Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.4 MEDIUM
CVE-2026-42547 — IRIS Alerts Can be Falsely Attributed to Customers

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assi…

iris | Remote | Authorization
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2026-42543 — IRIS has a Cross-Site Request Forgery (CSRF) issue

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, beca…

iris | Remote | Cross-Site Request Forgery
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2026-42540 — IRIS has a Mass Assignment issue

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulate…

iris | Remote | Authentication
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-42539 — IRIS has an Excessive Data Exposure issue

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required fo…

iris | Remote | Information Disclosure
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-11322 — Hermes WebUI before 0.51.221 Path Traversal via Symlink Workspace Bypass

Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the d…

Remote | Path Traversal
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
8.3 HIGH
CVE-2026-10871 — Shibby Tomato Web UI rc start_6rd_tunnel os command injection

A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start_6rd_tunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv…

tomato | Remote | Injection
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2024-6858 — In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed ac…

In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN.

eos eos | Authentication
Jun 04, 2026 Jun 17, 2026
Jun 04, 2026
Jun 17, 2026
Showing 20 of 7887 Results