Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threat Intelligence Database

Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.

Threat Intelligence

Click on any threat for detailed analysis and mitigation recommendations

CVE-2026-55808: CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Drupal Drupal coreCVE-2026-55808
0

CVE-2026-55808 is a Cross-Site Scripting (XSS) vulnerability in Drupal core caused by improper neutralization of input during web page generation. It affects multiple versions of Drupal core including all versions up to 10.5.12, 10.6.0 through 10.6.11, 11.2.0 through 11.2.14, 11.3.0 through 11.3.12, and all versions up to 11.1.x. No official patch or remediation guidance is currently provided. There are no known exploits in the wild at this time. The vulnerability allows attackers to inject malicious scripts into web pages generated by Drupal, potentially impacting users who visit affected sites.

Join the discussion
CVE-2026-55807: CWE-918 Server-Side Request Forgery (SSRF) in Drupal Drupal coreCVE-2026-55807
0

A Server-Side Request Forgery (SSRF) vulnerability exists in Drupal core affecting multiple versions up to 11.3.12. This vulnerability allows an attacker to induce the server to make HTTP requests to arbitrary domains. The vulnerability is identified as CWE-918. No official patch or remediation guidance is currently provided, and no known exploits are reported in the wild.

Join the discussion
CVE-2026-55806: CWE-601 URL Redirection to Untrusted Site ('Open Redirect') in Drupal Drupal coreCVE-2026-55806
0

CVE-2026-55806 is an Open Redirect vulnerability in Drupal core that allows URL redirection to untrusted sites, potentially enabling content spoofing. It affects multiple versions of Drupal core up to 11.3.12, including all versions from 0.0.0 to 10.5.12, 10.6.0 to 10.6.11, 11.2.0 to 11.2.14, and 11.3.0 to 11.3.12. No official patch or remediation guidance is currently provided. There are no known exploits in the wild at this time.

Join the discussion
CVE-2026-55804: CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes in Drupal Drupal coreCVE-2026-55804
0

CVE-2026-55804 is a vulnerability in Drupal core involving improper control over modification of dynamically-determined object attributes, leading to potential object injection. It affects multiple Drupal core versions up to 11.3.12 and earlier. No official patch or remediation guidance is currently provided. There are no known exploits in the wild at this time.

Join the discussion
CVE-2026-49858: CWE-524: Use of Cache Containing Sensitive Information in api-platform coreCVE-2026-49858
0

API Platform Core versions from 2.6.0 up to but not including 4.1.29, 4.2.26, and 4.3.12 contain a vulnerability where cached data structures used in JSON:API and HAL item normalizers can leak sensitive attribute information across users. This occurs because the cache key is not properly gated by a safety check, allowing a user with lower privileges to see properties intended to be hidden. The issue has been fixed in versions 4.1.29, 4.2.26, and 4.3.12.

Join the discussion

Showing 1 to 5 of 5 results

Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses