Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threat Intelligence
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-15332: Missing Authorization in zhayujie CowAgentCVE-2026-15332 0 CVE-2026-15332 is a medium severity vulnerability in zhayujie CowAgent versions 2.0 and 2.1.0. It involves missing authorization in an unknown function within the file channel/channel.py of the Message Endpoint component. The flaw allows remote attackers to exploit the system without proper authorization. Although the issue was reported early, the vendor has not yet responded or provided a fix. An exploit has been publicly released, increasing the risk of attacks. Join the discussion | CVE Database V5 | 07/10/2026, 04:45:08 UTC Added: 07/10/2026, 05:18:13 UTC |
CVE-2026-15331: Path Traversal in zhayujie CowAgentCVE-2026-15331 0 CVE-2026-15331 is a path traversal vulnerability in zhayujie CowAgent affecting versions 2.0 and 2.1.0. The issue exists in the _add_url/_add_package functions within the Skill Installation Handler component, where manipulation of the Name argument can lead to unauthorized file path access. The vulnerability can be exploited remotely. Upgrading to version 2.1.2 addresses this issue. Join the discussion | CVE Database V5 | 07/10/2026, 04:15:10 UTC Added: 07/10/2026, 05:18:13 UTC |
CVE-2026-15330: Server-Side Request Forgery in zhayujie CowAgentCVE-2026-15330 0 CVE-2026-15330 is a server-side request forgery (SSRF) vulnerability in zhayujie CowAgent versions 2.1.0 and 2.1.1. It affects the _build_image_content/_download_to_data_url functions in the Vision Tool component, allowing remote attackers to manipulate the image argument to trigger SSRF. A patch is available in version 2.1.2 to address this issue. Join the discussion | CVE Database V5 | 07/10/2026, 04:00:10 UTC Added: 07/10/2026, 05:18:12 UTC |
CVE-2026-15329: Information Disclosure in zhayujie CowAgentCVE-2026-15329 0 CVE-2026-15329 is an information disclosure vulnerability in zhayujie CowAgent affecting versions 2.0 and 2.1.0. The flaw exists in the BrowserTool._do_navigate function within the Browser Tool component. This vulnerability can be exploited remotely without user interaction and requires low privileges. The issue was reported to the project early, but no response or fix has been provided yet. The vulnerability has a medium severity rating with a CVSS score of 5.3. No official patch or mitigation guidance is currently available. Join the discussion | CVE Database V5 | 07/10/2026, 03:30:08 UTC Added: 07/10/2026, 03:48:18 UTC |
CVE-2026-14714: Missing Authentication in zhayujie chatgpt-on-wechat CowAgentCVE-2026-14714 0 A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verify_server of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmp_token causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.1.1 is capable of addressing this issue. Patch name: 3d7c68bac6ee74fad63f43cf99e45c62e202ed55. It is suggested to upgrade the affected component. The project confirms: "We've added an explicit non-empty check for wechatmp_token in verify_server() so that the /wx endpoint now fails closed with 403 Forbidden whenever the token is missing or left at the default empty value, instead of relying on a signature check that silently degenerates to a predictable hash." Join the discussion | CVE Database V5 | 07/05/2026, 05:30:09 UTC Added: 07/05/2026, 05:52:05 UTC |
Showing 1 to 5 of 5 results