Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threat Intelligence
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-60060: Improper handling of length parameter inconsistency in TeraTerm Project TTSSH2CVE-2026-60060 0 CVE-2026-60060 is a medium severity vulnerability in the TTSSH2 plugin of Tera Term. It involves improper handling of length parameter inconsistencies during SSH connection establishment. This flaw can cause out-of-bounds read/write, potentially leaking adjacent memory contents to an attacker-controlled server and causing abnormal termination or unexpected behavior of Tera Term. Join the discussion | CVE Database V5 | 07/17/2026, 04:13:38 UTC Added: 07/17/2026, 04:48:10 UTC |
CVE-2026-58317: Unsigned to signed conversion error in TeraTerm Project TTSSH2CVE-2026-58317 0 CVE-2026-58317 is a medium severity vulnerability in the TTSSH2 plugin of Tera Term caused by an unsigned to signed conversion error. This flaw can lead to out-of-bounds read/write when establishing an SSH connection to a malicious server. Exploitation may cause Tera Term to leak adjacent memory contents to the attacker and potentially crash or behave unexpectedly. No specific affected versions or patches are currently identified. Join the discussion | CVE Database V5 | 07/17/2026, 04:14:03 UTC Added: 07/17/2026, 04:48:08 UTC |
CVE-2026-41993: Vulnerability in TXOne Networks SafePortAgentCVE-2026-41993 0 CVE-2026-41993 is an improper access control vulnerability in the Removable Media Validation function of TXOne Networks SafePortAgent and StellarProtect products. A local attacker with administrator privileges can bypass the file lockdown mechanism by deploying unauthorized files on removable media, enabling unauthorized file transfer to the victim device. This affects SafePortAgent versions before 3.2.5024 and StellarProtect versions from 3.2.4011 up to but not including 5.0.1083. The vulnerability has a medium severity with a CVSS score of 4.4. Join the discussion | CVE Database V5 | 07/17/2026, 03:50:13 UTC Added: 07/17/2026, 04:48:08 UTC |
CVE-2026-21770: CWE-427 Uncontrolled Search Path Element in HCLSoftware HCL Traveler for Microsoft Outlook (HTMO)CVE-2026-21770 0 HCL Traveler for Microsoft Outlook (HTMO) contains a DLL hijacking vulnerability (CWE-427) that could allow an attacker with high privileges to modify or replace application components with malicious content. This vulnerability requires local access with high privileges and user interaction to exploit. The vulnerability has a medium severity with a CVSS score of 6.5. No specific affected versions or patches have been disclosed yet. Join the discussion | CVE Database V5 | 07/17/2026, 04:42:54 UTC Added: 07/17/2026, 04:48:08 UTC |
CVE-2026-15759: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in themeatelier ChatHelp – Click to Chat Button, WooCommerce Chat to Order & Floating Chat FormCVE-2026-15759 0 The ChatHelp – Click to Chat Button, WooCommerce Chat to Order & Floating Chat Form WordPress plugin contains a stored cross-site scripting (XSS) vulnerability in all versions up to and including 3.5.1. This vulnerability arises from insufficient input sanitization and output escaping of the 'number' and 'group' shortcode attributes. Authenticated users with contributor-level access or higher can inject malicious scripts that execute when other users view the affected pages. The vulnerability has a CVSS 3.1 base score of 6.4, indicating a medium severity level. Join the discussion | CVE Database V5 | 07/17/2026, 03:43:42 UTC Added: 07/17/2026, 04:48:08 UTC |
CVE-2026-15457: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in themeum Kirki – Freeform Page Builder, Website Builder & CustomizerCVE-2026-15457 0 The Kirki – Freeform Page Builder, Website Builder & Customizer WordPress plugin is affected by a directory traversal vulnerability in all versions up to and including 6.0.13. This vulnerability allows authenticated users with editor-level or higher privileges to delete arbitrary directories on the server via the 'family' parameter. The issue can lead to data loss and impact availability. The vulnerability has a CVSS score of 4.9, indicating medium severity. No official patch or remediation guidance is currently provided by the vendor. Join the discussion | CVE Database V5 | 07/17/2026, 03:43:40 UTC Added: 07/17/2026, 04:48:08 UTC |
CVE-2026-15349: CWE-862 Missing Authorization in wedevs ERP: Complete HR, Accounting & CRM Suite Built for WooCommerceCVE-2026-15349 0 The ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce WordPress plugin contains an authorization bypass vulnerability in all versions up to and including 1.17.6. This flaw allows authenticated users with subscriber-level access or higher to create arbitrary company locations in the ERP database without proper authorization checks. The vulnerability is identified as CWE-862 (Missing Authorization). Join the discussion | CVE Database V5 | 07/17/2026, 03:43:41 UTC Added: 07/17/2026, 04:48:08 UTC |
CVE-2026-15161: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in SaturdayDrive Ninja Forms - Excel ExportCVE-2026-15161 0 The Ninja Forms - Excel Export plugin for WordPress contains a stored cross-site scripting (XSS) vulnerability in versions up to and including 3.3.6. This vulnerability arises because the plugin's AJAX handler save_filter() stores unsanitized user input without proper capability checks or nonce verification. The stored data is then output directly into HTML attributes without escaping, allowing authenticated users with subscriber-level access or higher to inject malicious scripts that execute when other users view the affected pages. Join the discussion | CVE Database V5 | 07/17/2026, 03:43:42 UTC Added: 07/17/2026, 04:48:08 UTC |
CVE-2026-14503: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in ploudapp pCloud WP BackupCVE-2026-14503 0 The pCloud WP Backup plugin for WordPress up to version 2.0.3 contains a vulnerability that allows authenticated users with subscriber-level access or higher to trigger the creation of a full-site backup archive. This archive, which includes sensitive files such as wp-config.php with database credentials, WordPress secret salts, and the entire PHP source code, is saved in an unprotected temporary directory accessible via a predictable URL. Consequently, unauthenticated visitors can access this backup once it is generated, leading to exposure of sensitive information. Join the discussion | CVE Database V5 | 07/17/2026, 03:43:41 UTC Added: 07/17/2026, 04:48:08 UTC |
CVE-2026-13765: CWE-862 Missing Authorization in thimpress LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCVE-2026-13765 0 LearnPress – WordPress LMS Plugin for Create and Sell Online Courses versions up to 4.4.1 contain a missing authorization vulnerability in the check_answer functionality. This flaw allows unauthenticated attackers to access sensitive quiz information, including correct answers, full option lists, explanations, and question content, even for paid courses the attacker is not enrolled in. The vulnerability is classified as CWE-862 (Missing Authorization) and has a high severity with a CVSS score of 7.5. Join the discussion | CVE Database V5 | 07/17/2026, 03:43:42 UTC Added: 07/17/2026, 04:48:08 UTC |
Showing 1 to 10 of 12204 results