Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threat Intelligence
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-55792: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in craftcms cmsCVE-2026-55792 0 A vulnerability in Craft CMS versions from 4.0.0-RC1 up to but not including 4.18.0, and from 5.0.0-RC1 up to but not including 5.10.0, allows users with the utility:system-messages permission to embed a file-reading payload in system email templates via the dataUrl() Twig function. This can lead to exposure of sensitive files such as the .env file, which contains critical secrets including database passwords and the CRAFT_SECURITY_KEY. The CRAFT_SECURITY_KEY can be used to forge session tokens and escalate privileges to full admin takeover. The issue is fixed in versions 4.18.0 and 5.10.0. Join the discussion | CVE Database V5 | 07/01/2026, 23:20:28 UTC Added: 07/01/2026, 23:51:36 UTC |
GHSA-rc6m-346q-rgq6CVE-2026-57518 0 Pagekit CMS version 1.0.18 has a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to assign arbitrary custom roles to themselves. This occurs due to missing authorization checks in the UserApiController::saveAction() method. Exploiting this flaw, attackers can grant themselves a custom role with the 'system: manage packages' permission, enabling them to upload and install malicious PHP packages via the admin package installer, potentially leading to remote code execution. Join the discussion | GCVE Database | 06/26/2026, 18:33:59 UTC Added: 06/26/2026, 22:05:02 UTC |
CVE-2026-56382: Improper Control of Generation of Code ('Code Injection') in craftcms cmsCVE-2026-56382 0 Craft CMS versions 5.5.0 through 5.9.13 contain a remote code execution vulnerability in the FieldsController::actionRenderCardPreview() method. This flaw allows an authenticated admin user to inject Yii2 event handlers via the fieldLayoutConfig POST parameter, leading to arbitrary PHP code execution and potential disclosure of sensitive information such as environment variables and security keys. The vulnerability is fixed in version 5.9.14. Join the discussion | CVE Database V5 | 06/21/2026, 13:26:58 UTC Added: 06/21/2026, 13:55:23 UTC |
CVE-2026-11511: Basic Cross Site Scripting in Bolt CMSCVE-2026-11511 0 A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The GitHub repository was archived by the owner and is now read-only. This vulnerability only affects products that are no longer supported by the maintainer. Join the discussion | CVE Database V5 | 06/08/2026, 11:45:08 UTC Added: 06/08/2026, 13:03:36 UTC |
Showing 1 to 4 of 4 results