Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threat Intelligence
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-58173: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in HKUDS Vibe-TradingCVE-2026-58173 0 Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memory_type value containing path traversal sequences through the remember tool. Attackers can manipulate the memory_type parameter in the persistent memory store to cause the application to write arbitrary Markdown files to unintended locations on the filesystem. Join the discussion | CVE Database V5 | 06/30/2026, 15:55:29 UTC Added: 06/30/2026, 16:52:01 UTC |
CVE-2026-58171: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in HKUDS Vibe-TradingCVE-2026-58171 0 Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run identifier onto the runs base directory without validation in run_dir (agent/src/swarm/store.py). A crafted run identifier supplied through the MCP swarm tools causes the application to read arbitrary run.json files outside the runs directory and to overwrite existing run.json files at traversed locations. Join the discussion | CVE Database V5 | 06/30/2026, 15:54:34 UTC Added: 06/30/2026, 16:52:01 UTC |
CVE-2026-58170: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in HKUDS Vibe-TradingCVE-2026-58170 0 Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory without sanitization (agent/src/live/mandate/commit.py). A proposal identifier containing path traversal sequences causes the application to load an attacker-controlled JSON file as an authoritative live trading mandate. Combined with the file upload endpoint, an admitted caller can write a JSON file to a known location and traverse to it, and because the ceilings validation is skipped when ceilings are absent, the attacker fully controls the committed mandate. Join the discussion | CVE Database V5 | 06/30/2026, 15:53:21 UTC Added: 06/30/2026, 16:52:01 UTC |
CVE-2026-58169: Origin Validation Error in HKUDS Vibe-TradingCVE-2026-58169 0 Vibe-Trading before 0.1.10 contains a DNS rebinding authentication bypass vulnerability that allows remote attackers to bypass bearer-token authentication by exploiting the server's trust of TCP peer addresses for loopback clients combined with missing Host header validation while binding to 0.0.0.0 with credentialed CORS. Attackers can craft a malicious DNS rebinding page to issue authenticated requests to the local API server, reach the shell execution endpoint with a bash-enabled preset, and achieve remote code execution as the API process user while also overwriting LLM and data-source settings to exfiltrate credentials. Join the discussion | CVE Database V5 | 06/30/2026, 15:52:52 UTC Added: 06/30/2026, 16:51:59 UTC |
Showing 1 to 4 of 4 results