Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threat Intelligence Database

Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.

Threat Intelligence

Click on any threat for detailed analysis and mitigation recommendations

CVE-2026-60114: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Dan-in-CA SIPCVE-2026-60114
0

Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a path traversal vulnerability that allows attackers with access to the restore functionality to write files to arbitrary locations by uploading crafted JSON backup files with unvalidated keys used to construct file paths. Attackers can exploit the lack of key validation in the JSON restore process, combined with the absence of a required passphrase in the default configuration or the default passphrase 'opendoor', to write arbitrary JSON files outside the intended data directory.

Join the discussion
CVE-2026-58479: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Dan-in-CA SIPCVE-2026-58479
0

Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a command injection vulnerability in the optional cli_control plugin that allows unauthenticated or cross-site request forgery attackers to execute arbitrary operating-system commands by storing a malicious payload via the plugin's HTTP endpoint. Attackers can trigger execution by activating the associated irrigation station, exploiting the absence of passphrase protection or the default passphrase 'opendoor', to achieve arbitrary command execution on the underlying host.

Join the discussion
CVE-2026-58478: Server-Side Request Forgery (SSRF) in Dan-in-CA SIPCVE-2026-58478
0

Dan-in-CA Sustainable Irrigation Platform (SIP) up to version 5.2.16 contains a server-side request forgery (SSRF) vulnerability. This flaw allows unauthenticated attackers to make the device send arbitrary HTTP requests by supplying a malicious callback URL when the optional Node-RED plugin is installed. The vulnerability arises from lack of destination validation and the use of a default passphrase 'opendoor'.

Join the discussion
CVE-2026-58477: Improperly Controlled Modification of Dynamically-Determined Object Attributes in Dan-in-CA SIPCVE-2026-58477
0

Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a mass assignment vulnerability that allows unauthenticated attackers to overwrite sensitive configuration settings by supplying arbitrary parameter names in HTTP requests. Attackers can manipulate parameters corresponding to sensitive values such as the passphrase and listening port, and can also achieve the same result through cross-site request forgery due to the absence of adequate request validation.

Join the discussion
CVE-2026-58476: Cross-Site Request Forgery (CSRF) in Dan-in-CA SIPCVE-2026-58476
0

Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a cross-site request forgery vulnerability that allows remote attackers to perform state-changing administrative actions by luring a logged-in administrator into visiting a malicious page that issues HTTP GET requests without CSRF token validation or origin verification. Attackers can trigger actions such as disabling the passphrase, rebooting the device, deleting programs, or installing plugins, with the default configuration exposing these endpoints to unauthenticated users due to no required passphrase and a default credential of 'opendoor'.

Join the discussion
CVE-2026-58475: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Dan-in-CA SIPCVE-2026-58475
0

Dan-in-CA Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a stored cross-site scripting (XSS) vulnerability. This flaw allows unauthenticated attackers to inject arbitrary JavaScript by submitting malicious script payloads within program names via HTTP requests. The vulnerability arises from improper neutralization of input during web page generation, specifically due to lack of output encoding on rendered program names. Exploitation is facilitated by the absence of a required passphrase or the use of the default passphrase 'opendoor'. The CVSS 4.0 base score is 5.3, indicating medium severity.

Join the discussion

Showing 1 to 6 of 6 results

Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses