Lucene search
+L

14 matches found

nvd
nvd
added 2026/06/04 10:16 p.m.12 views

CVE-2026-42547

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS0.00174EPSS
Exploits0References2
euvd
euvd
added 2026/06/04 9:8 p.m.12 views

EUVD-2026-34330

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS5.8AI score0.00174EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/04 8:57 p.m.32 views

CVE-2026-42540 IRIS has a Mass Assignment issue

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS0.00183EPSS
Exploits0References1
euvd
euvd
added 2026/06/04 8:57 p.m.10 views

EUVD-2026-34328

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS5.8AI score0.00183EPSS
Exploits0References1
euvd
euvd
added 2026/06/04 7:31 p.m.10 views

EUVD-2026-34320

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS5.9AI score0.00246EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/04/15 8:15 p.m.4 views

CVE-2026-40186

ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package bypasses allowedTags enforcement for text inside nonTextTagsArray elements textarea and option...

6.1CVSS6AI score0.00235EPSS
Exploits1References3Affected Software2
cve
cve
added 2026/04/15 7:25 p.m.11 views

CVE-2026-33888

ApostropheCMS (Node.js) before version 4.29.0 is affected by an authorization bypass in the getRestQuery method of the @apostrophecms/piece-type module. An unauthenticated user can add a project query parameter in the REST API request, which is processed by applyBuildersSafely prior to permission...

5.3CVSS5.7AI score0.00512EPSS
Exploits1References3Affected Software1
cnnvd
cnnvd
added 2026/04/15 12:0 a.m.13 views

ApostropheCMS 安全漏洞

ApostropheCMS is a full-stack content management system open source by Apostrophe Technologies. Versions of ApostropheCMS 4.28.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by storage cross-site scripting vulnerabilities in SEO-related fields, which could lea...

8.7CVSS5.8AI score0.00298EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/04/15 12:0 a.m.11 views

ApostropheCMS 安全漏洞

ApostropheCMS is a full-stack content management system open source by Apostrophe Technologies. Versions of ApostropheCMS 4.28.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by an authorization bypass in the getRestQuery method of the @apostrophecms/piece-type...

5.3CVSS5.8AI score0.00512EPSS
Exploits1References1
cvelist
cvelist
added 2025/10/03 11:17 a.m.11 views

CVE-2025-9129 Flexi <= 4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via flexi-form-tag Shortcode

The Flexi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's flexi-form-tag shortcode in all versions up to, and including, 4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00225EPSS
Exploits0References3
cve
cve
added 2025/10/03 11:17 a.m.21 views

CVE-2025-9129

CVE-2025-9129 describes a Stored Cross-Site Scripting flaw in the WordPress Flexi plugin (up to version 4.28) via the flexi-form-tag shortcode. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, allowing authenticated attackers with contributor-...

6.4CVSS4.7AI score0.00225EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2025/10/03 12:0 a.m.8 views

PT-2025-40483

Name of the Vulnerable Software and Affected Versions Flexi plugin for WordPress versions up to and including 4.28 Description The Flexi plugin for WordPress is susceptible to Stored Cross-Site Scripting through the flexi-form-tag shortcode. Insufficient input sanitization and output escaping on...

6.4CVSS5.2AI score0.00225EPSS
Exploits0References6
cnnvd
cnnvd
added 2023/04/27 12:0 a.m.7 views

GajShield Data Security Firewall 安全漏洞

GajShield Data Security Firewall is an enterprise-grade firewall product from GajShield that provides network security solutions to protect organizations from a wide range of cyber threats and attacks, including malware, viruses, spyware, phishing, DDoS attacks, and more. A security vulnerability...

10CVSS8.8AI score0.01128EPSS
Exploits0References2
cnnvd
cnnvd
added 2023/04/12 12:0 a.m.5 views

Arista Networks Extensible Operating System 安全漏洞

Arista Networks Extensible Operating System EOS is a scalable operating system for next-generation data center and cloud solutions from Arista Networks, Inc. in the United States. A security vulnerability exists in the Arista Networks Extensible Operating System that stems from specially crafted...

7.5CVSS7.3AI score0.00836EPSS
Exploits1References2
Rows per page
Query Builder