Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threat Intelligence
Click on any threat for detailed analysis and mitigation recommendations
GHSA-fqhc-8hwj-969hCVE-2026-34960 0 barebox versions prior to 2026.04.0 have an out-of-bounds read vulnerability in the DHCP option parsing code. The vulnerability occurs in the dhcp_message_type() function, which does not properly verify that the options pointer stays within the bounds of the received DHCP packet. An attacker on the same broadcast domain can exploit this by sending a crafted DHCP Offer or ACK packet missing the required 0xff end marker, causing the parser to read beyond valid data and potentially crash the system. Join the discussion | GCVE Database | 05/12/2026, 00:31:14 UTC Added: 07/18/2026, 11:16:28 UTC |
GHSA-qj4w-p892-c352CVE-2026-34963 0 barebox versions prior to 2026.04.0 contain multiple memory-safety vulnerabilities in the EFI PE loader component. These include an integer overflow during virtual image size calculation and improper validation of PE section data boundaries. Exploitation can occur by supplying a malicious EFI PE binary via TFTP, USB, SD card, or network boot, potentially leading to heap buffer overflow or out-of-bounds reads. This may allow code execution within the bootloader context. Join the discussion | GCVE Database | 05/12/2026, 00:31:15 UTC Added: 07/18/2026, 11:16:28 UTC |
GHSA-vv9w-vff6-5rx9CVE-2026-34961 0 barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the eh_entries field against buffer capacity in fs/ext4/ext4_common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigger heap out-of-bounds reads during boot-time filesystem parsing, potentially redirecting reads to arbitrary disk offsets. Join the discussion | GCVE Database | 05/12/2026, 00:31:15 UTC Added: 07/18/2026, 11:16:28 UTC |
GHSA-gh28-ww79-7h4vCVE-2026-34962 0 barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4 filesystem image with a crafted directory entry containing a direntlen value of 0 to cause an infinite loop during directory listing or path resolution, resulting in the boot process hanging indefinitely. Join the discussion | GCVE Database | 05/12/2026, 00:31:15 UTC Added: 07/18/2026, 11:16:28 UTC |
Showing 1 to 4 of 4 results