Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threat Intelligence
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-31309: n/aCVE-2026-31309 0 CVE-2026-31309 is a vulnerability in Mysterium Node versions prior to 1.36.0 where improper authorization in the /tequilapi/config/user endpoint allows unauthenticated attackers to overwrite the node's configuration. This can lead to a full takeover of the node by sending a crafted POST request. No official patch or remediation level is currently confirmed. The vulnerability affects all versions before 1.36.0. Join the discussion | CVE Database V5 | 07/08/2026, 00:00:00 UTC Added: 07/08/2026, 22:13:57 UTC |
CVE-2026-48930: CWE-284 Improper Access Control - Generic in nodejs nodeCVE-2026-48930 0 A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**. Join the discussion | CVE Database V5 | 06/26/2026, 01:14:37 UTC Added: 06/26/2026, 01:31:11 UTC |
CVE-2026-48928: CWE-284 Improper Access Control - Generic in nodejs nodeCVE-2026-48928 0 A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**. Join the discussion | CVE Database V5 | 06/26/2026, 01:14:36 UTC Added: 06/26/2026, 01:31:11 UTC |
CVE-2026-48619: CWE-400 Uncontrolled Resource Consumption in nodejs nodeCVE-2026-48619 0 A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**. Join the discussion | CVE Database V5 | 06/26/2026, 01:14:36 UTC Added: 06/26/2026, 01:31:11 UTC |
CVE-2026-48615: CWE-359 Privacy Violation in nodejs nodeCVE-2026-48615 0 A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**. Join the discussion | CVE Database V5 | 06/26/2026, 01:14:36 UTC Added: 06/26/2026, 01:31:11 UTC |
CVE-2026-48931: CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition in nodejs nodeCVE-2026-48931 0 A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**. Join the discussion | CVE Database V5 | 06/22/2026, 18:59:30 UTC Added: 06/22/2026, 19:55:50 UTC |
CVE-2026-48937: CWE-400 Uncontrolled Resource Consumption in nodejs nodeCVE-2026-48937 0 A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a `GOAWAY` frame. This vulnerability affects two supported release lines: **Node.js 22** and **Node.js 24**. Join the discussion | CVE Database V5 | 06/18/2026, 18:01:39 UTC Added: 06/18/2026, 18:52:19 UTC |
CVE-2026-48617: CWE-284 Improper Access Control - Generic in nodejs nodeCVE-2026-48617 0 A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**. Join the discussion | CVE Database V5 | 06/18/2026, 16:21:12 UTC Added: 06/18/2026, 16:36:21 UTC |
Showing 1 to 8 of 8 results