NIS2 & DORA Compliance

Regulatory triage for vulnerability prioritization – classification based on existing CVE data

Regulatory Triage ICT Providers
NIS2 Relevant
433
DORA Relevant
65
Internet-Facing
368
Third-Party ICT
65
Unpatched
438
Exploited
67
Framework:
Period:
Sort:
CVE-2026-4277
Unauthenticated attackers can bypass add permissions in Django GenericInlineModelAdmin (versions 6.0 <6.0.4, 5.2 <5.2.13, 4.2 <4.2.30) by submitting forged POST data to inline model forms. Permission checks fail to validate creation rights on inline model instances, enabling unauthorized database record insertion with network access alone. CVSS 9.8 critical severity reflects complete confidentiality, integrity, and availability impact. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.01%).
NIS2 Edge exposure Management plane
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: authentication-bypass
  • Management plane (Missing Authorization)
  • Strong evidence (KEV / high EPSS / multi-source)
9.8
CVSS 3.1
0.0%
EPSS
49
Priority
CVE-2025-52908
Buffer overflow in Samsung Exynos Wi-Fi driver (980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, W1000) allows unauthenticated remote code execution via malformed NL80211 vendor command ioctl message. Incorrect handling of vendor-specific wireless configuration commands enables network-based memory corruption. CVSS 9.8 critical severity reflects network attack vector requiring no authentication or user interaction. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.01%).
No patch available
Why flagged?
9.8
CVSS 3.1
0.0%
EPSS
49
Priority
CVE-2026-5735
Remote code execution in Mozilla Firefox versions prior to 149.0.2 stems from multiple memory safety bugs allowing unauthenticated network attackers to execute arbitrary code without user interaction. Mozilla confirmed memory corruption evidence across affected versions (Firefox 149.0.1 and Thunderbird 149.0.1), though Thunderbird patch status remains unconfirmed. CVSS 9.8 reflects maximum severity due to network-accessible attack vector with no complexity barriers. No public exploit identified at time of analysis, though the CWE-787 out-of-bounds write class has high weaponization potential once technical details emerge from linked Bugzilla entries.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: rce
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
9.8
CVSS 3.1
0.0%
EPSS
49
Priority
CVE-2026-5734
Multiple memory corruption vulnerabilities in Mozilla Firefox (< 149.0.2) and Firefox ESR (< 140.9.1) enable unauthenticated remote code execution with critical CVSS 9.8 severity. These memory safety bugs-including CWE-787 out-of-bounds write issues-affect both standard and Extended Support Release channels, with Mozilla confirming evidence of memory corruption exploitable for arbitrary code execution. No active exploitation confirmed (not in CISA KEV) and no public exploit identified at time of analysis, though CVSS vector indicates network-accessible attack requiring no user interaction.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: rce
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
9.8
CVSS 3.1
0.0%
EPSS
49
Priority
CVE-2026-2942
Unauthenticated arbitrary file upload in ProSolution WP Client plugin (≤1.9.9) enables attackers to upload executable files without validation via the 'proSol_fileUploadProcess' function, leading to remote code execution on WordPress servers. Critical severity (CVSS 9.8) with network-accessible attack vector requiring no authentication or user interaction. No public exploit identified at time of analysis.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-434: Unrestricted Upload of File)
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
9.8
CVSS 3.1
0.1%
EPSS
49
Priority
CVE-2026-5731
Remote code execution in Mozilla Firefox and Thunderbird via memory corruption vulnerabilities allows unauthenticated remote attackers to execute arbitrary code without user interaction. Affects Firefox <149.0.2, Firefox ESR <115.34.1, and Firefox ESR <140.9.1 across desktop platforms. With CVSS 9.8 (critical severity, network-accessible, no privileges required) and CWE-119 buffer overflow classification, this represents multiple memory safety bugs that Mozilla assessed could be exploited for arbitrary code execution. No public exploit identified at time of analysis; EPSS data not provided but critical browser vulnerabilities historically attract rapid exploitation interest.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: rce
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
9.8
CVSS 3.1
0.1%
EPSS
49
Priority
CVE-2026-1115
Stored cross-site scripting in parisneo/lollms versions prior to 2.2.0 enables unauthenticated attackers to inject malicious JavaScript through unsanitized social post content in the create_post function. Injected scripts execute in victims' browsers when viewing the Home Feed, enabling account takeover, session hijacking, and wormable propagation across the platform. The CVSS vector indicates network-accessible exploitation requiring user interaction, with scope change allowing cross-domain impact. No public exploit identified at time of analysis, but low attack complexity increases weaponization risk.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-79: Cross-site Scripting (XSS))
  • Strong evidence (KEV / high EPSS / multi-source)
9.6
CVSS 3.0
0.0%
EPSS
48
Priority
CVE-2026-5874
Use-after-free vulnerability in Google Chrome's PrivateAI component (versions prior to 147.0.7727.55) enables sandbox escape when remote attackers socially engineer victims into performing specific UI interactions with malicious HTML pages. Exploitation requires user engagement with attacker-controlled content but no authentication. CVSS 9.6 critical severity reflects potential for complete compromise of confidentiality, integrity, and availability with scope change indicating sandbox boundary violation. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.03%).
Why flagged?
9.6
CVSS 3.1
0.0%
EPSS
48
Priority
CVE-2026-39617
Cross-Site Request Forgery in priyanshumittal Bluestreet WordPress theme through version 1.7.3 enables unauthenticated attackers to perform arbitrary plugin installations via CSRF. Exploitation requires user interaction (victim must click malicious link or visit attacker-controlled page while authenticated to WordPress). High severity due to scope change and potential for complete site compromise through malicious plugin deployment. No public exploit identified at time of analysis.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-352: Cross-Site Request Forgery (CSRF))
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
9.6
CVSS 3.1
0.0%
EPSS
48
Priority
CVE-2026-39619
Cross-Site Request Forgery (CSRF) in Busiprof WordPress theme versions ≤2.5.2 enables unauthenticated attackers to upload web shells to the server by tricking authenticated administrators into executing malicious requests. Successful exploitation grants remote code execution capabilities through arbitrary file upload, allowing complete server compromise. CVSS 9.6 reflects cross-site scope with high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, with low observed exploitation activity (EPSS 0.01%).
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-352: Cross-Site Request Forgery (CSRF))
  • No patch available
  • Moderate evidence (PoC / elevated EPSS)
9.6
CVSS 3.1
0.0%
EPSS
48
Priority
CVE-2026-40088
Command injection in PraisonAI pip package allows remote code execution when processing untrusted YAML workflows, agent configurations, or LLM-generated tool calls. Multiple execution paths (`execute_command`, workflow shell steps, action orchestrator) pass user-controlled input to `subprocess.run()` with `shell=True`, enabling arbitrary command execution via shell metacharacters (`;`, `|`, `&&`, `$()`). Affected: PraisonAI versions < 4.5.121. Attack vectors include malicious YAML definitions, agent marketplace poisoning, and document-based prompt injection. No public exploit identified at time of analysis. CVSS 9.7 (Critical) reflects network-accessible unauthenticated attack requiring only user interaction, with complete system compromise potential.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-78: OS Command Injection)
  • Moderate evidence (PoC / elevated EPSS)
9.6
CVSS 3.1
0.1%
EPSS
48
Priority
CVE-2026-39397
Access control bypass in PayloadCMS Puck plugin (delmaredigital/payload-puck) versions prior to 0.6.23 allows unauthenticated remote attackers to perform unauthorized CRUD operations on all Puck-managed content collections. The vulnerability stems from hardcoded overrideAccess: true in API endpoint handlers, completely circumventing collection-level access controls that developers implemented. With CVSS 9.4 (critical severity), CVSS vector PR:N confirms no authentication required, and AC:L indicates trivial exploitation. No CISA KEV listing or public exploit identified at time of analysis, but the vulnerability is straightforward to exploit given the network-accessible API endpoints and complete access control failure.
NIS2 Edge exposure Management plane
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: authentication-bypass
  • Management plane (Missing Authorization)
  • Strong evidence (KEV / high EPSS / multi-source)
9.4
CVSS 3.1
0.0%
EPSS
47
Priority
CVE-2026-39342
SQL injection in ChurchCRM's QueryView.php allows authenticated users with Data/Reports access to execute arbitrary SQL commands via the searchwhat parameter when using QueryID=15 (Advanced Search). Affects all versions prior to 7.1.0. CVSS 9.4 critical severity reflects network-accessible attack requiring low privileges with high impact across confidentiality, integrity, and availability. EPSS data not available; no confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis. Vendor-released patch available in version 7.1.0.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-89: SQL Injection)
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
9.4
CVSS 4.0
0.0%
EPSS
47
Priority
CVE-2026-40157
Path traversal in PraisonAI multi-agent teams system (versions prior to 4.5.128) enables arbitrary file overwrite through malicious .praison archive bundles. The cmd_unpack function in recipe CLI performs unvalidated tar extraction, allowing attackers to embed ../ path sequences that escape the intended extraction directory. Unauthenticated attackers can distribute weaponized bundles that, when unpacked by victims via 'praisonai recipe unpack' command, overwrite critical system files with attacker-controlled content. No public exploit identified at time of analysis.
NIS2 Edge exposure
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-22: Path Traversal)
  • Moderate evidence (PoC / elevated EPSS)
9.4
CVSS 4.0
0.1%
EPSS
47
Priority
CVE-2026-3199
Remote code execution in Sonatype Nexus Repository 3.22.1-3.90.2 allows authenticated attackers with task creation permissions to execute arbitrary code via unsafe deserialization in the task management component. Exploitation bypasses the nexus.scripts.allowCreation security control, granting unauthorized code execution on the server. CVSS 9.4 (Critical). No public exploit identified at time of analysis. Attack requires low-privileged authentication (PR:L) and network access but no user interaction.
Edge exposure
Why flagged?
9.4
CVSS 4.0
0.1%
EPSS
47
Priority
CVE-2026-33707
Unauthenticated password reset takeover in Chamilo LMS 1.11.x (prior to 1.11.38) and 2.0.0-RC versions (prior to RC.3) allows remote attackers to hijack arbitrary user accounts by computing deterministic reset tokens. The vulnerability stems from insecure token generation using sha1($email) without randomization, expiration, or rate limiting. Attackers knowing a target's email address can directly calculate valid password reset tokens and change account credentials without prior authentication, enabling full account takeover with high confidentiality and integrity impact. No public exploit identified at time of analysis.
No patch available
Why flagged?
9.4
CVSS 3.1
0.1%
EPSS
47
Priority
CVE-2026-35047
Unrestricted file upload in BraveCMS 2.0 (prior to 2.0.6) enables remote attackers to execute arbitrary code on the server without authentication. The CKEditor endpoint accepts malicious file uploads including executable scripts, leading to full remote code execution with CVSS 9.3 severity. EPSS data unavailable, no confirmed active exploitation (not in CISA KEV), but upstream fix is available via GitHub commit and version 2.0.6 release. Attack complexity is low with network-accessible vector requiring no privileges or user interaction, making this a critical exposure for internet-facing BraveCMS installations.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-434: Unrestricted Upload of File)
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
9.3
CVSS 4.0
0.4%
EPSS
47
Priority
CVE-2026-34078
Sandbox escape in Flatpak versions prior to 1.16.4 allows applications to access arbitrary host filesystem paths and achieve host-level code execution through symlink manipulation in portal sandbox-expose options. The vulnerability requires no authentication (CVSS:4.0 PR:N) and is exploitable over the network with low complexity. No confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis, though the attack primitive is clearly documented in the vendor advisory.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: rce
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
9.3
CVSS 4.0
0.2%
EPSS
47
Priority
CVE-2026-33439
Remote code execution in OpenIdentityPlatform OpenAM 16.0.5 and earlier allows unauthenticated attackers to execute arbitrary OS commands via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypass exploits an unpatched deserialization sink in JATO's ClientSession.deserializeAttributes() that was overlooked when CVE-2021-35464 was mitigated. Attackers can target any JATO ViewBean endpoint with <jato:form> tags (commonly found in password reset pages) using a PriorityQueue→TemplatesImpl gadget chain with libraries bundled in OpenAM's WAR file. Vendor-released patch available in version 16.0.6 (GitHub commit 014007c). No public exploit code identified at time of analysis, but detailed technical writeup with gadget chain specifics has been published.
NIS2 DORA Edge exposure ICT dependency Docker Oracle Database Apple
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-502: Deserialization of Untrusted Data)
  • Third-party ICT: Docker, Oracle Database, Apple
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • CRITICAL severity
  • ICT provider: Docker (Dev Platforms & CI/CD)
  • ICT provider: Oracle Database (Databases & Data Platforms)
  • ICT provider: Apple (Operating Systems)
9.3
CVSS 4.0
0.1%
EPSS
47
Priority
CVE-2026-40035
Remote code execution in dfir-unfurl versions through 20250810 via exposed Werkzeug debugger. Improper string-based config parsing enables Flask debug mode by default, allowing unauthenticated remote attackers to access the interactive debugger interface and execute arbitrary Python code or extract sensitive application data including source code, environment variables, and stack traces. No public exploit identified at time of analysis.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing technique: rce
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
9.3
CVSS 4.0
0.1%
EPSS
47
Priority
CVE-2026-34977
Unauthenticated remote code execution (RCE) at root level in Aperi'Solve <3.2.1 allows attackers to execute arbitrary commands via unsanitized password input in JPEG upload functionality. Attack requires no authentication (PR:N) and low complexity (AC:L), with CVSS 9.3 critical severity. Publicly available exploit code exists via GitHub advisory. Attackers gain full container compromise with potential pivot to PostgreSQL/Redis databases and, in misconfigured deployments with Docker socket mounts, possible host system takeover. EPSS data not provided, but given unauthenticated network-based vector and public disclosure with fix details, exploitation risk is substantial for exposed instances.
NIS2 DORA Edge exposure ICT dependency No patch available Docker PostgreSQL Redis
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-78: OS Command Injection)
  • Third-party ICT: Docker, PostgreSQL, Redis
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
  • CRITICAL severity
  • ICT provider: Docker (Dev Platforms & CI/CD)
  • ICT provider: PostgreSQL (Databases & Data Platforms)
  • ICT provider: Redis (Databases & Data Platforms)
  • No remediation available
9.3
CVSS 4.0
0.1%
EPSS
47
Priority
CVE-2026-25776
Code injection in Movable Type CMS allows unauthenticated remote attackers to execute arbitrary Perl code with critical impact. The CVSS:4.0 score of 9.3 reflects network-accessible exploitation requiring no privileges or user interaction (AV:N/AC:L/PR:N/UI:N), enabling complete system compromise. No public exploit identified at time of analysis, though EPSS data unavailable. Vendor Six Apart has released patched version MT 9.0.7 addressing this CWE-94 code injection flaw.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-94: Code Injection)
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
9.3
CVSS 4.0
0.0%
EPSS
47
Priority
CVE-2026-39382
Command injection in dbt-labs/actions workflow allows remote code execution via malicious GitHub issue comments. Unauthenticated attackers can inject arbitrary shell commands through unescaped comment-body output in the open-issue-in-repo.yml reusable workflow, affecting dbt-core infrastructure. The vulnerability exists in GitHub Actions workflows where attacker-controlled comment text is interpolated directly into bash if statements without sanitization. Fixed in commit bbed8d28, no public exploit identified at time of analysis, but EPSS scoring and CVSS 9.3 indicate critical severity with network attack vector requiring no privileges.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-78: OS Command Injection)
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
9.3
CVSS 4.0
0.0%
EPSS
47
Priority
CVE-2026-39324
Session authentication bypass in Rack::Session::Cookie 2.0.0 through 2.1.1 allows unauthenticated remote attackers to forge valid session cookies and gain unauthorized access. When configured with secrets, the implementation incorrectly falls back to a default decoder on decryption failures rather than rejecting malformed cookies, enabling attackers to manipulate session state without any secret knowledge. CVSS 9.3 (Critical) with network attack vector, low complexity, and no privileges required. No public exploit or active exploitation (CISA KEV) identified at time of analysis, though the simplicity of the attack vector (AC:L, PR:N) suggests exploitation is straightforward once the vulnerability is understood.
NIS2 Edge exposure Management plane
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-287: Improper Authentication)
  • Management plane (Improper Authentication)
  • Strong evidence (KEV / high EPSS / multi-source)
9.3
CVSS 4.0
0.0%
EPSS
47
Priority
CVE-2026-35614
SQL injection in Frappe's bulk_update function enables unauthenticated remote attackers to execute arbitrary SQL commands, potentially achieving complete database compromise including data exfiltration, modification, and deletion. Affects Frappe versions prior to 16.14.0 and 15.104.0. CVSS 9.3 (Critical) reflects network-accessible attack requiring no authentication or user interaction. No public exploit identified at time of analysis, though the attack surface (bulk update API endpoint) and vulnerability class (SQL injection) are well-understood by attackers.
NIS2 Edge exposure No patch available
Why flagged?
NIS2 Relevant
  • CRITICAL severity
  • Internet-facing (CWE-89: SQL Injection)
  • No patch available
  • Strong evidence (KEV / high EPSS / multi-source)
9.3
CVSS 4.0
0.0%
EPSS
47
Priority
Prev Page 5 of 25 (620 CVEs) Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy