Lucene search
K

41 matches found

nvd
nvd
added 2026/06/04 10:16 p.m.12 views

CVE-2026-42540

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS0.00183EPSS
Exploits0References1
euvd
euvd
added 2026/06/04 9:0 p.m.11 views

EUVD-2026-34329

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method GET to change state on the server. Version 2.4.28 contains a patch...

4.3CVSS5.7AI score0.00174EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/04 8:57 p.m.8 views

CVE-2026-42540 IRIS has a Mass Assignment issue

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS5.5AI score0.00183EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/04 8:54 p.m.9 views

CVE-2026-42539

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

5.8AI score0.00232EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/06/04 8:54 p.m.14 views

EUVD-2026-34327

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

6.5CVSS5.8AI score0.00232EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/04 12:0 a.m.17 views

PT-2026-46385

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...

6.3CVSS5.8AI score0.00175EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/04 12:0 a.m.19 views

PT-2026-46388

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

6.5CVSS5.8AI score0.00232EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-34989

Malicious code in bioql PyPI...

6.3CVSS5.8AI score0.00382EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-22945

Malicious code in bioql PyPI...

6.8CVSS6.6AI score0.00852EPSS
Exploits0References1
rapid7blog
rapid7blog
added 2024/09/24 1:0 p.m.11 views

Three Recommendations for Creating a Risk-Based Detection and Response Program

It should come as little surprise to most security professionals that keeping pace with the evolution of threat actors has become harder and harder. Maintaining visibility into the threat landscape and on top of external risk vectors is more than a matter of incorporating more point solutions. It...

6.8AI score
Exploits0
cvelist
cvelist
added 2024/04/25 4:30 p.m.36 views

CVE-2024-25624 iris-web vulnerable to Server Side Template Injection in reports

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection SSTI. Successful exploitation of the vulnerability c...

6.8CVSS7.2AI score0.00852EPSS
Exploits0References1
kitploit
kitploit
added 2024/04/02 11:30 a.m.40 views

VolWeb - A Centralized And Enhanced Memory Analysis Platform

VolWeb is a digital forensic memory analysis platform that leverages the power of the Volatility 3 framework. It is dedicated to aiding in investigations and incident responses. Objective The goal of VolWeb is to enhance the efficiency of memory collection and forensic analysis by providing a...

7AI score
Exploits0References2
nvd
nvd
added 2024/02/19 8:15 p.m.27 views

CVE-2024-25640

Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to...

5.4CVSS4.3AI score0.00337EPSS
Exploits0References1
cve
cve
added 2024/02/19 7:56 p.m.58 views

CVE-2024-25640

CVE-2024-25640 affects iris-web prior to version 2.4.0, where a stored XSS flaw exists at multiple locations. The underlying issue allows an authenticated attacker to inject scripts that execute when a user visits affected pages. Impact is consistent with XSS exposure leading to potential data ac...

5.4CVSS4.3AI score0.00337EPSS
Exploits0References1Affected Software1
prion
prion
added 2023/12/22 8:15 p.m.29 views

Cross site scripting

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attack...

4.9CVSS5.5AI score0.00298EPSS
Exploits0References2Affected Software1
cve
cve
added 2023/12/22 7:19 p.m.40 views

CVE-2023-50712

Summary (CVE-2023-50712): Iris-web prior to v2.3.7 contains a stored XSS vulnerability across multiple locations. An attacker must be authenticated to exploit, and injected scripts could execute when a user visits affected areas, potentially enabling unauthorized access or data theft. The issue i...

5.4CVSS4.6AI score0.00298EPSS
Exploits0References2Affected Software1
kitploit
kitploit
added 2023/08/15 12:30 p.m.73 views

Trawler - PowerShell Script To Help Incident Responders Discover Adversary Persistence Mechanisms

Dredging Windows for Persistence What is it? Trawler is a PowerShell script designed to help Incident Responders discover potential indicators of compromise on Windows hosts, primarily focused on persistence mechanisms including Scheduled Tasks, Services, Registry Modifications, Startup Items,...

7.5AI score
Exploits0References6
prion
prion
added 2023/05/25 6:15 p.m.24 views

Cross site scripting

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious...

4.9CVSS5AI score0.00382EPSS
Exploits0References2Affected Software1
cve
cve
added 2023/05/25 5:39 p.m.47 views

CVE-2023-30615

CVE-2023-30615 (iris-web) is a stored XSS vulnerability affecting iris-web before version 2.2.1. The issue allows an authenticated attacker to inject malicious scripts that run when users visit affected locations, with potential for unauthorized access and data theft. The patch is available in ir...

6.3CVSS5.4AI score0.00382EPSS
Exploits0References2Affected Software1
osv
osv
added 2023/05/25 5:39 p.m.22 views

CVE-2023-30615 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in iris-web

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious...

6.3CVSS5AI score0.00382EPSS
Exploits0References4
Rows per page
Query Builder