51 matches found
CVE-2026-42543
IRIS (web collaboration platform) is affected by CVE-2026-42543 in versions prior to 2.4.28. The vulnerability is CSRF caused by using HTTP GET to perform state-changing actions on the server. A patch exists in 2.4.28. Impact details are limited to what the sources state; there is no exploitation...
CVE-2026-42540
IRIS web collaborative platform suffers a Mass Assignment vulnerability (CVE-2026-42540). Versions prior to 2.4.28 allow an attacker to alter values in the database through manipulated API requests. A fix is available in version 2.4.28. The CVSS 3.1 score is 4.3 (Medium) with Network attack vecto...
CVE-2026-42540
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...
EUVD-2026-34328
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...
CVE-2026-42539 IRIS has an Excessive Data Exposure issue
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...
CVE-2026-42539
CVE-2026-42539 affects the IRIS web collaborative platform. Versions prior to 2.4.28 expose sensitive data to users that is not required for operation. The root cause is an excessive data exposure in these older builds. Version 2.4.28 includes a patch to fix this. CVSS 3.1 metrics indicate a Medi...
CVE-2026-42539 IRIS has an Excessive Data Exposure issue
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...
CVE-2026-42539
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...
CVE-2026-42538 IRIS has an Insecure File Upload
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...
EUVD-2026-34326
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...
CVE-2026-42538 IRIS has an Insecure File Upload
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...
CVE-2026-42538
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...
CVE-2026-42538
IRIS is a web collaboration platform. Affected versions are prior to 2.4.28, where uploaded file validation is insufficient, enabling misuse to host phishing pages and an additional Cross-Site Scripting (XSS) vulnerability. The issue is addressed in version 2.4.28 (patch). There is no exploitatio...
CVE-2026-42329 Iris has an Open Redirect issue
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...
CVE-2026-42329
Affected product : Iris web collaborative platform. Vulnerability : Open redirect in Iris prior to version 2.4.28, allowing an attacker to redirect a user to a malicious website. Root cause / surface : Weak redirect behavior in versions
CVE-2026-42329
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...
CVE-2026-41522
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...
CVE-2026-41522 Iris has an Improper Authorization issue
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...
CVE-2026-41522
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...
CVE-2026-41522 Iris has an Improper Authorization issue
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...