Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.4 MEDIUM
CVE-2026-42547 — IRIS Alerts Can be Falsely Attributed to Customers

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assi…

iris | Remote | Authorization
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2026-42543 — IRIS has a Cross-Site Request Forgery (CSRF) issue

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, beca…

iris | Remote | Cross-Site Request Forgery
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2026-42540 — IRIS has a Mass Assignment issue

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulate…

iris | Remote | Authentication
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-42539 — IRIS has an Excessive Data Exposure issue

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required fo…

iris | Remote | Information Disclosure
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-11322 — Hermes WebUI before 0.51.221 Path Traversal via Symlink Workspace Bypass

Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the d…

Remote | Path Traversal
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
8.3 HIGH
CVE-2026-10871 — Shibby Tomato Web UI rc start_6rd_tunnel os command injection

A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start_6rd_tunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv…

tomato | Remote | Injection
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2024-6858 — In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed ac…

In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN.

eos eos | Authentication
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
6.3 MEDIUM
CVE-2026-5066 — net: sockets: tls: Potential out-of-bounds write/read in socket_op_vtable::connect functi…

A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c). When the TLS session cache is enabled, tls_session_…

zephyr | Remote | Memory Corruption
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
6.3 MEDIUM
CVE-2026-42538 — IRIS has an Insecure File Upload

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application ca…

iris | Remote | Cross-Site Scripting
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
4.7 MEDIUM
CVE-2026-42329 — Iris has an Open Redirect issue

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redir…

iris | Remote | Misconfiguration
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
8.3 HIGH
CVE-2026-10870 — Shibby Tomato Web UI rc start_dhcpc os command injection

A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to …

tomato | Remote | Injection
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
Showing 20 of 7891 Results