NIS2 & DORA Compliance

Regulatory triage for vulnerability prioritization – classification based on existing CVE data

Regulatory Triage ICT Providers
NIS2 Relevant
534
DORA Relevant
159
Internet-Facing
375
Third-Party ICT
159
Unpatched
251
Exploited
41
Framework:
Period:
Sort:
CVE-2026-2834
Stored Cross-Site Scripting in Token of Trust WordPress plugin versions ≤3.32.3 allows unauthenticated remote attackers to inject malicious scripts via the unsanitized 'description' parameter, achieving persistent code execution in victim browsers with changed security context (CVSS scope changed). CVSS 7.2 with network attack vector and no authentication required. No public exploit identified at time of analysis, but EPSS data not provided to assess exploitation probability.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-79: Cross-site Scripting (XSS))
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
7.2
CVSS 3.1
0.1%
EPSS
36
Priority
CVE-2026-3017
PHP object injection in Smart Post Show WordPress plugin versions ≤3.0.12 allows administrators to deserialize untrusted input via the import_shortcodes() function. While no POP chain exists in the plugin itself (making direct exploitation impossible), the vulnerability becomes critical if paired with another plugin/theme containing exploitable gadget chains, potentially enabling file deletion, data exfiltration, or remote code execution. CVSS 7.2 (High) reflects theoretical maximum impact. No public exploit identified at time of analysis, with EPSS data unavailable for this recent CVE identifier.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-502: Deserialization of Untrusted Data)
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
7.2
CVSS 3.1
0.0%
EPSS
36
Priority
CVE-2026-35653
Incorrect authorization in OpenClaw pre-2026.3.24 allows authenticated users with operator.write access to browser.request capability to invoke POST /reset-profile endpoint, bypassing privilege restrictions to terminate running browsers, sever Playwright connections, and relocate profile directories to system Trash. Exploitation requires low-privilege authentication (CVSS PR:L) but achieves high integrity and availability impact through unauthorized state mutation and service disruption across intended security boundaries. No public exploit identified at time of analysis.
NIS2 Edge exposure Management plane
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • Management plane (Incorrect Authorization)
  • Strong evidence (KEV / high EPSS / multi-source)
7.2
CVSS 4.0
0.0%
EPSS
36
Priority
CVE-2026-35660
Insufficient access control in OpenClaw Gateway agent allows authenticated attackers with operator.write permission to reset admin sessions without operator.admin authorization. By invoking /reset or /new endpoints with explicit sessionKey parameters, attackers bypass privilege requirements and terminate arbitrary administrative sessions, achieving high-impact session hijacking. Affects OpenClaw versions prior to 2026.3.23. No public exploit identified at time of analysis.
NIS2 Edge exposure Management plane
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • Management plane (Missing Authorization)
  • Strong evidence (KEV / high EPSS / multi-source)
7.2
CVSS 4.0
0.0%
EPSS
36
Priority
CVE-2025-40897
Privilege escalation in Nozomi Networks Guardian and CMC Threat Intelligence module allows authenticated view-only users to perform administrative actions, including modifying or deleting threat intelligence rules. With CVSS 8.1 (High) driven by high integrity and availability impact, this access control bypass (CWE-863) enables low-privileged users to alter critical security configurations remotely. No public exploit identified at time of analysis, though EPSS data unavailable. Authentication requirements lower the barrier only slightly, as compromised low-privilege accounts are common in enterprise environments.
NIS2 Edge exposure Management plane
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • Management plane (Incorrect Authorization)
  • Strong evidence (KEV / high EPSS / multi-source)
7.2
CVSS 4.0
0.0%
EPSS
36
Priority
CVE-2026-0234
Cryptographic signature bypass in Palo Alto Networks Cortex XSOAR and XSIAM Microsoft Teams integrations (versions 1.5.0 through 1.5.51) allows unauthenticated remote attackers to access and modify protected resources. The vulnerability stems from improper JWT verification (CWE-347), enabling attackers to forge authentication tokens. With CVSS 7.2 (High complexity, network-accessible, no privileges required) and tags indicating JWT attack vectors and information disclosure potential, this represents a critical integration security flaw requiring immediate patching to version 1.5.52 or later.
Why flagged?
7.2
CVSS 4.0
0.0%
EPSS
36
Priority
CVE-2026-40315
SQL identifier injection in PraisonAI's SQLiteConversationStore allows authenticated local attackers with configuration control to extract database schema and manipulate query results. The vulnerability affects PraisonAI versions prior to 4.5.133, where unsanitized table_prefix values are concatenated into SQL queries via f-strings. Attackers controlling configuration inputs (from_yaml/from_dict) can inject SQL fragments to access internal SQLite tables like sqlite_master and execute UNION-based injections. A vendor patch is available in version 4.5.133. No public exploit code or active exploitation confirmed at time of analysis. CVSS 7.2 indicates local attack vector with low complexity but requires low privileges and present attack complexity conditions.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-89: SQL Injection)
  • Strong evidence (KEV / high EPSS / multi-source)
7.2
CVSS 4.0
0.0%
EPSS
36
Priority
CVE-2026-3876
Stored Cross-Site Scripting in Prismatic WordPress plugin (all versions ≤3.7.3) allows unauthenticated remote attackers to inject malicious scripts via crafted comment submissions containing the 'prismatic_encoded' pseudo-shortcode. Vulnerable code in prismatic_decode function fails to sanitize user-supplied attributes. CVSS 7.2 with scope change (S:C) elevates impact beyond vulnerable component. EPSS data not available; no CISA KEV listing identified. Wordfence threat intelligence confirms vulnerability; patch released in version 3.7.4 per WordPress plugin repository changelog.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-79: Cross-site Scripting (XSS))
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
7.2
CVSS 3.1
0.0%
EPSS
36
Priority
CVE-2026-40242
Server-side request forgery in Arcane Docker management interface versions prior to 1.17.3 allows unauthenticated remote attackers to conduct SSRF attacks via the /api/templates/fetch endpoint. Attackers can supply arbitrary URLs through the url parameter, causing the server to perform HTTP GET requests without URL scheme or host validation, with responses returned directly to the caller. This enables reconnaissance of internal network resources, access to cloud metadata endpoints, and potential interaction with internal services from the server's network context. No public exploit identified at time of analysis.
NIS2 DORA Edge exposure ICT dependency Docker PoC
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-918: Server-Side Request Forgery (SSRF))
  • Third-party ICT: Docker
  • Proof of concept available
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: Docker (Dev Platforms & CI/CD)
7.2
CVSS 3.1
0.0%
EPSS
36
Priority
CVE-2026-6361
Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a s
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: rce
  • Moderate evidence (PoC / elevated EPSS)
7.2
CVSS 3.1
0.0%
EPSS
36
Priority
CVE-2026-39971
SMTP header injection in Serendipity CMS allows remote unauthenticated attackers to inject arbitrary email headers via malicious Host header during email-triggering operations (comments, subscriptions, password resets). The unsanitized $_SERVER['HTTP_HOST'] value is embedded directly into Message-ID headers without validation, enabling BCC injection, email spoofing, and reply hijacking. CVSS 7.2 with Changed scope indicates cross-domain impact. EPSS data not available; no public exploit identified at time of analysis, though a detailed proof-of-concept exists in the GitHub security advisory demonstrating successful header injection via comment submission.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-113: HTTP Response Splitting)
  • Moderate evidence (PoC / elevated EPSS)
7.2
CVSS 3.1
0.0%
EPSS
36
Priority
CVE-2026-20205
In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk `_internal` index or possesses the high-privilege capability `mcp_tool_admin` could view users session
Why flagged?
7.2
CVSS 3.1
0.0%
EPSS
36
Priority
CVE-2026-23776
Improper certificate validation in Dell PowerProtect Data Domain certificate-based login allows high-privileged remote attackers to escalate privileges to full system control (confidentiality, integrity, availability impact). Affects DD OS versions 7.7.1.0-8.5, LTS2025 (8.3.1.0-8.3.1.20), and LTS2024 (7.13.1.0-7.13.1.60). CVSS 7.2 reflects high impact but requires high privileges (PR:H), significantly limiting exploitability. EPSS data not provided; no KEV listing or public POC identified. Vendor patch available per Dell advisory DSA-2026-060.
