Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threat Intelligence Database

Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.

Threat Intelligence

Click on any threat for detailed analysis and mitigation recommendations

CVE-2026-15332: Missing Authorization in zhayujie CowAgentCVE-2026-15332
0

CVE-2026-15332 is a medium severity vulnerability in zhayujie CowAgent versions 2.0 and 2.1.0. It involves missing authorization in an unknown function within the file channel/channel.py of the Message Endpoint component. The flaw allows remote attackers to exploit the system without proper authorization. Although the issue was reported early, the vendor has not yet responded or provided a fix. An exploit has been publicly released, increasing the risk of attacks.

Join the discussion
CVE-2026-15331: Path Traversal in zhayujie CowAgentCVE-2026-15331
0

CVE-2026-15331 is a path traversal vulnerability in zhayujie CowAgent affecting versions 2.0 and 2.1.0. The issue exists in the _add_url/_add_package functions within the Skill Installation Handler component, where manipulation of the Name argument can lead to unauthorized file path access. The vulnerability can be exploited remotely. Upgrading to version 2.1.2 addresses this issue.

Join the discussion
CVE-2026-15330: Server-Side Request Forgery in zhayujie CowAgentCVE-2026-15330
0

CVE-2026-15330 is a server-side request forgery (SSRF) vulnerability in zhayujie CowAgent versions 2.1.0 and 2.1.1. It affects the _build_image_content/_download_to_data_url functions in the Vision Tool component, allowing remote attackers to manipulate the image argument to trigger SSRF. A patch is available in version 2.1.2 to address this issue.

Join the discussion
CVE-2026-15329: Information Disclosure in zhayujie CowAgentCVE-2026-15329
0

CVE-2026-15329 is an information disclosure vulnerability in zhayujie CowAgent affecting versions 2.0 and 2.1.0. The flaw exists in the BrowserTool._do_navigate function within the Browser Tool component. This vulnerability can be exploited remotely without user interaction and requires low privileges. The issue was reported to the project early, but no response or fix has been provided yet. The vulnerability has a medium severity rating with a CVSS score of 5.3. No official patch or mitigation guidance is currently available.

Join the discussion
CVE-2026-14714: Missing Authentication in zhayujie chatgpt-on-wechat CowAgentCVE-2026-14714
0

A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verify_server of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmp_token causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.1.1 is capable of addressing this issue. Patch name: 3d7c68bac6ee74fad63f43cf99e45c62e202ed55. It is suggested to upgrade the affected component. The project confirms: "We've added an explicit non-empty check for wechatmp_token in verify_server() so that the /wx endpoint now fails closed with 403 Forbidden whenever the token is missing or left at the default empty value, instead of relying on a signature check that silently degenerates to a predictable hash."

Join the discussion

Showing 1 to 5 of 5 results

Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses