Skip to main content

NIS2 & DORA Compliance

Regulatory triage for vulnerability prioritization – classification based on existing CVE data

Regulatory Triage ICT Providers
NIS2 Relevant
367
DORA Relevant
68
Internet-Facing
299
Third-Party ICT
68
Unpatched
231
Exploited
15
Framework:
Period:
Sort:
CVE-2026-41090
Command injection in Microsoft 365 Copilot for iOS allows remote unauthenticated attackers to tamper with system integrity over the network when a user is convinced to interact with malicious content. The flaw carries a critical CVSS score of 9.3 with a scope change indicating impact beyond the vulnerable component, though no public exploit identified at time of analysis. An official vendor patch is available via MSRC.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-77: Command Injection)
  • Strong evidence (KEV / high EPSS / multi-source)
9.3
CVSS 3.1
0.0%
EPSS
47
Priority
CVE-2026-9058
Szafir SDK returns a success status code from the cryptographic digital signature verification process (i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified") e
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: authentication-bypass
  • Strong evidence (KEV / high EPSS / multi-source)
9.3
CVSS 4.0
0.0%
EPSS
47
Priority
CVE-2026-42755
Unauthenticated blind SQL injection in the RealMag777 TableOn (posts-table-filterable) WordPress plugin through version 1.0.5.1 lets remote attackers inject crafted SQL into backend queries without credentials or user interaction. Because the CVSS scope is marked changed (S:C) with high confidentiality impact, a successful attack can read data beyond the vulnerable component, including the WordPress database. No public exploit is identified at time of analysis, and the EPSS score is very low (0.03%, 9th percentile), indicating no current sign of widespread exploitation despite the 9.3 base score.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-89: SQL Injection)
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
9.3
CVSS 3.1
0.0%
EPSS
47
Priority
CVE-2026-42747
Blind SQL injection in the Easy Form Builder WordPress plugin (by hassantafreshi), affecting all versions up to and including 4.0.6, lets remote unauthenticated attackers inject crafted SQL into backend database queries. With a CVSS of 9.3 and a scope-changed vector, a successful attack can read sensitive data across the database and impact availability. There is no public exploit identified at time of analysis, and the EPSS score is very low (0.03%, 9th percentile), indicating no observed mass exploitation yet despite the high severity rating.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-89: SQL Injection)
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
9.3
CVSS 3.1
0.0%
EPSS
47
Priority
CVE-2026-9037
Unauthorized firmware installation in the XCharge C6 charging controller stems from missing cryptographic signature verification in its management-channel update mechanism, enabling remote attackers who can interpose on or impersonate the management interface to push malicious firmware. Successful exploitation yields high-privilege code execution on the EV charging device, and the issue is tracked in CISA ICS advisory ICSA-26-148-08 with no public exploit identified at time of analysis.
Edge exposure No patch available
Why flagged?
9.3
CVSS 4.0
46
Priority
CVE-2026-35087
Authentication bypass in Slican telephone exchanges (NCP, IPx, CCT-1668, MAC-6400, and CXS-0424 PBX systems) lets a remote attacker skip credential entry on the administrative protocol simply by issuing a specific command, granting full administrative control of the exchange. The flaw was reported by CERT Polska (cert.pl), carries a CVSS 4.0 base score of 9.3, and has no public exploit identified at time of analysis; however, the high score reflects unauthenticated network-reachable access with full confidentiality, integrity, and availability impact. Fixed firmware is available for current models, but the issue remains permanently unpatched on End-Of-Life CCT-1668, MAC-6400, and CXS-0424 units running version 4.xx and below.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: authentication-bypass
  • Moderate evidence (PoC / elevated EPSS)
9.3
CVSS 4.0
0.1%
EPSS
46
Priority
CVE-2026-42727
Blind SQL injection in the RealMag777 'Active Products Tables for WooCommerce' WordPress plugin (versions up to and including 1.0.8) lets remote attackers inject SQL commands via an unsanitized parameter to read arbitrary data from the WordPress/WooCommerce database. The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates unauthenticated network exploitation with a changed scope, meaning the injection reaches the backend database beyond the plugin component itself. There is no public exploit identified at time of analysis and no EPSS score was provided, so probability of exploitation cannot be quantified from the available data.
Edge exposure No patch available
Why flagged?
9.3
CVSS 3.1
0.0%
EPSS
46
Priority
CVE-2026-42761
Blind SQL injection in the RealMag777 "Active Products Tables for WooCommerce" WordPress plugin (all versions up to and including 1.0.9) allows remote unauthenticated attackers to inject SQL into backend database queries and infer sensitive data through boolean or time-based responses. The CVSS 3.1 vector (PR:N/UI:N) indicates exploitation requires no authentication or user interaction, and the changed scope (S:C) reflects that compromise of the WordPress database can affect the entire site beyond the plugin itself. There is no public exploit identified at time of analysis, and no KEV listing or EPSS score was provided.
Edge exposure No patch available
Why flagged?
9.3
CVSS 3.1
0.0%
EPSS
46
Priority
CVE-2026-8979
Unauthenticated password reset in Mennekes Amtron EV charging stations running firmware 5.22.3 and earlier allows remote attackers to seize the operator account by sending a crafted POST to /operator/operator. CVSS 4.0 of 9.3 with PR:N/UI:N and CWE-287 reflects a complete authentication bypass, and the CVSS exploit maturity flag (E:P) plus the cyberdanube research disclosure indicate publicly available exploit code exists, though the vulnerability is not currently listed in CISA KEV.
NIS2 Edge exposure No patch available Management plane
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-287: Improper Authentication)
  • No patch available
  • Management plane (Improper Authentication)
  • Strong evidence (KEV / high EPSS / multi-source)
9.3
CVSS 4.0
46
Priority
CVE-2026-8980
Privilege escalation in Mennekes Amtron EV charging stations (firmware ≤ 5.22.3) allows a low-privileged authenticated user to overwrite credentials for the admin (operator) and manufacturer accounts through crafted POST requests, effectively granting full takeover of the charger's management interface. Publicly available exploit code exists per the CyberDanube research advisory, and the CVSS 4.0 base score of 9.3 reflects high impact across confidentiality, integrity, and availability with cascading effects on subsequent systems. Not currently listed in CISA KEV.
No patch available Management plane
Why flagged?
9.3
CVSS 4.0
46
Priority
CVE-2026-42740
Blind SQL injection in the Tainacan WordPress plugin (versions up to and including 1.0.3) lets remote unauthenticated attackers inject crafted SQL into backend database queries. The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates exploitation requires no authentication or user interaction, and the changed scope plus high confidentiality impact drive the 9.3 score. There is no public exploit identified at the time of analysis and the issue is not listed in CISA KEV, but the low attack complexity and unauthenticated reach make it a high-priority patch candidate.
Edge exposure No patch available
Why flagged?
9.3
CVSS 3.1
0.0%
EPSS
46
Priority
CVE-2026-45261
Remote code execution in GitButler desktop application versions prior to 0.19.7 allows attackers to execute arbitrary scripts within the Tauri webview by injecting malicious links into pull request bodies. The flaw activates when a user with forge integration enabled clicks the crafted link, leading to full compromise of the desktop client context. No public exploit identified at time of analysis, though the GitHub Security Advisory GHSA-xpmj-536r-9fc6 publicly documents the issue.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-94: Code Injection)
  • Moderate evidence (PoC / elevated EPSS)
9.3
CVSS 4.0
46
Priority
CVE-2026-44451
Sandbox escape in Lumiverse AI chat application versions prior to 0.9.7 allows remote attackers to execute arbitrary JavaScript in a victim's authenticated session by delivering a malicious theme pack (.lumitheme / .lumiverse-theme). The component override system's Sucrase-transpiled TSX sandbox is bypassed via string concatenation of blocked identifiers and DOM ref traversal to retrieve the real window object, defeating both static source validation and runtime global shadowing. No public exploit identified at time of analysis, but the GitHub Security Advisory (GHSA-rgp6-55rw-5xf4) documents the exact bypass technique.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: authentication-bypass
  • Moderate evidence (PoC / elevated EPSS)
9.3
CVSS 3.1
0.0%
EPSS
46
Priority
CVE-2026-35090
