NIS2 & DORA Compliance

Regulatory triage for vulnerability prioritization – classification based on existing CVE data

Regulatory Triage ICT Providers
NIS2 Relevant
531
DORA Relevant
158
Internet-Facing
373
Third-Party ICT
158
Unpatched
248
Exploited
42
Framework:
Period:
Sort:
CVE-2026-5809
Arbitrary file deletion in wpForo Forum plugin for WordPress (≤3.0.2) allows authenticated attackers with subscriber-level access to delete critical server files including wp-config.php. A two-step logic flaw permits injection of attacker-controlled file paths via poisoned postmeta arrays (data[body][fileurl]), which are later passed unvalidated to wp_delete_file(). The vulnerability requires low-privilege authentication (PR:L) and enables denial-of-service against WordPress installations through deletion of configuration or core files. No public exploit identified at time of analysis.
No patch available
Why flagged?
7.1
CVSS 3.1
0.0%
EPSS
36
Priority
CVE-2026-40039
Open redirection in Pachno 1.0.6's return_to parameter enables phishing campaigns that harvest user credentials by redirecting victims to attacker-controlled domains after login. With CVSS 7.1 (High) and EPSS 0.03% (9th percentile), exploitation requires user interaction but no authentication, making it effective for social engineering attacks. No active exploitation (CISA KEV) or public exploit code confirmed at time of analysis, though detailed advisories exist from ZeroScience and VulnCheck.
No patch available
Why flagged?
7.1
CVSS 4.0
0.0%
EPSS
36
Priority
CVE-2026-32894
Authenticated teachers in Chamilo LMS can delete arbitrary student grades platform-wide through Insecure Direct Object Reference in gradebook result views. By manipulating delete_mark or resultdelete GET parameters, attackers bypass course-scope and ownership controls, enabling unauthorized grade deletion across all courses. Versions prior to 1.11.38 and 2.0.0-RC.3 lack server-side validation. No public exploit identified at time of analysis. CVSS 7.1 (High) reflects authenticated access requirement with high integrity impact and low availability impact.
Why flagged?
7.1
CVSS 3.1
0.0%
EPSS
36
Priority
CVE-2026-40185
Authentication bypass in TREK collaborative travel planner (versions prior to 2.7.2) allows authenticated attackers with low privileges to access and modify trip photos without proper authorization. The missing authorization checks on Immich trip photo management routes enable unauthorized data access (high confidentiality impact) and limited integrity compromise. Exploitation requires authenticated access but no user interaction, exploitable remotely over network with low attack complexity.
NIS2 Edge exposure Management plane
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • Management plane (Missing Authorization)
  • Strong evidence (KEV / high EPSS / multi-source)
7.1
CVSS 3.1
0.0%
EPSS
36
Priority
CVE-2026-35621
OpenClaw before version 2026.3.24 allows authenticated operator.write-scoped clients to escalate privileges and modify channel authorization policies normally restricted to operator.admin scope through improper scope re-validation in the /allowlist command. Attackers with write-level permissions can exploit the chat.send function to construct an internal command-authorized context and persist unauthorized changes to channel allowFrom and groupAllowFrom policies, effectively bypassing access control mechanisms.
NIS2 Edge exposure Management plane
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • Management plane (Missing Authorization)
  • Strong evidence (KEV / high EPSS / multi-source)
7.1
CVSS 4.0
0.0%
EPSS
36
Priority
CVE-2026-32930
Authenticated teachers in Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 can access and modify gradebook evaluation settings across unauthorized courses through Insecure Direct Object Reference in the editeval parameter. Attackers with low-privilege teacher accounts can alter evaluation names, maximum scores, and weights for assessments in courses they do not own, enabling unauthorized data disclosure and integrity compromise. No public exploit identified at time of analysis.
NIS2 Edge exposure Management plane
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • Management plane (Authorization Bypass via User-Controlled Key)
  • Strong evidence (KEV / high EPSS / multi-source)
7.1
CVSS 3.1
0.0%
EPSS
36
Priority
CVE-2026-33706
Privilege escalation in Chamilo LMS versions prior to 1.11.38 allows any authenticated user with a REST API key to elevate their account status from student (status=5) to teacher/course manager (status=1) by manipulating the status field through the update_user_from_username REST API endpoint. This enables unauthorized course creation and management capabilities. Authentication is required (PR:L), but once exploited, attackers gain high-integrity administrative functions within the learning management system. No public exploit identified at time of analysis.
Management plane
Why flagged?
7.1
CVSS 3.1
0.0%
EPSS
36
Priority
CVE-2025-3756
Denial-of-service in ABB industrial control system products (AC800M, Symphony Plus SD/MR, S+ Operations) allows attackers on adjacent IEC 61850 networks to crash communication modules via malformed protocol packets. The vulnerability affects critical infrastructure PLCs and SCADA systems widely deployed in power substations and industrial automation. CVSS 7.1 (High) but low EPSS (0.02%) indicates limited attacker interest to date. No public exploit identified at time of analysis, and CISA SSVC a
No patch available
Why flagged?
7.1
CVSS 4.0
0.0%
EPSS
36
Priority
CVE-2026-35657
OpenClaw before version 2026.3.25 allows authenticated attackers to bypass authorization checks on the /sessions/:sessionKey/history HTTP endpoint, enabling unauthorized access to session history data without requiring operator.read scope permissions. The vulnerability affects all OpenClaw versions prior to 2026.3.25 and requires valid authentication credentials to exploit; no public exploit code or active exploitation has been identified at time of analysis.
NIS2 Edge exposure Management plane
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • Management plane (Incorrect Authorization)
  • Strong evidence (KEV / high EPSS / multi-source)
7.1
CVSS 4.0
0.0%
EPSS
36
Priority
CVE-2026-5053
Arbitrary file deletion in NoMachine through environment variable path manipulation allows authenticated local attackers to delete system files with root privileges. Vulnerability stems from insufficient validation of user-supplied paths in file operations, enabling low-privileged users to escalate impact by removing critical files. Affects NoMachine cross-platform remote desktop software. No public exploit identified at time of analysis.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: rce
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
7.1
CVSS 3.0
0.0%
EPSS
36
Priority
CVE-2026-33020
Heap buffer overflow in libsixel 1.8.7 and earlier allows local attackers to achieve arbitrary code execution by providing a maliciously crafted large palettised PNG image that triggers integer overflow in RGB888 conversion routines. The vulnerability requires user interaction to process the malicious image but no authentication. EPSS data not available; no public exploit identified at time of analysis, though the technical details in the advisory provide sufficient information for weaponization. Vendor-released patch: version 1.8.7-r1.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: rce
  • Strong evidence (KEV / high EPSS / multi-source)
7.1
CVSS 3.1
0.0%
EPSS
36
Priority
CVE-2026-33019
Out-of-bounds heap read in libsixel img2sixel via integer overflow allows local attackers to crash the application and potentially leak sensitive memory contents when processing malicious --crop arguments with otherwise valid images. Affects libsixel 1.8.7 and earlier; patched in 1.8.7-r1. EPSS data not available, but exploitation requires local access with user interaction (CVSS AV:L/UI:R). No CISA KEV listing; no public exploit identified at time of analysis.
Why flagged?
7.1
CVSS 3.1
0.0%
EPSS
36
Priority
CVE-2026-38528
SQL injection in Krayin CRM 2.2.x allows authenticated remote attackers to extract sensitive database contents via the rotten_lead parameter in LeadDataGrid.php. CVSS 7.1 severity with network attack vector and low complexity enables database enumeration with low-privilege credentials. No public exploit identified at time of analysis, though EPSS data unavailable. Technical advisory published on GitHub indicates vulnerability affects lead management functionality in this Laravel-based open-source CRM platform.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-89: SQL Injection)
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
7.1
CVSS 3.1
0.0%
EPSS
36
Priority
CVE-2026-34602
Insecure Direct Object Reference in Chamilo LMS /api/course_rel_users endpoint allows authenticated attackers to enroll arbitrary users into any course without authorization (CVSS 7.1, High Integrity impact). Affects all versions prior to 2.0.0-RC.3. The vulnerability enables authenticated users to manipulate user-course relationships by modifying the user parameter in API requests, bypassing enrollment controls entirely. No public exploit code identified at time of analysis, though the attack v
NIS2 Edge exposure Management plane
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • Management plane (Authorization Bypass via User-Controlled Key)
  • Moderate evidence (PoC / elevated EPSS)
7.1
CVSS 3.1
0.0%
EPSS
36
Priority
CVE-2025-54502
Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resultin
NIS2 DORA Edge exposure ICT dependency No patch available AMD
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: rce
  • Third-party ICT: AMD
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: AMD (Hardware & Firmware)
  • No remediation available
7.1
CVSS 4.0
0.0%
EPSS
36
Priority
CVE-2026-40090
Path traversal in Zarf package inspection commands enables arbitrary file write when processing malicious packages. Attackers can craft Zarf packages with traversal sequences in the Metadata.Name field (e.g., '../../etc/cron.d/malicious'), bypassing input validation to write attacker-controlled content to sensitive system locations when users run 'zarf package inspect sbom' or 'zarf package inspect documentation'. Fixed in version v0.74.2. CVSS 7.1 (High) with network attack vector but requires user interaction. No public exploit identified at time of analysis, though exploitation complexity is low as attackers only need to modify zarf.yaml and sboms.tar in a package archive.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-22: Path Traversal)
  • Moderate evidence (PoC / elevated EPSS)
7.1
CVSS 3.1
0.1%
EPSS
36
Priority
CVE-2026-20204
In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: rce
  • Moderate evidence (PoC / elevated EPSS)
7.1
CVSS 3.1
0.1%
EPSS
36
Priority
CVE-2026-30459
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-ma
No patch available
Why flagged?
7.1
CVSS 3.1
0.0%
EPSS
36
Priority
CVE-2026-26151
Windows Remote Desktop spoofing vulnerability allows remote unauthenticated attackers to bypass security warnings and trick users into accepting malicious RDP connections, potentially exposing sensitive session data. Affects all supported Windows 10, 11, and Server versions from 2012 through 2025. Vendor-released patches are available. No public exploit identified at time of analysis, though the low attack complexity (AC:L) and network attack vector (AV:N) indicate exploitation would be straight
NIS2 DORA Edge exposure ICT dependency Microsoft Windows
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing technique: authentication-bypass
  • Third-party ICT: Microsoft Windows
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • HIGH severity
  • ICT provider: Microsoft Windows (Operating Systems)
7.1
CVSS 3.1
0.1%
EPSS
36
Priority
CVE-2026-4344
Stored XSS in Autodesk Fusion desktop application allows local attackers to execute arbitrary code or read local files through malicious component names displayed in delete confirmation dialogs. When a user clicks the crafted payload, the vulnerability escalates from XSS to potential local code execution within the application context. Vendor-released patches available for Windows and macOS. No public exploit identified at time of analysis, though the attack vector is local (CVSS:3.1/AV:L) requiring user interaction but no authentication (PR:N), with CVSS 7.1 reflecting high confidentiality and integrity impact.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-79: Cross-site Scripting (XSS))
  • Moderate evidence (PoC / elevated EPSS)
7.1
CVSS 3.1
0.0%
EPSS
36
Priority
CVE-2026-34476
Server-Side Request Forgery in Apache SkyWalking MCP 0.1.0 allows authenticated remote attackers to access internal network resources and exfiltrate sensitive data via a malicious SW-URL header. CVSS 7.1 (High severity) with network attack vector and low complexity. No public exploit identified at time of analysis, SSVC framework indicates no active exploitation and non-automatable attack requiring manual interaction with internal architecture knowledge.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-918: Server-Side Request Forgery (SSRF))
  • Strong evidence (KEV / high EPSS / multi-source)
7.1
CVSS 3.1
0.0%
EPSS
36
Priority
CVE-2026-33714
SQL injection in Chamilo LMS 2.0.0-RC.2 allows authenticated administrators to extract arbitrary database contents via unsanitized date parameters in the statistics AJAX endpoint's users_active action. This represents an incomplete fix for CVE-2026-30881, where only one of two vulnerable parameter sets was sanitized. Time-based blind SQL injection techniques enable data exfiltration despite requiring admin-level authentication. EPSS data not available; no public exploit identified at time of analysis, though the incomplete remediation pattern and technical details in the GitHub advisory lower exploitation barriers for attackers with admin access.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-89: SQL Injection)
  • Moderate evidence (PoC / elevated EPSS)
7.1
CVSS 4.0
0.0%
EPSS
36
Priority
CVE-2026-4345
Stored cross-site scripting (XSS) in Autodesk Fusion desktop application allows local attackers to execute arbitrary code or read local files by crafting malicious HTML payloads in design names that trigger when exported to CSV format. The vulnerability requires no authentication but depends on user interaction (opening the exported CSV). Vendor patch available via updated client installers for Windows and macOS. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept code identified at time of analysis.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-79: Cross-site Scripting (XSS))
  • Moderate evidence (PoC / elevated EPSS)
7.1
CVSS 3.1
0.0%
EPSS
36
Priority
CVE-2026-6409
A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages-specifically those containing negative varints or deep
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-20: Improper Input Validation)
  • Strong evidence (KEV / high EPSS / multi-source)
7.1
CVSS 4.0
0.1%
EPSS
36
Priority
CVE-2026-4369
Stored cross-site scripting in Autodesk Fusion desktop application enables arbitrary code execution when malicious assembly variant names render in delete confirmation dialogs. Attackers can craft HTML payloads that execute in the application context, enabling local file access and code execution with user privileges (CVSS 7.1, local attack vector requiring user interaction). Vendor-released patch available via official Fusion client installers for Windows and macOS. No public exploit identified at time of analysis.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • HIGH severity
  • Internet-facing (CWE-79: Cross-site Scripting (XSS))
  • Moderate evidence (PoC / elevated EPSS)
7.1
CVSS 3.1
0.0%
EPSS
36
Priority
Prev Page 23 of 25 (610 CVEs) Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy