authentication bypass in Vikunja task management platform allows unauthenticated attackers to circumvent two-factor authentication when OIDC email-based user matching is enabled. The OIDC callback handler issues complete JWT tokens without validating TOTP enrollment status, enabling full account access to users with configured TOTP protection when matched through OIDC email fallback. Affects versions prior to 2.3.0. No public exploit identified at time of analysis.
NIS2 Edge exposure Management plane
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-287: Improper Authentication)
  • Management plane (Improper Authentication)
  • Strong evidence (KEV / high EPSS / multi-source)
7.4
CVSS 3.1
0.0%
EPSS
37
Priority
CVE-2026-2332
HTTP request smuggling in Eclipse Jetty versions 9.4.0-12.1.6 allows remote unauthenticated attackers to inject smuggled requests via malformed chunked transfer encoding. The HTTP/1.1 parser incorrectly terminates chunk extension parsing at \r\n inside quoted strings instead of treating this as a protocol violation, enabling 'funky chunks' smuggling techniques. This affects all major Jetty version branches (9.4.x, 10.0.x, 11.0.x, 12.0.x, and 12.1.x). EPSS data not available, no confirmed active exploitation (CISA KEV negative), but publicly documented attack techniques exist.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: code-injection, request-smuggling
  • Strong evidence (KEV / high EPSS / multi-source)
7.4
CVSS 3.1
0.0%
EPSS
37
Priority
CVE-2026-41035
Use-after-free in rsync 3.0.1-3.4.1 allows authenticated remote attackers to corrupt memory during xattr synchronization on the receiver side. Exploitation requires victim to run 'rsync -X' (extended attributes enabled). Linux systems with certain configurations and all non-Linux platforms are vulnerable. EPSS data not provided; no CISA KEV status confirmed. CVSS 7.4 (High) with scope change indicates potential for cross-privilege-boundary impact beyond simple denial of service.
No patch available
Why flagged?
7.4
CVSS 3.1
0.0%
EPSS
37
Priority
CVE-2026-25205
Heap-based buffer overflow in Samsung Open Source Escargot JavaScript engine enables out-of-bounds memory writes with high integrity and availability impact through local attack vectors. Affects Escargot commit 97e8115ab1110bc502b4b5e4a0c689a71520d335. CVSS 8.1 severity driven by scope change and low attack complexity despite local access requirement. Upstream fix available (PR/commit); released patched version not independently confirmed. No public exploit identified at time of analysis, and exploitation requires high attack complexity (AC:H), limiting immediate risk despite elevated CVSS score.
No patch available
Why flagged?
7.4
CVSS 3.1
0.0%
EPSS
37
Priority
CVE-2026-25207
Out-of-bounds write in Samsung Open Source Escargot JavaScript engine allows local attackers to execute arbitrary code or corrupt memory through buffer overflow conditions. This vulnerability affects Escargot commit 97e8115ab1110bc502b4b5e4a0c689a71520d335 and prior versions. With a 7.4 CVSS score (high confidentiality, integrity, and availability impact) but high attack complexity and local attack vector, exploitation requires specialized conditions. No public exploit identified at time of analysis, and EPSS data not available for this CVE.
No patch available
Why flagged?
7.4
CVSS 3.1
0.0%
EPSS
37
Priority
CVE-2026-41015
Command injection in radare2's rabin2 PDB parser allows local attackers to execute arbitrary commands when the tool is compiled without SSL support on UNIX systems. The vulnerability (CWE-78) affected a narrow window between commits 01ca2f6 and 9236f44 (post-6.1.2, pre-6.1.3), spanning less than one week in the development timeline. CVSS 7.4 (HIGH) reflects local attack vector with high complexity but no authentication required. No active exploitation confirmed (not in CISA KEV), though publicly available exploit code exists. EPSS data not provided. Fixed in commit 9236f44a28 per GitHub PR #25651.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-78: OS Command Injection)
  • Strong evidence (KEV / high EPSS / multi-source)
7.4
CVSS 3.1
0.0%
EPSS
37
Priority
Prev Page 20 of 25 (611 CVEs) Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy