Lucene search
K

51 matches found

CVE
CVE
added 2026/06/04 9:0 p.m.20 views

CVE-2026-42543

IRIS (web collaboration platform) is affected by CVE-2026-42543 in versions prior to 2.4.28. The vulnerability is CSRF caused by using HTTP GET to perform state-changing actions on the server. A patch exists in 2.4.28. Impact details are limited to what the sources state; there is no exploitation...

4.3CVSS5.7AI score0.00174EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 8:57 p.m.20 views

CVE-2026-42540

IRIS web collaborative platform suffers a Mass Assignment vulnerability (CVE-2026-42540). Versions prior to 2.4.28 allow an attacker to alter values in the database through manipulated API requests. A fix is available in version 2.4.28. The CVSS 3.1 score is 4.3 (Medium) with Network attack vecto...

4.3CVSS5.8AI score0.00183EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 8:57 p.m.8 views

CVE-2026-42540

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

5.8AI score0.00183EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/04 8:57 p.m.10 views

EUVD-2026-34328

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS5.8AI score0.00183EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 8:54 p.m.33 views

CVE-2026-42539 IRIS has an Excessive Data Exposure issue

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

6.5CVSS0.00232EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 8:54 p.m.22 views

CVE-2026-42539

CVE-2026-42539 affects the IRIS web collaborative platform. Versions prior to 2.4.28 expose sensitive data to users that is not required for operation. The root cause is an excessive data exposure in these older builds. Version 2.4.28 includes a patch to fix this. CVSS 3.1 metrics indicate a Medi...

6.5CVSS5.8AI score0.00232EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 8:54 p.m.8 views

CVE-2026-42539 IRIS has an Excessive Data Exposure issue

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

6.5CVSS5.5AI score0.00232EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 8:54 p.m.9 views

CVE-2026-42539

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

5.8AI score0.00232EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/04 8:48 p.m.33 views

CVE-2026-42538 IRIS has an Insecure File Upload

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...

6.3CVSS0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 8:48 p.m.14 views

EUVD-2026-34326

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...

6.3CVSS5.8AI score0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 8:48 p.m.8 views

CVE-2026-42538 IRIS has an Insecure File Upload

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...

6.3CVSS5.4AI score0.00175EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 8:48 p.m.11 views

CVE-2026-42538

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...

6.3CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/04 8:48 p.m.23 views

CVE-2026-42538

IRIS is a web collaboration platform. Affected versions are prior to 2.4.28, where uploaded file validation is insufficient, enabling misuse to host phishing pages and an additional Cross-Site Scripting (XSS) vulnerability. The issue is addressed in version 2.4.28 (patch). There is no exploitatio...

6.3CVSS5.8AI score0.00175EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 8:47 p.m.34 views

CVE-2026-42329 Iris has an Open Redirect issue

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...

4.7CVSS0.00174EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 8:47 p.m.21 views

CVE-2026-42329

Affected product : Iris web collaborative platform. Vulnerability : Open redirect in Iris prior to version 2.4.28, allowing an attacker to redirect a user to a malicious website. Root cause / surface : Weak redirect behavior in versions

4.7CVSS5.8AI score0.00174EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 8:47 p.m.9 views

CVE-2026-42329

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...

4.7CVSS5.8AI score0.00174EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/04 8:16 p.m.12 views

CVE-2026-41522

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 7:31 p.m.31 views

CVE-2026-41522 Iris has an Improper Authorization issue

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS0.00246EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 7:31 p.m.8 views

CVE-2026-41522

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS5.9AI score0.00246EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 7:31 p.m.10 views

CVE-2026-41522 Iris has an Improper Authorization issue

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS5.6AI score0.00246EPSS
Exploits0References1
Rows per page
Query Builder