NIS2 DORA ICT dependency Dell
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Third-party ICT: Dell
  • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
  • HIGH severity
  • ICT provider: Dell (Hardware & Firmware)
7.2
CVSS 3.1
36
Priority
CVE-2026-33715
Server-Side Request Forgery (SSRF) in Chamilo LMS 2.0-RC.2 allows unauthenticated remote attackers to weaponize the learning management system as an open email relay and probe internal networks. The vulnerability stems from an authentication bypass in install.ajax.php, which accepts arbitrary SMTP server connections via Symfony Mailer DSN strings. No public exploit identified at time of analysis, though exploitation complexity is low (CVSS AC:L). EPSS data not provided. Vendor-released patch: version 2.0.0-RC.3.
NIS2 Edge exposure Management plane
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-306: Missing Authentication for Critical Function)
  • Management plane (Missing Authentication for Critical Function)
  • Moderate evidence (PoC / elevated EPSS)
7.2
CVSS 3.1
0.1%
EPSS
36
Priority
CVE-2026-33392
Remote code execution in JetBrains YouTrack versions before 2025.3.131383 allows high-privileged authenticated users to bypass sandbox protections and execute arbitrary code on the server. CVSS 7.2 reflects network accessibility with low attack complexity but requires high privileges (administrative access). EPSS data not provided. Not listed in CISA KEV. The vulnerability involves Server-Side Template Injection (SSTI) coupled with authentication bypass mechanisms, enabling privileged insiders or compromised admin accounts to break out of security boundaries.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass, ssti
  • Moderate evidence (PoC / elevated EPSS)
7.2
CVSS 3.1
36
Priority
CVE-2026-23778
Command injection in Dell PowerProtect Data Domain allows high-privileged remote attackers to escalate to root-level access across multiple DD OS versions (7.7.1.0-8.5, LTS releases 7.13.1.0-7.13.1.50, 8.3.1.0-8.3.1.20). Exploitation requires existing high-privilege administrator credentials but is otherwise straightforward (AC:L). No evidence of active exploitation (not in CISA KEV) or public POC at time of analysis. Dell advisory DSA-2026-060 addresses multiple vulnerabilities including this command injection flaw.
NIS2 DORA Edge exposure ICT dependency Dell
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-77: Command Injection)
  • Third-party ICT: Dell
  • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
  • HIGH severity
  • ICT provider: Dell (Hardware & Firmware)
7.2
CVSS 3.1
36
Priority
CVE-2025-61848
SQL injection in Fortinet FortiAnalyzer and FortiManager versions 7.0-7.6 allows privileged authenticated attackers to execute unauthorized code or commands via the JSON RPC API. This affects both on-premises and cloud variants across multiple major version branches (7.0, 7.2, 7.4, 7.6). The vulnerability requires high-privilege authentication (CVSS PR:H) but is remotely exploitable with low attack complexity. No public exploit identified at time of analysis, though the network attack vector and code execution capability make this a priority for organizations running affected Fortinet management infrastructure.
NIS2 DORA Edge exposure ICT dependency No patch available Fortinet
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-89: SQL Injection)
  • Third-party ICT: Fortinet
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
  • HIGH severity
  • ICT provider: Fortinet (Network & Security)
  • No remediation available
7.2
CVSS 3.1
0.0%
EPSS
36
Priority
CVE-2026-5231
Stored Cross-Site Scripting in WP Statistics plugin (≤14.16.4) allows unauthenticated attackers to inject malicious JavaScript into admin dashboard analytics pages. The vulnerability stems from unsafe handling of utm_source URL parameters that persist into database-backed charts, executing when administrators view Referrals Overview or Social Media pages. With CVSS 7.2 and network vector requiring no authentication, this represents elevated risk for WordPress sites using this analytics plugin, though no active exploitation confirmed at time of analysis.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-79: Cross-site Scripting (XSS))
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
7.2
CVSS 3.1
36
Priority
CVE-2026-33704
Remote code execution in Chamilo LMS versions prior to 1.11.38 allows authenticated users (including low-privilege students) to upload and execute arbitrary PHP code through the BigUpload endpoint. Attackers exploit insufficient file extension filtering by uploading .pht files containing malicious code, which Apache servers with default .pht handlers execute as PHP. The vulnerability enables authenticated attackers to achieve full server compromise through unrestricted arbitrary file write capabilities. No public exploit identified at time of analysis.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-434: Unrestricted Upload of File)
  • Strong evidence (KEV / high EPSS / multi-source)
7.1
CVSS 3.1
0.2%
EPSS
36
Priority
CVE-2026-40162
Authenticated arbitrary file write in Bugsink 2.1.0 allows remote attackers to write malicious content to filesystem locations accessible by the application process through exploitation of the artifact bundle assembly flow. Attackers holding valid authentication tokens can achieve high-integrity impact and partial availability disruption by manipulating file operations. Vulnerability affects only version 2.1.0 of the self-hosted error tracking platform. No public exploit identified at time of analysis.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-20: Improper Input Validation)
  • Strong evidence (KEV / high EPSS / multi-source)
7.1
CVSS 3.1
0.1%
EPSS
36
Priority
CVE-2026-40043
Privilege escalation in Pachno 1.0.6 allows low-privilege authenticated users to hijack administrator sessions by manipulating the original_username cookie in the runSwitchUser() action, enabling unauthorized access to user ID 1 (admin) session tokens and password hashes. SSVC confirms proof-of-concept exists with partial technical impact, though EPSS indicates low exploitation probability (0.07%, 22nd percentile) and no active exploitation confirmed via CISA KEV.
NIS2 Edge exposure No patch available Management plane
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • No patch available
  • Management plane (Authorization Bypass via User-Controlled Key)
  • Strong evidence (KEV / high EPSS / multi-source)
7.1
CVSS 4.0
0.1%
EPSS
36
Priority
CVE-2026-35668
Path traversal in OpenClaw before 2026.3.24 allows authenticated sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameters. Incomplete validation in normalizeSandboxMediaParams and missing mediaLocalRoots context enables attackers to bypass sandbox boundaries and access sensitive data including API keys and configuration files outside designated roots. This cross-agent data leakage vulnerability requires low-privilege authentication but no user interaction. No public exploit identified at time of analysis.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-22: Path Traversal)
  • Strong evidence (KEV / high EPSS / multi-source)
7.1
CVSS 4.0
0.1%
EPSS
36
Priority
CVE-2026-40503
Path traversal in OpenHarness allows authenticated gateway users with chat access to read arbitrary files on the server via the '/memory show' slash command. Affecting all versions prior to commit dd1d235, attackers can inject directory traversal sequences to escape the project memory directory and access any file readable by the OpenHarness process. CVSS 7.1 reflects high confidentiality impact with low-privilege network access. Vendor patch available via GitHub commit dd1d235450dd987b20bff01b7bfb02fe8620a0af. No public exploit identified at time of analysis, EPSS data unavailable.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-22: Path Traversal)
  • Strong evidence (KEV / high EPSS / multi-source)
7.1
CVSS 4.0
0.1%
EPSS
36
Priority
CVE-2026-40160
Server-Side Request Forgery (SSRF) in PraisonAIAgents versions prior to 1.5.128 allows unauthenticated attackers to manipulate LLM agents into crawling arbitrary internal URLs. The httpx fallback crawler accepts user-supplied URLs without host validation and follows redirects, enabling access to cloud metadata endpoints (169.254.169.254), internal services, and localhost. Response content is returned to the agent and may be exposed in attacker-visible output. This vulnerability is the default behavior on fresh installations without Tavily API keys or Crawl4AI dependencies. No public exploit identified at time of analysis.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-918: Server-Side Request Forgery (SSRF))
  • Strong evidence (KEV / high EPSS / multi-source)
7.1
CVSS 4.0
0.0%
EPSS
36
Priority
CVE-2026-40436
Password reset vulnerability in ZTE ZXEDM iEMS cloud management portal allows authenticated attackers with low privileges to enumerate all user accounts and reset arbitrary user passwords. This authentication bypass enables unauthorized administrative operations across the entire EMS system. Attack requires user interaction and moderate complexity (CVSS AC:H), but no public exploit identified at time of analysis. CVSS 7.1 reflects high confidentiality, integrity, and availability impact within the vulnerable component's scope.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
7.1
CVSS 3.1
0.0%
EPSS
36
Priority
Prev Page 22 of 25 (613 CVEs) Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy