Medium Severity Threats
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Filtered Threats
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-15089: Vulnerability in Drupal Commerce guest registrationCVE-2026-15089 0 A vulnerability has been identified in Drupal Commerce guest registration. The available information does not specify the nature or technical details of the vulnerability. No affected versions or patch information are provided, and no known exploits are reported in the wild. Join the discussion | CVE Database V5 | 07/10/2026, 21:54:42 UTC Added: 07/10/2026, 22:18:09 UTC |
CVE-2026-15087: Vulnerability in Drupal Clean RESTfulCVE-2026-15087 0 CVE-2026-15087 is a vulnerability affecting the Drupal Clean RESTful module. The specific nature of the vulnerability is not detailed in the available information. All versions of the Clean RESTful module are indicated as affected, but no explicit version range is provided. There is no information on available patches or fixes. No known exploits in the wild have been reported. The vulnerability was published on July 10, 2026. Join the discussion | CVE Database V5 | 07/10/2026, 21:57:28 UTC Added: 07/10/2026, 22:18:09 UTC |
CVE-2026-15086: Vulnerability in Drupal Raw Formatter [Meta Tag Formatter]CVE-2026-15086 0 A vulnerability has been identified in the Drupal Raw Formatter [Meta Tag Formatter] component. The issue affects all versions of this component, but specific details about the nature of the vulnerability or its impact are not provided. No CVSS score or detailed technical information is available. No patch or remediation guidance has been published yet. Join the discussion | CVE Database V5 | 07/10/2026, 21:57:19 UTC Added: 07/10/2026, 22:18:09 UTC |
CVE-2026-11915: Vulnerability in Drupal Brute force attack protectionCVE-2026-11915 0 A vulnerability has been identified in the Drupal Brute force attack protection component. The issue affects all versions of this component, but specific details about the nature of the vulnerability or its exploitation are not provided. No CVSS score or detailed impact information is available. No patch or remediation guidance has been published yet. Join the discussion | CVE Database V5 | 07/10/2026, 21:58:18 UTC Added: 07/10/2026, 22:18:09 UTC |
CVE-2026-11914: Vulnerability in Drupal ComposerCVE-2026-11914 0 CVE-2026-11914 is a vulnerability reported in Drupal Composer. The available information is minimal and does not specify the nature of the vulnerability or the affected versions. No patch or remediation details have been provided, and there is no CVSS score assigned to this vulnerability. Join the discussion | CVE Database V5 | 07/10/2026, 21:59:28 UTC Added: 07/10/2026, 22:18:09 UTC |
CVE-2026-11913: Vulnerability in Drupal Mother May ICVE-2026-11913 0 CVE-2026-11913 is a vulnerability affecting the Drupal Mother May I module. The available information does not specify the nature or technical details of the vulnerability. No affected versions or patch information are provided. There is no CVSS score assigned to this vulnerability. Join the discussion | CVE Database V5 | 07/10/2026, 22:00:08 UTC Added: 07/10/2026, 22:18:09 UTC |
No Manners Here: The Ruthless Rise of The Gentlemen Ransomware 0 The Gentlemen ransomware is a Ransomware-as-a-Service (RaaS) operation active since at least July 2025, rapidly growing through an affiliate model offering a high payout to affiliates. It uses custom tooling written in C and Go to target multiple operating systems and virtual infrastructure. The group employs diverse initial access techniques including exploitation of edge device vulnerabilities, brute force, stolen credentials, and collaboration with initial access brokers. They also use a custom backdoor, an EDR-killing framework, and possibly zero-day exploits to evade defenses. The ransomware has claimed hundreds of victims globally across many industries, with a sharp increase in activity in 2026. The operators have partnered with BreachForums to recruit affiliates and penetration testers. Unit 42 recommends immediate patching of known exploited vulnerabilities, enhanced monitoring, and strict controls on lateral movement and credential access. MediumVulnerability Join the discussion | Palo Alto Unit 42 | 07/10/2026, 22:00:39 UTC Added: 07/10/2026, 22:11:46 UTC |
CVE-2026-59155: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in nezhahq nezhaCVE-2026-59155 0 Nezha Monitoring versions prior to 2.2.5 expose sensitive third-party API credentials in plaintext via the GET /api/v1/ddns and GET /api/v1/notification endpoints. Authenticated users with specific read scopes can retrieve full resource objects including Cloudflare API tokens, TencentCloud SecretKeys, webhook URLs with embedded bot tokens, and Authorization headers without any redaction. This vulnerability is fixed in version 2.2.5. Join the discussion | CVE Database V5 | 07/10/2026, 21:31:34 UTC Added: 07/10/2026, 22:03:27 UTC |
CVE-2026-58591: CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Drupal ColorboxCVE-2026-58591 0 CVE-2026-58591 is a Cross-Site Scripting (XSS) vulnerability in the Drupal Colorbox module caused by improper neutralization of input during web page generation. It affects Colorbox versions from 0.0.0 up to 2.2.0. No official patch or remediation guidance is currently provided. There are no known exploits in the wild at this time. Join the discussion | CVE Database V5 | 07/10/2026, 21:46:18 UTC Added: 07/10/2026, 22:03:27 UTC |
CVE-2026-58588: CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Drupal Drupal CanvasCVE-2026-58588 0 CVE-2026-58588 is a Cross-Site Scripting (XSS) vulnerability in the Drupal Canvas product. It arises from improper neutralization of input during web page generation, allowing injection of malicious scripts. The vulnerability affects specific versions of Drupal Canvas, including 0.0.0, 1.5.0, 1.6.0, and 1.7.0. No official patch or remediation guidance is currently available, and there are no known exploits in the wild. The vulnerability is categorized under CWE-79, which covers XSS issues. Join the discussion | CVE Database V5 | 07/10/2026, 21:46:15 UTC Added: 07/10/2026, 22:03:27 UTC |
Showing 1 to 10 of 4268 results