Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threat Intelligence Database

Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.

Threat Intelligence

Click on any threat for detailed analysis and mitigation recommendations

You Don't Have to Run an Exploit to Know If You're Vulnerable
0

This report discusses a method to assess vulnerability exploitability without running actual exploits. It highlights that many vulnerabilities cannot be safely tested with live exploits due to the absence of exploits or the critical nature of affected systems. The approach involves validating the attack techniques that an exploit would use, enabling organizations to determine if they are vulnerable without executing the exploit itself.

CriticalExploit
Join the discussion
7 Severe Vulnerabilities Patched in VMware Avi Load Balancer
0

Seven severe vulnerabilities were discovered and patched in VMware Avi Load Balancer, a software-defined platform for load balancing and application security. These vulnerabilities include critical authentication bypass, remote code execution, privilege escalation, and directory traversal issues. Exploitation requires network or local access. No in-the-wild exploitation has been reported. The vendor has released updates to address these flaws, and organizations are advised to apply them promptly.

Join the discussion
CVE-2026-53566: CWE-125 Out-of-bounds read in Citrix Citrix Secure Access Client for WindowsCVE-2026-53566
0

CVE-2026-53566 is an out-of-bounds read vulnerability in Citrix Secure Access Client for Windows affecting versions before 26.6.1.20. The vulnerability has a medium severity with a CVSS score of 6.8. It allows a local attacker with low privileges to read memory outside the intended bounds, potentially exposing sensitive information. No public exploits are known, and no official patch or remediation guidance has been provided yet.

Join the discussion
CVE-2026-15693: Stack-based Buffer Overflow in Tenda BE12 ProCVE-2026-15693
0

A stack-based buffer overflow vulnerability exists in the Tenda BE12 Pro firmware version 16.03.66.23. The flaw is in the fromSafeMacFilter function within the /goform/SafeMacFilter file, where improper handling of the 'page' argument allows remote attackers to trigger the overflow. This vulnerability has a high severity score and has been publicly disclosed, though no official patch or remediation guidance is currently available.

Join the discussion
CVE-2026-8314: CWE-787 Out-of-bounds write in Rockwell Automation Arena® SimulationCVE-2026-8314
0

A security issue exists within Arena® Simulation due to a memory corruption vulnerability in the siman.exe (Siman) component. The vulnerability stems from improper validation of user-supplied data, which can result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process by convincing a user to open a malicious file.

Join the discussion
CVE-2026-8313: CWE-787 Out-of-bounds write in Rockwell Automation Arena® SimulationCVE-2026-8313
0

A security issue exists within Arena® Simulation due to a memory corruption vulnerability in the linker.exe (Siman) component. The vulnerability stems from improper validation of user-supplied data, which can result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process by convincing a user to open a malicious file.

Join the discussion
CVE-2026-8312: CWE-787 Out-of-bounds write in Rockwell Auotmation Arena® SimulationCVE-2026-8312
0

A security issue exists within Arena® Simulation due to a memory corruption vulnerability in the expmt.exe (Siman) component. The vulnerability stems from improper validation of user-supplied data, which can result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process by convincing a user to open a malicious file.

Join the discussion
CVE-2026-8085: CWE-787 Out-of-bounds write in Rockwell Automation Arena® SimulationCVE-2026-8085
0

CVE-2026-8085 is a high-severity memory corruption vulnerability in Rockwell Automation's Arena® Simulation software, specifically in the model.exe (Siman) component. The issue arises from improper validation of user-supplied data, leading to an out-of-bounds write. Exploitation requires user interaction by opening a malicious file, which could allow arbitrary code execution within the context of the current process. No affected versions or patches are currently specified.

Join the discussion
CVE-2026-53565: CWE-269 Improper Privilege Management in Citrix Secure Access Client for WindowsCVE-2026-53565
0

Improper Privilege Management vulnerability in Citrix Secure Access Client for Windows, Citrix Citrix Endpoint Analysis Client for Windows. This issue affects Secure Access Client for Windows: before 26.6.1.20; Citrix Endpoint Analysis Client for Windows: before 26. 5.1.7.

Join the discussion
CVE-2026-15305: CWE-351 Insufficient Type Distinction in TYPO3 TYPO3 CMSCVE-2026-15305
0

Users were able to upload files with arbitrary MIME types to forms using FileUpload or ImageUpload elements with allowedMimeTypes configured. The restriction was not enforced server-side because the MimeTypeValidator was registered during form building before concrete form definition properties were applied, resulting in the validator never being added to the processing pipeline. This issue affects TYPO3 CMS versions 14.2.0-14.3.5.

Join the discussion

Showing 1 to 10 of 11153 results

Page 1 of 1116
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses