NIS2 & DORA Compliance
Regulatory triage for vulnerability prioritization – classification based on existing CVE data
NIS2 Relevant
434
DORA Relevant
65
Internet-Facing
369
Third-Party ICT
65
Unpatched
430
Exploited
67
Framework:
Period:
Sort:
SQL injection in ChurchCRM's PropertyTypeEditor.php allows authenticated users with 'Manage Properties' permission to execute arbitrary SQL commands through unsanitized Name and Description POST parameters. ChurchCRM versions prior to 7.1.0 are affected. The vulnerability relies on inadequate input validation (strip_tags() only) before SQL concatenation, enabling data exfiltration, modification, and deletion. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though the attack vector is network-accessible with low complexity once authenticated. EPSS data not provided, but the requirement for authenticated access with specific permissions reduces immediate exploitation surface compared to unauthenticated vulnerabilities.
NIS2
Edge exposure
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-89: SQL Injection)
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
8.8
CVSS 3.1
0.0%
EPSS
44
Priority
SQL injection in ChurchCRM's SettingsIndividual.php allows authenticated users to extract sensitive database contents including member personal information, financial records, and credentials. Affecting all versions prior to 7.1.0, attackers with low-privilege accounts can escalate to full database compromise via unsanitized POST parameter array keys used directly in SQL queries. EPSS data not available, but the low attack complexity (AC:L) and network accessibility (AV:N) combined with publicly disclosed technical details create elevated risk for exposed installations. Vendor-released patch available in version 7.1.0.
NIS2
Edge exposure
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-89: SQL Injection)
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
8.8
CVSS 3.1
0.0%
EPSS
44
Priority
SQL injection in ChurchCRM PropertyTypeEditor.php allows authenticated users with menu options privileges to execute arbitrary SQL commands via Name and Description parameters, enabling full database compromise including data extraction and modification. Affects all versions before 7.1.0. CVSS 8.8 (High) with network-accessible attack vector requiring low-privilege authentication. EPSS data not available; no confirmed active exploitation (not in CISA KEV), but publicly disclosed via GitHub Security Advisory increases likelihood of future exploitation attempts.
NIS2
Edge exposure
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-89: SQL Injection)
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
8.8
CVSS 3.1
0.0%
EPSS
44
Priority
SQL injection in WeGIA 3.6.8 and earlier allows authenticated users to execute arbitrary SQL commands through the id_memorando parameter in DespachoDAO.php. The vulnerability affects WeGIA, a web-based management system for charitable institutions, enabling attackers with valid credentials to potentially exfiltrate sensitive donor/beneficiary data, modify records, or compromise database integrity. No public exploit identified at time of analysis, with EPSS data not available for this recent CVE. Vendor-released patch available in version 3.6.9.
NIS2
Edge exposure
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-89: SQL Injection)
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
8.8
CVSS 3.1
0.0%
EPSS
44
Priority
SQL injection in ChurchCRM 7.0.5 allows authenticated users with 'Manage Groups & Roles' permission to execute arbitrary SQL commands via the NewRole parameter in /MemberRoleChange.php endpoint. This network-accessible vulnerability requires low-complexity exploitation with no user interaction, enabling complete database compromise including data exfiltration and modification. EPSS data unavailable, no CISA KEV listing indicating no confirmed active exploitation at time of analysis, though CVSS 8.8 (High) reflects significant impact potential. Patched in version 7.1.0.
NIS2
Edge exposure
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-89: SQL Injection)
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
8.8
CVSS 3.1
0.0%
EPSS
44
Priority
8.8
CVSS 3.1
0.0%
EPSS
44
Priority
Cross-Site Request Forgery (CSRF) in Product Feed PRO for WooCommerce by AdTribes versions 13.4.6 through 13.5.2.1 allows unauthenticated attackers to manipulate critical feed management functions by tricking authenticated WordPress administrators into executing malicious requests. Exploitation enables attackers to trigger feed migrations, clear custom-attribute caches, modify feed file URLs, alter legacy filter settings, and delete feed posts without proper authorization. EPSS exploitation probability data not available; no confirmed active exploitation (not in CISA KEV) identified at time of analysis. Wordfence reported this vulnerability with patches available via WordPress plugin repository.
NIS2
Edge exposure
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-352: Cross-Site Request Forgery (CSRF))
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
8.8
CVSS 3.1
0.0%
EPSS
44
Priority
Authenticated remote code execution in Daylight Studio FuelCMS version 1.5.2 allows low-privileged users to execute arbitrary code via the Blocks module. CVSS 8.8 rating indicates network-accessible attack requiring low-complexity exploitation without user interaction, enabling full system compromise (confidentiality, integrity, availability impact). No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).
NIS2
Edge exposure
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-94: Code Injection)
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
8.8
CVSS 3.1
0.0%
EPSS
44
Priority
CSRF vulnerability in SpicePress WordPress theme versions ≤2.3.2.5 enables unauthenticated attackers to upload web shells via arbitrary plugin installation, achieving remote code execution. Successful exploitation requires user interaction (victim must click malicious link while authenticated). No public exploit identified at time of analysis. CVSS 8.8 score reflects network-accessible, low-complexity attack with high impact to confidentiality, integrity, and availability.
NIS2
Edge exposure
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-352: Cross-Site Request Forgery (CSRF))
- • No patch available
- • Moderate evidence (PoC / elevated EPSS)
8.8
CVSS 3.1
0.0%
EPSS
44
Priority
8.8
CVSS 3.1
0.0%
EPSS
44
Priority
8.8
CVSS 3.1
0.0%
EPSS
44
Priority
SQL injection in ChurchCRM versions prior to 7.1.0 allows authenticated users with low privileges to execute arbitrary SQL commands via the fund raiser statement report functionality. The vulnerability stems from inadequate input validation of session-based fundraiser identifiers in src/Reports/FundRaiserStatement.php, enabling attackers to achieve complete database compromise including data exfiltration, modification, and potential remote code execution. EPSS exploitation probability and KEV status unavailable, but public advisory exists from GitHub Security (GHSA-grq6-q49f-44xh). No public exploit identified at time of analysis, though SQL injection exploits are well-documented and exploitation complexity is low per CVSS vector (AC:L).
NIS2
Edge exposure
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-89: SQL Injection)
- • No patch available
- • Moderate evidence (PoC / elevated EPSS)
8.8
CVSS 3.1
44
Priority
Remote code execution in BerriAI LiteLLM (all versions through 2026-04-08) enables authenticated attackers to execute arbitrary code by exploiting bytecode rewriting functionality at the /guardrails/test_custom_code endpoint. The vulnerability requires low-privilege authentication (PR:L) but permits complete system compromise with high impact to confidentiality, integrity, and availability. No public exploit identified at time of analysis.
NIS2
Edge exposure
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing technique: rce
- • No patch available
- • Moderate evidence (PoC / elevated EPSS)
8.8
CVSS 3.1
0.2%
EPSS
44
Priority
8.8
CVSS 3.1
0.0%
EPSS
44
Priority
8.8
CVSS 3.1
0.0%
EPSS
44
Priority
Open redirect vulnerability in HPE Aruba Networking Private 5G Core On-Prem GUI enables credential harvesting attacks against authenticated users. Remote attackers can craft malicious URLs that redirect victims from the legitimate login flow to attacker-controlled phishing pages designed to capture credentials. With CVSS 8.8 (High) severity and network-reachable attack surface requiring no authentication, this represents significant phishing risk for organizations deploying private 5G infrastructure. No public exploit identified at time of analysis, though exploitation requires minimal technical complexity.
NIS2
DORA
Edge exposure
ICT dependency
No patch available
Aruba Networks (HPE)
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-601: Open Redirect)
- • Third-party ICT: Aruba Networks (HPE)
- • No patch available
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • HIGH severity
- • ICT provider: Aruba Networks (HPE) (Network & Security)
- • No remediation available
8.8
CVSS 3.1
0.0%
EPSS
44
Priority
LDAP injection in MISP (Malware Information Sharing Platform) versions prior to 2.5.36 enables unauthenticated attackers to bypass authentication and execute unauthorized LDAP queries. The vulnerability exists in ApacheAuthenticate.php when administrators configure apacheEnv to use user-controlled server variables instead of REMOTE_USER in proxy deployments. Attackers manipulate unsanitized username values to inject special characters into LDAP search filters, potentially gaining unauthorized access to the threat intelligence platform. No public exploit identified at time of analysis.
NIS2
Edge exposure
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-90: LDAP Injection)
- • No patch available
- • Moderate evidence (PoC / elevated EPSS)
8.8
CVSS 4.0
0.1%
EPSS
44
Priority
Path traversal in AGiXT Python package (versions ≤1.9.1) allows authenticated attackers to read, write, or delete arbitrary files on the host server. The essential_abilities extension's safe_join() function fails to validate that resolved paths remain within the agent workspace directory, enabling directory traversal sequences (e.g., ../../etc/passwd) to bypass intended file access restrictions. Exploitation requires low-privilege authentication (valid API key) but no user interaction. Public exploit code exists demonstrating /etc/passwd disclosure via the read_file command endpoint.
NIS2
Edge exposure
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-22: Path Traversal)
- • Moderate evidence (PoC / elevated EPSS)
8.8
CVSS 3.1
0.5%
EPSS
44
Priority
8.8
CVSS 3.1
0.0%
EPSS
44
Priority
Remote code execution in Chamilo LMS versions prior to 2.0.0-RC.3 allows authenticated attackers with administrative privileges to inject and execute arbitrary PHP code via platform configuration settings. The PlatformConfigurationController::decodeSettingArray() method unsafely uses eval() to parse database-stored settings, executing injected code when any user-including unauthenticated visitors-accesses the /platform-config/list endpoint. Exploitation requires low-privilege authentication (PR:L) but delivers full system compromise with high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis.
NIS2
Edge exposure
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-95: Eval Injection)
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
8.8
CVSS 3.1
0.0%
EPSS
44
Priority
Authorization bypass in Mattermost Plugin Legal Hold versions <=1.1.4 allows authenticated attackers to manipulate legal hold data without proper permission validation. After failed authorization checks, the plugin continues processing requests instead of terminating them, enabling low-privileged authenticated users to access, create, download, and delete sensitive legal hold data through direct API calls. This represents a critical failure in access control enforcement for compliance-critical data. EPSS data not available; no confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis.
NIS2
Edge exposure
No patch available
Management plane
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing technique: authentication-bypass
- • No patch available
- • Management plane (Missing Authorization)
- • Moderate evidence (PoC / elevated EPSS)
8.8
CVSS 3.1
0.0%
EPSS
44
Priority
Remote code execution as root in AWS Research and Engineering Studio (RES) versions 2025.03 through 2025.12.01 allows authenticated remote attackers to execute arbitrary OS commands via unsanitized input in virtual desktop session names. The vulnerability stems from improper neutralization of special elements in OS commands (CWE-78 command injection), enabling privilege escalation to root on virtual desktop hosts. Vendor-released patch available in version 2026.03. CVSS 8.7 (High) with network attack vector, low complexity, and low privileges required. No public exploit identified at time of analysis, though the technical details in GitHub issue #151 may facilitate weaponization.
NIS2
Edge exposure
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-78: OS Command Injection)
- • Strong evidence (KEV / high EPSS / multi-source)
8.7
CVSS 4.0
0.2%
EPSS
44
Priority
Arbitrary file deletion in Flatpak versions prior to 1.16.4 allows sandboxed applications to delete files on the host system via path traversal during ld.so cache cleanup. The vulnerability stems from improper validation of application-controlled paths when removing outdated cache files, enabling applications to escape sandbox constraints and delete arbitrary host files. No active exploitation or public exploit code is confirmed at time of analysis, though the technical barrier is low given the CVSS vector shows network-accessible attack with low complexity and no authentication required.
NIS2
Edge exposure
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-22: Path Traversal)
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
8.7
CVSS 4.0
0.2%
EPSS
44
Priority
Unauthenticated remote information disclosure in Zammad helpdesk system versions before 7.0.1 and 6.5.4 allows attackers to access sensitive internal entity data through exposed getting started endpoint. The vulnerability bypasses authentication controls, enabling unauthorized access to confidential system information post-setup. Attack vector is network-based with low complexity requiring no user interaction. No public exploit identified at time of analysis. CVSS 8.7 reflects high confidentiality impact.
NIS2
Edge exposure
No patch available
Management plane
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing technique: authentication-bypass
- • No patch available
- • Management plane (Improper Access Control)
- • Strong evidence (KEV / high EPSS / multi-source)
8.7
CVSS 4.0
0.1%
EPSS
44
Priority
Man-in-the-middle attackers can truncate AES-GCM authentication tags in wolfSSL's PKCS7 AuthEnvelopedData processing from 16 bytes to 1 byte, degrading cryptographic integrity verification from 2⁻¹²⁸ to 2⁻⁸ probability. Affects wolfSSL versions through 5.9.0 due to missing lower bounds validation in wc_PKCS7_DecodeAuthEnvelopedData(). Unauthenticated network-based attack enables high-severity integrity bypass without user interaction. No public exploit identified at time of analysis.
NIS2
Edge exposure
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-20: Improper Input Validation)
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
8.7
CVSS 4.0
0.1%
EPSS
44
Priority