Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threat Intelligence
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-55957: CWE-304 Missing Critical Step in Authentication in Apache Software Foundation Apache TomcatCVE-2026-55957 0 Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1 through 10.1.36, from 9.0.0.M1 through 9.0.100, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Users are recommended to upgrade to version 11.0.5, 10.1.37 or 9.0.101, which fixes the issue. Join the discussion | CVE Database V5 | 06/29/2026, 20:47:12 UTC Added: 06/29/2026, 21:06:38 UTC |
CVE-2026-55956: CWE-285 Improper Authorization in Apache Software Foundation Apache TomcatCVE-2026-55956 0 Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Other versions that have reached end of support may also be affected. Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fix the issue. Join the discussion | CVE Database V5 | 06/29/2026, 20:46:02 UTC Added: 06/29/2026, 21:06:37 UTC |
CVE-2026-55955: CWE-287 Improper Authentication in Apache Software Foundation Apache TomcatCVE-2026-55955 0 Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are recommended to upgrade to version 11.0.23, 10.1.56, 9.0.119, which fixes the issue. Join the discussion | CVE Database V5 | 06/29/2026, 20:44:39 UTC Added: 06/29/2026, 21:06:37 UTC |
CVE-2026-55276: CWE-670 Always-Incorrect Control Flow Implementation in Apache Software Foundation Apache TomcatCVE-2026-55276 0 Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100. Other versions that have reached end of support may also be affected. Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119 which fixes the issue. Join the discussion | CVE Database V5 | 06/29/2026, 20:42:23 UTC Added: 06/29/2026, 21:06:37 UTC |
CVE-2026-53434: CWE-390 Detection of Error Condition Without Action in Apache Software Foundation Apache TomcatCVE-2026-53434 0 Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fixes the issue. Join the discussion | CVE Database V5 | 06/29/2026, 20:41:06 UTC Added: 06/29/2026, 21:06:37 UTC |
CVE-2026-53404: CWE-670 Always-Incorrect Control Flow Implementation in Apache Software Foundation Apache TomcatCVE-2026-53404 0 Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100. Other versions that have reached end of support may also be affected. Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fix the issue. Join the discussion | CVE Database V5 | 06/29/2026, 20:39:45 UTC Added: 06/29/2026, 21:06:37 UTC |
CVE-2026-50229: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Apache Software Foundation Apache TomcatCVE-2026-50229 0 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Other versions that have reached end of support may also be affected. Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fix the issue. Join the discussion | CVE Database V5 | 06/29/2026, 20:36:24 UTC Added: 06/29/2026, 21:06:37 UTC |
Showing 1 to 7 of 7 results