Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threat Intelligence Database

Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.

Threat Intelligence

Click on any threat for detailed analysis and mitigation recommendations

CVE-2026-31309: n/aCVE-2026-31309
0

CVE-2026-31309 is a vulnerability in Mysterium Node versions prior to 1.36.0 where improper authorization in the /tequilapi/config/user endpoint allows unauthenticated attackers to overwrite the node's configuration. This can lead to a full takeover of the node by sending a crafted POST request. No official patch or remediation level is currently confirmed. The vulnerability affects all versions before 1.36.0.

Join the discussion
CVE-2026-48930: CWE-284 Improper Access Control - Generic in nodejs nodeCVE-2026-48930
0

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

Join the discussion
CVE-2026-48928: CWE-284 Improper Access Control - Generic in nodejs nodeCVE-2026-48928
0

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

Join the discussion
CVE-2026-48619: CWE-400 Uncontrolled Resource Consumption in nodejs nodeCVE-2026-48619
0

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

Join the discussion
CVE-2026-48615: CWE-359 Privacy Violation in nodejs nodeCVE-2026-48615
0

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

Join the discussion
CVE-2026-48931: CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition in nodejs nodeCVE-2026-48931
0

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

Join the discussion
CVE-2026-48937: CWE-400 Uncontrolled Resource Consumption in nodejs nodeCVE-2026-48937
0

A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a `GOAWAY` frame. This vulnerability affects two supported release lines: **Node.js 22** and **Node.js 24**.

Join the discussion
CVE-2026-48617: CWE-284 Improper Access Control - Generic in nodejs nodeCVE-2026-48617
0

A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

Join the discussion

Showing 1 to 8 of 8 results

Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses