High Severity Threats
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Filtered Threats
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-44383: CWE-613 in Hydro-Québec Le Circuit Electrique charging station backendCVE-2026-44383 0 CVE-2026-44383 is a vulnerability in the Hydro-Québec Le Circuit Electrique charging station backend that allows multiple connections using the same charging station ID. This weakness could enable an attacker to deploy multiple malicious OCPP clients simultaneously, potentially overwhelming the backend system. The vulnerability is classified under CWE-613 (Insufficient Session Expiration). No specific affected software versions or patches are currently identified. Join the discussion | CVE Database V5 | 07/10/2026, 22:11:16 UTC Added: 07/10/2026, 22:18:09 UTC |
CVE-2026-42952: CWE-307 in Hydro-Québec Le Circuit Electrique charging station backendCVE-2026-42952 0 CVE-2026-42952 is a vulnerability in the Hydro-Québec Le Circuit Electrique charging station backend where there is no throttling on repeated authentication attempts. This lack of throttling could allow an attacker to perform a denial-of-service attack by overwhelming the authentication mechanism. The vulnerability is classified under CWE-307 (Improper Restriction of Excessive Authentication Attempts). No patch or official remediation has been confirmed yet. Join the discussion | CVE Database V5 | 07/10/2026, 22:09:16 UTC Added: 07/10/2026, 22:18:09 UTC |
CVE-2026-58590: CWE-862 Missing Authorization in Drupal FlowDropCVE-2026-58590 0 CVE-2026-58590 is a Missing Authorization vulnerability in the Drupal FlowDrop product that allows forceful browsing. It affects FlowDrop versions from 0.0.0 up to and including 1.6.0. No CVSS score or vendor remediation information is currently available. Join the discussion | CVE Database V5 | 07/10/2026, 21:46:17 UTC Added: 07/10/2026, 22:03:27 UTC |
CVE-2026-58589: CWE-862 Missing Authorization in Drupal FlowDropCVE-2026-58589 0 CVE-2026-58589 is a Missing Authorization vulnerability in the Drupal FlowDrop module that allows forceful browsing. This affects FlowDrop versions from 0.0.0 up to 1.6.0. The vulnerability is categorized under CWE-862, indicating missing authorization checks. No CVSS score or vendor patch information is currently available. Join the discussion | CVE Database V5 | 07/10/2026, 21:46:16 UTC Added: 07/10/2026, 22:03:27 UTC |
CVE-2026-55883: CWE-345: Insufficient Verification of Data Authenticity in tilt-dev tiltCVE-2026-55883 0 Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.24.0 through 0.37.3, the Tilt HUD WebSocket at /ws/view is gated by a CSRF token, but the token is served by the unauthenticated /api/websocket_token endpoint and the upgrader accepts clients that omit an Origin header. When the HUD is network-exposed, an attacker who can reach the listener can open the HUD WebSocket and receive the full view stream, including session state, Tiltfile contents, resource statuses, and continued updates. This issue is fixed in version 0.37.4. Join the discussion | CVE Database V5 | 07/10/2026, 21:38:18 UTC Added: 07/10/2026, 22:03:25 UTC |
CVE-2026-55882: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in tilt-dev tiltCVE-2026-55882 0 Tilt versions from 0.19.5 through 0.37.3 expose Go net/http/pprof debug handlers under /debug without access control. This allows unauthenticated network callers to read process memory, including sensitive session and apiserver tokens, and degrade performance via profiling endpoints. The issue is fixed in version 0.37.4. Join the discussion | CVE Database V5 | 07/10/2026, 21:37:12 UTC Added: 07/10/2026, 22:03:25 UTC |
CVE-2026-55810: CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes in Drupal Plotly.js GraphingCVE-2026-55810 0 CVE-2026-55810 is a vulnerability in Drupal Plotly.js Graphing that allows improper modification of dynamically-determined object attributes, leading to object injection. It affects versions from 0.0.0 up to and including 3.0.2. No CVSS score or official remediation information is currently available. Join the discussion | CVE Database V5 | 07/10/2026, 21:44:36 UTC Added: 07/10/2026, 22:03:25 UTC |
CVE-2026-55808: CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Drupal Drupal coreCVE-2026-55808 0 CVE-2026-55808 is a Cross-Site Scripting (XSS) vulnerability in Drupal core caused by improper neutralization of input during web page generation. It affects multiple versions of Drupal core including all versions up to 10.5.12, 10.6.0 through 10.6.11, 11.2.0 through 11.2.14, 11.3.0 through 11.3.12, and all versions up to 11.1.x. No official patch or remediation guidance is currently provided. There are no known exploits in the wild at this time. The vulnerability allows attackers to inject malicious scripts into web pages generated by Drupal, potentially impacting users who visit affected sites. Join the discussion | CVE Database V5 | 07/10/2026, 21:46:43 UTC Added: 07/10/2026, 22:03:25 UTC |
CVE-2026-55807: CWE-918 Server-Side Request Forgery (SSRF) in Drupal Drupal coreCVE-2026-55807 0 A Server-Side Request Forgery (SSRF) vulnerability exists in Drupal core affecting multiple versions up to 11.3.12. This vulnerability allows an attacker to induce the server to make HTTP requests to arbitrary domains. The vulnerability is identified as CWE-918. No official patch or remediation guidance is currently provided, and no known exploits are reported in the wild. Join the discussion | CVE Database V5 | 07/10/2026, 21:46:40 UTC Added: 07/10/2026, 22:03:25 UTC |
CVE-2026-55804: CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes in Drupal Drupal coreCVE-2026-55804 0 CVE-2026-55804 is a vulnerability in Drupal core involving improper control over modification of dynamically-determined object attributes, leading to potential object injection. It affects multiple Drupal core versions up to 11.3.12 and earlier. No official patch or remediation guidance is currently provided. There are no known exploits in the wild at this time. Join the discussion | CVE Database V5 | 07/10/2026, 21:46:39 UTC Added: 07/10/2026, 22:03:25 UTC |
Showing 1 to 10 of 3830 results