|
191
|
6.5 |
MEDIUM
Network
|
-
|
-
|
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required fo…
New
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-42539
|
2026-06-6 01:00 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
192
|
4.3 |
MEDIUM
Network
|
-
|
-
|
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulate…
New
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-42540
|
2026-06-6 01:00 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
193
|
4.3 |
MEDIUM
Network
|
-
|
-
|
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, beca…
New
|
CWE-650
Trusting HTTP Permission Methods on the Server Side
|
CVE-2026-42543
|
2026-06-6 01:00 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194
|
5.4 |
MEDIUM
Network
|
-
|
-
|
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assi…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-42547
|
2026-06-6 01:00 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195
|
7.6 |
HIGH
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-edit…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-41518
|
2026-06-6 01:00 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196
|
- |
|
-
|
-
|
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at `/graphql…
New
|
CWE-285
Improper Authorization
|
CVE-2026-41522
|
2026-06-6 01:00 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality N…
New
|
CWE-287
CWE-306
CWE-1390
Improper Authentication
Missing Authentication for Critical Function
Weak Authentication
|
CVE-2026-6274
|
2026-06-6 00:56 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL wi…
New
|
CWE-176
Improper Handling of Unicode Encoding
|
CVE-2025-71316
|
2026-06-6 00:56 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199
|
- |
|
-
|
-
|
Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially cr…
New
|
CWE-228
Improper Handling of Syntactically Invalid Structure
|
CVE-2026-25657
|
2026-06-6 00:56 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200
|
- |
|
-
|
-
|
Ericsson
Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling
of Missing Values (CWE-230) vulnerability where an attacker continuously
sending a specially crafted message can…
New
|
CWE-230
Improper Handling of Missing Values
|
CVE-2026-25658
|
2026-06-6 00:56 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
