Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threat Intelligence
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-48936: CWE-284 Improper Access Control - Generic in nodejs nodeCVE-2026-48936 0 CVE-2026-48936 is a low severity vulnerability in Node.js version 26.3.0 where a flaw in the Permission API allows a local server to be started via a Unix domain socket without requiring the `--allow-net` permission. This improper access control issue could lead to unintended local network service availability. Join the discussion | CVE Database V5 | 06/26/2026, 01:14:36 UTC Added: 06/26/2026, 01:31:11 UTC |
CVE-2026-48935: CWE-276 Incorrect Default Permissions in nodejs nodeCVE-2026-48935 0 CVE-2026-48935 is a low-severity vulnerability in Node.js affecting the Permission API. It allows modification of file metadata on paths intended to be read-only when using flags like --allow-fs-read. This issue impacts specific versions of Node.js 22, 24, and 26 release lines. Join the discussion | CVE Database V5 | 06/26/2026, 01:14:36 UTC Added: 06/26/2026, 01:31:11 UTC |
CVE-2026-48934: Vulnerability in nodejs nodeCVE-2026-48934 0 A vulnerability in Node.js TLS host verification allows an attacker to bypass certificate validation. This affects specific versions of Node.js 22, 24, and 26. The issue has a medium severity score and does not impact integrity or availability. No official patch or remediation guidance is currently provided. Join the discussion | CVE Database V5 | 06/26/2026, 01:14:36 UTC Added: 06/26/2026, 01:31:11 UTC |
CVE-2026-48933: CWE-190 Integer Overflow in nodejs nodeCVE-2026-48933 0 An integer overflow vulnerability exists in the Node.js WebCrypto implementation that can cause the process to crash when the input to subtle.encrypt() is a multiple of 2 GiB. This affects specific versions of Node.js 22, 24, and 26. The vulnerability has a high severity score and impacts availability but does not affect confidentiality or integrity. Join the discussion | CVE Database V5 | 06/26/2026, 01:14:36 UTC Added: 06/26/2026, 01:31:11 UTC |
CVE-2026-48618: CWE-176 Improper Handling of Unicode Encoding in nodejs nodeCVE-2026-48618 0 A vulnerability in Node.js affects the TLS hostname handling due to improper Unicode dot separator normalization. This flaw can cause a wildcard-depth authentication bypass, potentially allowing an attacker to circumvent intended security boundaries. The issue impacts confidentiality but does not affect integrity or availability. The vulnerability is present in specific versions of Node.js 22, 24, and 26. No official patch or remediation guidance is currently provided by the vendor. Join the discussion | CVE Database V5 | 06/26/2026, 01:14:36 UTC Added: 06/26/2026, 01:31:11 UTC |
A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.
As a result, code running under `--permi...CVE-2026-21711 0 CVE-2026-21711 is a vulnerability in the Node.js permission model where Unix Domain Socket (UDS) server operations do not enforce the required permission checks, unlike other network paths. This flaw allows code running with the '--permission' flag to bypass intended permission restrictions for UDS server operations. The vulnerability affects Microsoft products including Azure Linux and Node.js version 24. No CVSS score or patch information is currently available, and no known exploits in the wild have been reported. Join the discussion | GCVE Database | 03/02/2026, 00:00:00 UTC Added: 05/31/2026, 21:00:11 UTC |
Showing 1 to 6 of 6 results