Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threat Intelligence
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-9002: CWE-400 Uncontrolled Resource Consumption in IBM WebSphere Extreme ScaleCVE-2026-9002 0 IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds checking, which may allow an attacker on the same network to trigger a StackOverflowError or OutOfMemoryError, resulting in a crash of the WebSphere Application Server JVM. Join the discussion | CVE Database V5 | 06/30/2026, 19:08:43 UTC Added: 06/30/2026, 19:36:32 UTC |
CVE-2026-13773: CWE-918 Server-Side Request Forgery (SSRF) in IBM WebSphere Extreme ScaleCVE-2026-13773 0 IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.string_to_object() on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink in WAS into outbound IIOP SSRF to an attacker-chosen host; when chained with the IBM ORB's getUserException class-instantiation flaw (WAS-26), this SSRF escalates to remote code execution on the calling JVM. Join the discussion | CVE Database V5 | 06/30/2026, 19:20:49 UTC Added: 06/30/2026, 19:36:32 UTC |
CVE-2026-13772: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') in IBM WebSphere Extreme ScaleCVE-2026-13772 0 IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName() and invokes their constructors with no allow-list at three distinct sinks (SELECT NEW, enum literals, and reflection-based comparators); an authenticated remote attacker who can influence an application-built OQL query string can execute arbitrary constructors on the WAS JVM, and a SELECT DISTINCT variant using planted grid values fires the same gadget post-readObject in a manner that survives JEP-290 serialization filters across grid node boundaries Join the discussion | CVE Database V5 | 06/30/2026, 19:21:43 UTC Added: 06/30/2026, 19:36:32 UTC |
CVE-2026-13759: CWE-502 Deserialization of Untrusted Data in IBM WebSphere Extreme ScaleCVE-2026-13759 0 IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses (WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver) that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including RemoteConstructor.readResolve and PriorityQueue/ExtractorComparator are confirmed working, allowing a post-login attacker who can write a session attribute or a LAN-adjacent attacker on the grid replication wire to execute arbitrary code on peer WAS JVMs Join the discussion | CVE Database V5 | 06/30/2026, 19:24:03 UTC Added: 06/30/2026, 19:36:32 UTC |
Showing 1 to 4 of 4 results