Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threat Intelligence
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-13490: Authorization Bypass in glpi-project glpiCVE-2026-13490 0 CVE-2026-13490 is an authorization bypass vulnerability in glpi-project glpi versions 11.0.5, 11.0.6, and 11.0.7. It affects the Document::canViewFile function in the Document Handler component, allowing remote attackers to bypass authorization by manipulating the docid argument. The vulnerability has a medium severity with a CVSS score of 6.3 and is considered to have high attack complexity, making exploitation difficult. No official patch or remediation has been confirmed yet. Join the discussion | CVE Database V5 | 06/28/2026, 11:00:05 UTC Added: 06/28/2026, 11:36:27 UTC |
CVE-2026-44281: CWE-862: Missing Authorization in glpi-project glpiCVE-2026-44281 0 GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset object. Upgrade to 11.0.7 or 10.0.25 to receive a patch. Join the discussion | CVE Database V5 | 06/03/2026, 14:06:12 UTC Added: 06/03/2026, 15:48:54 UTC |
CVE-2026-42321: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in glpi-project glpiCVE-2026-42321 0 GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch. Join the discussion | CVE Database V5 | 06/03/2026, 15:25:17 UTC Added: 06/03/2026, 15:48:54 UTC |
CVE-2026-42320: CWE-862: Missing Authorization in glpi-project glpiCVE-2026-42320 0 GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the GLPI_DOC_DIR. Upgrade to 10.0.25 or 11.0.7 to receive a patch. Join the discussion | CVE Database V5 | 06/03/2026, 15:23:46 UTC Added: 06/03/2026, 15:48:54 UTC |
CVE-2026-42318: CWE-862: Missing Authorization in glpi-project glpiCVE-2026-42318 0 GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users with access to planning can delete any object in GLPI. Upgrade to 11.0.7 or 10.0.25 to receive a patch. As a workaround, disable delete rights for User's planning. Join the discussion | CVE Database V5 | 06/03/2026, 15:17:16 UTC Added: 06/03/2026, 15:48:54 UTC |
CVE-2026-42317: CWE-862: Missing Authorization in glpi-project glpiCVE-2026-42317 0 GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the webserver has write rights on them. Upgrade to 10.0.25 or 11.0.7 to receive a patch. Join the discussion | CVE Database V5 | 06/03/2026, 15:16:02 UTC Added: 06/03/2026, 15:48:54 UTC |
CVE-2026-40108: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in glpi-project glpiCVE-2026-40108 0 GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7. Join the discussion | CVE Database V5 | 06/02/2026, 23:02:35 UTC Added: 06/02/2026, 23:18:36 UTC |
CVE-2026-5385: CWE-79 Improper neutralization of input during web page generation ('cross-site scripting') in glpi-project glpiCVE-2026-5385 0 An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7. Join the discussion | CVE Database V5 | 06/02/2026, 18:32:01 UTC Added: 06/02/2026, 19:52:52 UTC |
Showing 1 to 8 of 8 results