Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threat Intelligence
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-45357: CWE-400: Uncontrolled Resource Consumption in harttle liquidjsCVE-2026-45357 0 CVE-2026-45357 is a high-severity vulnerability in harttle liquidjs, a JavaScript template engine. Versions 10.25.7 and below have an uncontrolled resource consumption issue in the date filter's strftime implementation. Specifically, large width specifiers like %9999999d cause unbounded string padding operations that bypass documented memory and render limits. This can lead to excessive memory use, high CPU consumption, or out-of-memory crashes during template rendering. The issue is fixed in version 10.26.0. Join the discussion | CVE Database V5 | 06/17/2026, 22:32:20 UTC Added: 06/17/2026, 23:20:08 UTC |
CVE-2026-44645: CWE-400: Uncontrolled Resource Consumption in harttle liquidjsCVE-2026-44645 0 LiquidJS versions 10.25.7 and below contain a vulnerability where the renderLimit option intended to limit rendering time can be bypassed by using an empty {% for %} or {% tablerow %} loop body. This allows an attacker to cause uncontrolled resource consumption by iterating large collections without triggering the time limit, potentially stalling the Node.js event loop and impacting availability. The issue has been fixed in version 10.26.0. Join the discussion | CVE Database V5 | 06/17/2026, 22:08:19 UTC Added: 06/17/2026, 22:35:05 UTC |
CVE-2026-44644: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in harttle liquidjsCVE-2026-44644 0 LiquidJS versions 10.25.7 and below contain a cross-site scripting (XSS) vulnerability in the strip_html filter. The filter uses a regex that fails to match line terminators inside HTML tags, allowing tags with newline characters to bypass sanitization. This can lead to execution of attacker-controlled scripts when rendering unescaped output. The issue is fixed in version 10.26.0. Join the discussion | CVE Database V5 | 06/17/2026, 21:50:24 UTC Added: 06/17/2026, 22:35:05 UTC |
Showing 1 to 3 of 3 results