Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threat Intelligence
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-12523: Vulnerability in Cloudflare quicheCVE-2026-12523 0 Cloudflare quiche's HTTP/3 implementation has a vulnerability that allows resource exhaustion via specially crafted HTTP/3 frames. The issue arises from pre-allocating memory based on declared frame lengths without requiring the attacker to send the full declared data. Additionally, incorrect enforcement of QPACK decompression limits can cause excessive memory usage. This vulnerability is addressed in quiche version 0.29.3. The CVSS score is 7.5, indicating high severity. Join the discussion | CVE Database V5 | 07/14/2026, 15:51:28 UTC Added: 07/14/2026, 16:18:54 UTC |
CVE-2026-12707: CWE-770 Allocation of resources without limits or throttling in Cloudflare quicheCVE-2026-12707 0 Summary Cloudflare quiche was discovered to be vulnerable to memory resource exhaustion due to unbounded queuing of post-handshake client migration events. Impact quiche supports the connection migration features described in Section 9 of RFC 9000, which allows a single QUIC connection to survive changes in the network path. Although quiche implements the protections described in Section 9.3 of RFC 9000 to limit server state commitment, it was discovered that the collection of PathEvents, intended to be consumed by applications via the path_event_next() function, was not bounded. Once the QUIC handshake completed, a peer could exploit rapid source address migration in order to cause unbounded queuing of the PathEvent::ReusedSourceConnectionId type. Servers are vulnerable even if active connection migration is disabled. Mitigation: * Applications can call path_event_next() to drain the PathEvent collection, mitigating the attack. * Users are requested to upgrade to quiche 0.29.3 which is the earliest version that prevents excessive queueing of PathEvent::ReusedSourceConnectionId. Join the discussion | CVE Database V5 | 07/14/2026, 15:18:24 UTC Added: 07/14/2026, 15:48:09 UTC |
CVE-2026-11941: CWE-416 Use after free in Cloudflare QuicheCVE-2026-11941 0 Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quiche_connection_id_iter_next” and “quiche_conn_retired_scid_next” functions would return a pointer to a “ConnectionId” to the applications via function arguments, but the owned “ConnectionId” would be dropped at the end of those functions' scope. Only applications using those FFI functions are affected. The FFI API is disabled by default by a build-time feature flag. Impact If unpatched, an application calling the affected FFI functions will dereference freed memory. The most likely outcome is undefined behavior leading to a process crash (denial of service). Depending on allocator state, the read may also return adjacent heap contents, resulting in limited information disclosure or incorrect connection identifier handling. Mitigation Users are requested to upgrade to quiche 0.29.2 which is the earliest version containing the fix for this issue. Join the discussion | CVE Database V5 | 06/19/2026, 09:55:54 UTC Added: 06/19/2026, 11:20:21 UTC |
Showing 1 to 3 of 3 results