Lucene search
K

612 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/04 8:48 p.m.10 views

CVE-2026-42538

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...

6.3CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/04 8:48 p.m.20 views

CVE-2026-42538

IRIS is a web collaboration platform. Affected versions are prior to 2.4.28, where uploaded file validation is insufficient, enabling misuse to host phishing pages and an additional Cross-Site Scripting (XSS) vulnerability. The issue is addressed in version 2.4.28 (patch). There is no exploitatio...

6.3CVSS5.8AI score0.00175EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 8:47 p.m.8 views

CVE-2026-42329

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...

4.7CVSS5.8AI score0.00174EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 8:47 p.m.6 views

CVE-2026-42329 Iris has an Open Redirect issue

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...

4.7CVSS5.5AI score0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 8:47 p.m.31 views

CVE-2026-42329 Iris has an Open Redirect issue

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...

4.7CVSS0.00174EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 8:47 p.m.17 views

CVE-2026-42329

Affected product : Iris web collaborative platform. Vulnerability : Open redirect in Iris prior to version 2.4.28, allowing an attacker to redirect a user to a malicious website. Root cause / surface : Weak redirect behavior in versions

4.7CVSS5.8AI score0.00174EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 8:47 p.m.9 views

EUVD-2026-34325

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...

4.7CVSS5.8AI score0.00174EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 8:16 p.m.10 views

CVE-2026-41522

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 7:31 p.m.8 views

EUVD-2026-34320

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS5.9AI score0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 7:31 p.m.28 views

CVE-2026-41522 Iris has an Improper Authorization issue

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS0.00246EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 7:31 p.m.8 views

CVE-2026-41522 Iris has an Improper Authorization issue

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS5.6AI score0.00246EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 7:31 p.m.18 views

CVE-2026-41522

Affected software: Iris DFIR-IRIS web collaboration platform. Vulnerable version: earlier than 2.4.28. Issue: optional GraphQL endpoint at /graphql did not enforce the same authorization as the REST API, enabling three unauthorized actions by any authenticated user: (1) IOC read across cases (IDO...

7.1CVSS5.9AI score0.00246EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 7:31 p.m.7 views

CVE-2026-41522

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS5.9AI score0.00246EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.13 views

PT-2026-46388

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

6.5CVSS5.8AI score0.00232EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.16 views

PT-2026-46384

Name of the Vulnerable Software and Affected Versions Iris versions prior to 2.4.28 Description Iris is a web collaborative platform designed for incident responders to share technical details during investigations. The software contains an open redirect flaw that allows an attacker to redirect...

4.7CVSS5.5AI score0.00174EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.12 views

PT-2026-46390

Name of the Vulnerable Software and Affected Versions IRIS versions prior to 2.4.28 Description IRIS is a web collaborative platform designed for incident responders to share technical details during investigations. The software is susceptible to a cross-site request forgery attack, which occurs...

4.3CVSS5.3AI score0.00174EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.12 views

PT-2026-46391

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS5.8AI score0.00174EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.6 views

Iris 安全漏洞

Iris is an open-source fast, simple, yet fully functional and highly efficient Go network framework developed by DFIR-IRIS. Versions of Iris prior to 2.4.28 contained security vulnerabilities, which stemmed from allowing users to manipulate API requests to modify values in the database...

4.3CVSS5.3AI score0.00183EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.6 views

Iris 安全漏洞

Iris is an open-source fast, simple, yet fully functional and highly efficient Go web framework developed by DFIR-IRIS. Versions of Iris prior to 2.4.28 contained security vulnerabilities, which were caused by improper file upload validation. These vulnerabilities could lead to the hosting of...

6.3CVSS5AI score0.00175EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.6 views

Iris 安全漏洞

Iris is an open-source fast, simple, yet fully functional and highly efficient Go web framework developed by DFIR-IRIS. Versions of Iris prior to 2.4.28 contained security vulnerabilities. These vulnerabilities stemmed from the ability to create alerts for unassigned customers, which could be...

5.4CVSS5.2AI score0.00174EPSS
Exploits0References2
Rows per page
Query Builder