Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threat Intelligence
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-41857: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in CloudFoundry BOSH BOSH CLICVE-2026-41857 0 A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh (or bosh scp/bosh logs -f) with default flags. Affected versions: BOSH CLI versions prior to 7.10.5. Join the discussion | CVE Database V5 | 07/09/2026, 04:31:33 UTC Added: 07/09/2026, 08:09:54 UTC |
CVE-2026-47829: CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in CloudFoundry Foundation bosh-cliCVE-2026-47829 0 Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affected versions: bosh-cli versions prior to v7.10.4. Join the discussion | CVE Database V5 | 07/09/2026, 06:25:56 UTC Added: 07/09/2026, 06:59:04 UTC |
CVE-2026-47828: CWE-295 Improper Certificate Validation in BOSH-Ecosystem / BOSH (bosh-cli) bosh-cliCVE-2026-47828 0 During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network attacker can terminate the TLS connection, harvest the Basic-auth credentials, and read the rendered-templates archive containing every bootstrap secret for the new BOSH Director, then replay the credentials against the real VM's agent for root code execution. Affected versions: bosh-cli versions prior to v7.10.4. Join the discussion | CVE Database V5 | 07/09/2026, 06:07:10 UTC Added: 07/09/2026, 06:59:04 UTC |
CVE-2026-47826: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in CloudFoundry Foundation BOSH CLI toolCVE-2026-47826 0 The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4. Join the discussion | CVE Database V5 | 07/09/2026, 05:45:33 UTC Added: 07/09/2026, 06:59:04 UTC |
Showing 1 to 4 of 4 results