Authentication bypass in Slican telephone exchanges (IPL-256, IPM-032, CCT-1668, MAC-6400, CXS-0424) lets an unauthenticated remote attacker who dials the device's management modem while presenting a specific caller ID bypass admin authentication and obtain full access to the service protocol and configuration panel. Because this 'magic' caller ID works regardless of how the exchange is configured - and even temporarily re-enables remote management when an administrator has disabled it - the flaw behaves like a hidden backdoor rather than a normal misconfiguration. CVSS 4.0 rates it 9.3 (critical); no public exploit has been identified at time of analysis, and the issue remains permanently unpatched on End-of-Life CCT-1668, MAC-6400, and CXS-0424 units running firmware 4.xx and below.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: authentication-bypass
  • Moderate evidence (PoC / elevated EPSS)
9.3
CVSS 4.0
0.1%
EPSS
46
Priority
CVE-2026-9312
Server-side request forgery in GitHub Enterprise Server lets an unauthenticated attacker coerce the appliance into issuing crafted requests to internal services, reachable through an upload endpoint that fails to validate input. By injecting path-traversal content into request parameters, an attacker can redirect internal API calls to reach back-end services and harvest sensitive credentials. No public exploit identified at time of analysis; the issue was reported through the GitHub Bug Bounty program and carries a CVSS 4.0 base score of 9.2 (Critical), though the vector flags high attack complexity and an extra attack requirement that temper real-world ease of exploitation.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-918: Server-Side Request Forgery (SSRF))
  • Moderate evidence (PoC / elevated EPSS)
9.2
CVSS 4.0
0.0%
EPSS
46
Priority
CVE-2026-9054
Remote denial-of-service in 9front (a fork of Plan 9 from Bell Labs) allows unauthenticated network attackers to trigger a kernel panic by sending malformed TCP, IL, RUDP, or GRE packets whose total length is shorter than the protocol header size. The flaw affects 9front Plan 9 4e prior to commit 70c97c334171c715df82774d1a47638abaca2db4 and carries a CVSS 4.0 score of 9.2 driven by high availability impact and automatable exploitation; no public exploit identified at time of analysis.
Why flagged?
9.2
CVSS 4.0
0.0%
EPSS
46
Priority
CVE-2026-8450
OS command injection in Perl's HTTP::Daemon before 6.17 (libwww-perl) lets remote unauthenticated attackers execute commands as the daemon process UID when request-derived input reaches the send_file() method. The method opened its string argument with Perl's 2-argument open(), whose magic prefixes ('| cmd', 'cmd |', '> path', '>> path') spawn subprocesses or write/truncate files; the read-pipe form additionally leaks subprocess stdout into the HTTP response body. There is no public exploit identified at time of analysis and no CISA KEV listing, but the upstream fix is released (6.17) and the patch diff is public, so the root cause is fully disclosed.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: command-injection
  • Strong evidence (KEV / high EPSS / multi-source)
9.1
CVSS 3.1
0.1%
EPSS
46
Priority
CVE-2026-33843
Authentication bypass in Microsoft Azure Active Directory B2C (now part of Microsoft Entra) allows remote unauthenticated attackers to elevate privileges by reaching protected functionality through an alternate code path. The CVSS 9.1 vector (AV:N/AC:L/PR:N/UI:N) reflects network-reachable exploitation with no privileges and no user interaction, yielding high confidentiality and integrity impact against tenants relying on Azure AD B2C for identity. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the unauthenticated-network profile and Microsoft self-reporting make this a high-priority advisory for any tenant using B2C.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: authentication-bypass
  • Strong evidence (KEV / high EPSS / multi-source)
9.1
CVSS 3.1
0.1%
EPSS
46
Priority
CVE-2026-49002
Improper access control in ZTE ZXUniPOS NDS-LTE (V24.40.40 and earlier, and V24.30.40CP02 and earlier) lets remote unauthenticated attackers reach functionality that should be permission-gated, allowing them to read and modify system configuration data beyond their authorization. The CVSS 3.1 base score is 9.1 (AV:N/AC:L/PR:N/UI:N) with high confidentiality and integrity impact but no availability impact, and the issue is tagged as an authentication bypass. EPSS is very low at 0.03% (9th percentile) and there is no public exploit identified at time of analysis.
NIS2 Edge exposure No patch available Management plane
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: authentication-bypass
  • No patch available
  • Management plane (Improper Access Control)
  • Moderate evidence (PoC / elevated EPSS)
9.1
CVSS 3.1
0.0%
EPSS
46
Priority
CVE-2026-39833
Authentication bypass in Go's golang.org/x/crypto/ssh/agent in-memory keyring (versions before 0.52.0) allows SSH key signing operations to proceed without the intended ConfirmBeforeUse user confirmation prompt. Applications that relied on this constraint to gate sensitive signing actions effectively had no protection, with no error returned to indicate the constraint was silently ignored. No public exploit identified at time of analysis and EPSS is very low (0.02%), but SSVC rates technical impact as total.
NIS2 Edge exposure Management plane
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: authentication-bypass
  • Management plane (Missing Authorization)
  • Strong evidence (KEV / high EPSS / multi-source)
9.1
CVSS 3.1
0.0%
EPSS
46
Priority
CVE-2026-42496
Symlink-based path traversal in the Perl module Archive::Tar before version 3.08 allows a malicious tar archive to write or point files outside the intended extraction directory. When an application extracts an attacker-supplied archive, symlink entries whose targets are absolute paths or contain '..' traversal sequences are followed without validation, letting an attacker place links that resolve to arbitrary filesystem locations. EPSS is very low (0.02%, 6th percentile) and there is no public exploit identified at time of analysis, but the issue is rated CVSS 9.1 because Archive::Tar is widely embedded in automated server-side processing of untrusted archives.
Why flagged?
9.1
CVSS 3.1
0.0%
EPSS
46
Priority
CVE-2026-39834
Denial of service in the Go golang.org/x/crypto/ssh package (versions prior to 0.52.0) occurs when an application writes more than 4GB of data in a single Write call on an SSH channel, triggering an integer overflow in the internal payload size calculation that causes the write loop to spin indefinitely while emitting empty packets. The flaw affects any Go application using this SSH library for large data transfers and is patched upstream with a release in version 0.52.0; no public exploit identified at time of analysis and EPSS probability is very low at 0.02%.
Why flagged?
9.1
CVSS 3.1
0.0%
EPSS
46
Priority
CVE-2026-7876
Authentication bypass in IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I) versions 1.5.1 through 1.5.19 allows remote attackers to access and modify protected resources without valid credentials, scoring CVSS 9.1 critical. The flaw exposes confidential file transfer data and permits unauthorized modification of integrity-protected assets across all affected releases. No public exploit identified at time of analysis, and EPSS predicts only a 0.02% near-term exploitation probability despite the high severity rating.
NIS2 DORA Edge exposure ICT dependency No patch available Management plane IBM Cloud
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-287: Improper Authentication)
  • Third-party ICT: IBM Cloud
  • No patch available
  • Management plane (Improper Authentication)
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • CRITICAL severity
  • ICT provider: IBM Cloud (Cloud Providers)
  • No remediation available
  • Authentication / access control weakness
9.1
CVSS 3.1
0.0%
EPSS
46
Priority
CVE-2026-42508
Improper certificate revocation validation in the golang.org/x/crypto/ssh/knownhosts package allows SSH connections to succeed against hosts whose CA SignatureKey has been revoked. Versions prior to 0.52.0 only validated the leaf 'key' against revocation entries while ignoring 'key.SignatureKey', enabling attackers holding a revoked CA-signed host key to impersonate trusted servers. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.02%.
Why flagged?
9.1
CVSS 3.1
0.0%
EPSS
46
Priority
CVE-2026-39832
Constraint extension stripping in the golang.org/x/crypto SSH agent client (versions prior to 0.52.0) allows remote SSH hosts to use forwarded keys without the destination restrictions the user intended. When clients added keys to a remote agent, extensions such as restrict-destination-v00@openssh.com were silently dropped during serialization, effectively converting scoped keys into unrestricted ones on downstream hosts. No public exploit identified at time of analysis and EPSS is very low (0.02%), but SSVC rates technical impact as total and automatable.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-502: Deserialization of Untrusted Data)
  • Strong evidence (KEV / high EPSS / multi-source)
9.1
CVSS 3.1
0.0%
EPSS
46
Priority
Prev Page 4 of 17 (414 CVEs) Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy