Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threat Intelligence
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-61505: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in rejetto hfsCVE-2026-61505 0 Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter, permitting a remote unauthenticated attacker to read certain JSON files outside the shared folders. Exploitation is constrained to files matching a narrow naming and format pattern, limiting practical impact. Join the discussion | CVE Database V5 | 07/13/2026, 17:23:58 UTC Added: 07/13/2026, 18:03:57 UTC |
CVE-2026-61504: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in rejetto hfsCVE-2026-61504 0 Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name contains script that executes in the browser of anyone viewing the listing. Join the discussion | CVE Database V5 | 07/13/2026, 17:23:40 UTC Added: 07/13/2026, 18:03:57 UTC |
CVE-2026-61503: Observable Response Discrepancy in rejetto hfsCVE-2026-61503 0 Rejetto HFS versions 3.0.0 through 3.2.0 have a vulnerability where the login endpoint returns different responses depending on whether a submitted username exists. This allows a remote unauthenticated attacker to confirm valid account names, including the default admin account, which can facilitate further attacks such as password guessing and session forgery. The vulnerability has a medium severity with a CVSS score of 6.9. No official patch or remediation guidance is currently provided by the vendor. Join the discussion | CVE Database V5 | 07/13/2026, 17:23:20 UTC Added: 07/13/2026, 18:03:57 UTC |
CVE-2026-61502: Cross-Site Request Forgery (CSRF) in rejetto hfsCVE-2026-61502 0 Rejetto HFS versions 3.0.0 through 3.2.0 are vulnerable to a Cross-Site Request Forgery (CSRF) attack due to accepting state-changing API requests via the GET method without enforcing anti-CSRF header checks on these requests. This allows a remote attacker to perform administrative actions, including account creation and configuration changes, potentially leading to code execution. The attack can be executed by tricking a logged-in administrator into visiting a crafted URL or, in default installations, without credentials if the attack originates from the server's own machine. Join the discussion | CVE Database V5 | 07/13/2026, 17:22:59 UTC Added: 07/13/2026, 18:03:57 UTC |
CVE-2026-61501: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in rejetto hfsCVE-2026-61501 0 Rejetto HFS versions 3.0.0 through 3.2.0 have a cross-site scripting (XSS) vulnerability in the administration panel. The software renders log entries as HTML without sanitization, allowing a remote unauthenticated attacker to inject malicious JavaScript via a crafted username in failed login attempts. When an administrator views the logs, the injected script executes, potentially enabling account creation or code execution with administrator privileges. The vulnerability has a medium severity rating and a CVSS score of 5.3. Join the discussion | CVE Database V5 | 07/13/2026, 17:22:39 UTC Added: 07/13/2026, 18:03:57 UTC |
CVE-2026-61500: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in rejetto hfsCVE-2026-61500 0 Rejetto HFS versions 3.0.0 through 3.2.0 use a cryptographically weak pseudo-random number generator (Math.random()) to derive session-cookie signing keys and disclose outputs of this generator to unauthenticated clients during login. This weakness allows a remote attacker to reconstruct the generator's state, recover the signing key, and forge valid administrator session cookies. Successful exploitation leads to full administrative access and remote code execution via the server_code configuration feature. Join the discussion | CVE Database V5 | 07/13/2026, 17:21:55 UTC Added: 07/13/2026, 18:03:57 UTC |
Showing 1 to 6 of 6 results