Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threat Intelligence Database

Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.

Threat Intelligence

Click on any threat for detailed analysis and mitigation recommendations

CVE-2026-62328: Missing Authorization in decolua 9RouterCVE-2026-62328
0

9Router versions up to 0.4.41 have an unauthenticated information disclosure vulnerability. Remote attackers can access sensitive user data by querying unprotected API endpoints. This includes enumerating paginated request logs and retrieving full AI conversation histories with system prompts, user messages, assistant responses, tool calls, and user email addresses. The vulnerability arises from missing authentication middleware on the request-logs and request-details API routes.

Join the discussion
CVE-2026-62327: Missing Authentication for Critical Function in decolua 9RouterCVE-2026-62327
0

9Router versions up to 0.4.41 have a critical vulnerability where an unauthenticated request to the /api/usage/stats endpoint exposes plaintext API keys for all connected AI provider accounts. This flaw allows attackers to access sensitive billing and usage data, enabling unauthorized use, billing fraud, and quota exhaustion.

Join the discussion
CVE-2026-59801: Missing Authentication for Critical Function in decolua 9RouterCVE-2026-59801
0

9Router versions up to 0.4.41 have a critical vulnerability due to missing authentication on provider management API endpoints. This allows remote attackers to access these endpoints without credentials, enabling them to enumerate, create, modify, or delete provider connections. Exploitation can expose sensitive credentials, OAuth tokens, and API keys, redirect AI traffic to attacker-controlled servers, or cause denial of service by deleting all provider connections.

Join the discussion
CVE-2026-56675: CWE-287: Improper Authentication in decolua 9routerCVE-2026-56675
0

9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/* access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 causes src/dashboardGuard.js to misclassify external requests as local. A remote unauthenticated attacker can access /v1 APIs such as /v1/models and may abuse configured upstream provider credentials through /v1 proxy endpoints depending on enabled providers. This issue is fixed in version 0.5.2.

Join the discussion
CVE-2026-55641: CWE-290: Authentication Bypass by Spoofing in decolua 9routerCVE-2026-55641
0

9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key authentication. In the default configuration, this exposes the /v1 proxy to upstream provider calls using stored provider credentials and allows /v1/search with the searxng provider_options.baseUrl parameter to drive server-side requests to internal or cloud-metadata hosts. This issue is fixed in version 0.5.2.

Join the discussion
CVE-2026-55638: CWE-862: Missing Authorization in decolua 9routerCVE-2026-55638
0

9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/* to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/* to bypass the API-key gate and cause the server to make upstream provider calls using operator-stored LLM provider credentials. This issue is fixed in version 0.5.2.

Join the discussion
CVE-2026-56676: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition in decolua 9routerCVE-2026-56676
0

9Router is an AI router & token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host before fetching, but open-sse/translator/concerns/image.js performs the later server-side image fetch with a separate DNS resolution. An authenticated attacker with access to the LLM proxy can use a vision-capable model and an attacker-controlled DNS name that first resolves to a public IP and then rebinds to an internal address, allowing server-side requests to internal-only HTTP services. This issue is fixed in version 0.5.2.

Join the discussion
CVE-2026-59800: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in decolua 9routerCVE-2026-59800
0

9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint (this route is not covered by the dashboard middleware matcher, so no authorization check is applied). The sudoPassword field from the request body is written to the stdin of a 'sudo -S sh' child process. When sudo does not prompt for a password (the process runs as root, NOPASSWD is configured, or a recent sudo timestamp cache exists), the sudoPassword value is interpreted by sh as a shell command, allowing a remote unauthenticated attacker to execute arbitrary OS commands. Exploitation evidence was first observed by the Shadowserver Foundation on 2026-07-04 (UTC).

Join the discussion

Showing 1 to 8 of 8 results

Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses