Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threat Intelligence
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-53430: CWE-409 Improper Handling of Highly Compressed Data (Data Amplification) in elixir-grpc grpcCVE-2026-53430 0 A vulnerability in elixir-grpc grpc versions 0.4.0 up to but not including 1.0.0 allows unauthenticated remote attackers to cause a denial of service via a gzip decompression bomb. The issue arises because the GRPC.Compressor.Gzip module decompresses gzip-encoded data without limiting decompressed size or checking compression ratio, leading to excessive memory allocation and potential out-of-memory termination of the BEAM node. Join the discussion | CVE Database V5 | 06/15/2026, 21:55:33 UTC Added: 06/15/2026, 22:31:25 UTC |
CVE-2026-48854: CWE-770 Allocation of Resources Without Limits or Throttling in elixir-grpc grpcCVE-2026-48854 0 CVE-2026-48854 is a high-severity vulnerability in elixir-grpc grpc versions 0.3.1 up to but not including 1.0.0. It allows unauthenticated attackers to exhaust server memory and crash the BEAM node by sending a large or slow-trickle unary request body. The vulnerability arises because the server accumulates incoming request chunks into a single binary without any size limit and lacks a timeout when the grpc-timeout header is omitted, enabling indefinite memory growth. Join the discussion | CVE Database V5 | 06/15/2026, 21:55:23 UTC Added: 06/15/2026, 22:31:25 UTC |
CVE-2026-48853: CWE-502 Deserialization of Untrusted Data in elixir-grpc grpcCVE-2026-48853 0 A critical vulnerability in elixir-grpc grpc versions 0.4.0 up to but not including 1.0.0 allows unauthenticated attackers to cause denial of service by exhausting the BEAM VM atom table or achieve remote code execution. This occurs because the decode function uses :erlang.binary_to_term/1 without safe options or limits on input size or type, enabling crafted payloads to create arbitrary atoms or execute malicious code. Join the discussion | CVE Database V5 | 06/15/2026, 21:56:15 UTC Added: 06/15/2026, 22:31:25 UTC |
CVE-2026-48599: CWE-639 Authorization Bypass Through User-Controlled Key in elixir-grpc grpcCVE-2026-48599 0 CVE-2026-48599 is an authorization bypass vulnerability in elixir-grpc grpc versions 0.8.0 up to but not including 1.0.0. It allows authenticated attackers to override path-bound fields by supplying conflicting values via query strings or request bodies, causing authorization checks based on these fields to be bypassed. This occurs due to the use of Map.merge/2 with path bindings as the first argument in the request mapping function, which gives attacker-controlled values precedence over router-extracted values. Join the discussion | CVE Database V5 | 06/15/2026, 21:55:28 UTC Added: 06/15/2026, 22:31:25 UTC |
Showing 1 to 4 of 4 results