Lucene search
K

5 matches found

NVD
NVD
added 2026/06/04 10:16 p.m.12 views

CVE-2026-42547

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS0.00174EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 9:8 p.m.12 views

EUVD-2026-34330

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS5.8AI score0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 8:57 p.m.32 views

CVE-2026-42540 IRIS has a Mass Assignment issue

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS0.00183EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 8:57 p.m.10 views

EUVD-2026-34328

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS5.8AI score0.00183EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 7:31 p.m.9 views

EUVD-2026-34320

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS5.9AI score0.00246EPSS
Exploits0References1
Rows per page
Query Builder