Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threat Intelligence
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-47684: CWE-918: Server-Side Request Forgery (SSRF) in Sync-in serverCVE-2026-47684 0 Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.3.0, the private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses (e.g. ::ffff:127.0.0.1), allowing SSRF protection to be bypassed on dual-stack systems. Version 2.3.0 fixes the issue. Join the discussion | CVE Database V5 | 06/16/2026, 14:31:30 UTC Added: 06/16/2026, 15:00:27 UTC |
CVE-2026-48165: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in MariaDB serverCVE-2026-48165 0 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrep_sst_receive_address or wsrep_sst_donor global system variables to execute shell commands as the uid of the mariadbd process on the galera joiner node. This issue has been patched in versions 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2. Join the discussion | CVE Database V5 | 06/12/2026, 17:35:16 UTC Added: 06/12/2026, 17:55:21 UTC |
CVE-2026-48163: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in MariaDB serverCVE-2026-48163 0 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. Not all parameters were properly validated which could allow a malicious joiner to execute arbitrary shell commands on the donor side via the rsync SST method. This issue has been patched in versions 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2. Join the discussion | CVE Database V5 | 06/12/2026, 17:34:57 UTC Added: 06/12/2026, 17:55:21 UTC |
CVE-2026-44173: CWE-863: Incorrect Authorization in MariaDB serverCVE-2026-44173 0 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privilege if the FROM clause contained only subqueries. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2. Join the discussion | CVE Database V5 | 06/12/2026, 17:34:30 UTC Added: 06/12/2026, 17:55:21 UTC |
CVE-2026-44172: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in MariaDB serverCVE-2026-44172 0 MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysql_real_escape_string() and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections, even though mysql_real_escape_string() was supposed to prevent them. This issue has been patched in versions 3.3.19 and 3.4.9. Join the discussion | CVE Database V5 | 06/12/2026, 17:34:04 UTC Added: 06/12/2026, 17:55:21 UTC |
CVE-2026-44171: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in MariaDB serverCVE-2026-44171 0 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contain such paths, but a specially crafted archive could have caused mbstream to create files outside of the target-dir path. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2. Join the discussion | CVE Database V5 | 06/12/2026, 17:33:27 UTC Added: 06/12/2026, 17:55:21 UTC |
CVE-2026-44170: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in MariaDB serverCVE-2026-44170 0 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP attribute into the curl command line without proper sanitizing. This allows the user to execute shell commands on the server. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2. Join the discussion | CVE Database V5 | 06/12/2026, 17:30:15 UTC Added: 06/12/2026, 17:55:21 UTC |
CVE-2026-44169: CWE-863: Incorrect Authorization in MariaDB serverCVE-2026-44169 0 MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been patched in versions 11.4.11, 11.8.7, and 12.3.2. Join the discussion | CVE Database V5 | 06/12/2026, 17:31:53 UTC Added: 06/12/2026, 17:55:21 UTC |
CVE-2026-44168: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in MariaDB serverCVE-2026-44168 0 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. Not all parameters were properly validated which could allow a malicious joiner to execute arbitrary shell commands on the donor side via the mariabackup SST method. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2. Join the discussion | CVE Database V5 | 06/12/2026, 17:31:26 UTC Added: 06/12/2026, 17:55:21 UTC |
CVE-2026-10787: CWE-862 Missing authorization in Devolutions ServerCVE-2026-10787 0 CVE-2026-10787 is a medium severity vulnerability in Devolutions Server where missing authorization in the deleted user groups API allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a crafted API request. This affects Devolutions Server version 2026.2.4.0 and earlier versions including 2026.1.20.0. There is no confirmed patch or official remediation available at this time. Join the discussion | CVE Database V5 | 06/08/2026, 18:26:25 UTC Added: 06/08/2026, 19:03:40 UTC |
Showing 1 to 10 of 20 results