Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Medium Severity Threats

Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.
Active filters (2):Severity: Medium

Filtered Threats

Click on any threat for detailed analysis and mitigation recommendations

CVE-2026-15089: Vulnerability in Drupal Commerce guest registrationCVE-2026-15089
0

A vulnerability has been identified in Drupal Commerce guest registration. The available information does not specify the nature or technical details of the vulnerability. No affected versions or patch information are provided, and no known exploits are reported in the wild.

Join the discussion
CVE-2026-15087: Vulnerability in Drupal Clean RESTfulCVE-2026-15087
0

CVE-2026-15087 is a vulnerability affecting the Drupal Clean RESTful module. The specific nature of the vulnerability is not detailed in the available information. All versions of the Clean RESTful module are indicated as affected, but no explicit version range is provided. There is no information on available patches or fixes. No known exploits in the wild have been reported. The vulnerability was published on July 10, 2026.

Join the discussion
CVE-2026-15086: Vulnerability in Drupal Raw Formatter [Meta Tag Formatter]CVE-2026-15086
0

A vulnerability has been identified in the Drupal Raw Formatter [Meta Tag Formatter] component. The issue affects all versions of this component, but specific details about the nature of the vulnerability or its impact are not provided. No CVSS score or detailed technical information is available. No patch or remediation guidance has been published yet.

Join the discussion
CVE-2026-11915: Vulnerability in Drupal Brute force attack protectionCVE-2026-11915
0

A vulnerability has been identified in the Drupal Brute force attack protection component. The issue affects all versions of this component, but specific details about the nature of the vulnerability or its exploitation are not provided. No CVSS score or detailed impact information is available. No patch or remediation guidance has been published yet.

Join the discussion
CVE-2026-11914: Vulnerability in Drupal ComposerCVE-2026-11914
0

CVE-2026-11914 is a vulnerability reported in Drupal Composer. The available information is minimal and does not specify the nature of the vulnerability or the affected versions. No patch or remediation details have been provided, and there is no CVSS score assigned to this vulnerability.

Join the discussion
CVE-2026-11913: Vulnerability in Drupal Mother May ICVE-2026-11913
0

CVE-2026-11913 is a vulnerability affecting the Drupal Mother May I module. The available information does not specify the nature or technical details of the vulnerability. No affected versions or patch information are provided. There is no CVSS score assigned to this vulnerability.

Join the discussion
No Manners Here: The Ruthless Rise of The Gentlemen Ransomware
0

The Gentlemen ransomware is a Ransomware-as-a-Service (RaaS) operation active since at least July 2025, rapidly growing through an affiliate model offering a high payout to affiliates. It uses custom tooling written in C and Go to target multiple operating systems and virtual infrastructure. The group employs diverse initial access techniques including exploitation of edge device vulnerabilities, brute force, stolen credentials, and collaboration with initial access brokers. They also use a custom backdoor, an EDR-killing framework, and possibly zero-day exploits to evade defenses. The ransomware has claimed hundreds of victims globally across many industries, with a sharp increase in activity in 2026. The operators have partnered with BreachForums to recruit affiliates and penetration testers. Unit 42 recommends immediate patching of known exploited vulnerabilities, enhanced monitoring, and strict controls on lateral movement and credential access.

MediumVulnerability
Join the discussion
CVE-2026-59155: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in nezhahq nezhaCVE-2026-59155
0

Nezha Monitoring versions prior to 2.2.5 expose sensitive third-party API credentials in plaintext via the GET /api/v1/ddns and GET /api/v1/notification endpoints. Authenticated users with specific read scopes can retrieve full resource objects including Cloudflare API tokens, TencentCloud SecretKeys, webhook URLs with embedded bot tokens, and Authorization headers without any redaction. This vulnerability is fixed in version 2.2.5.

Join the discussion
CVE-2026-58591: CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Drupal ColorboxCVE-2026-58591
0

CVE-2026-58591 is a Cross-Site Scripting (XSS) vulnerability in the Drupal Colorbox module caused by improper neutralization of input during web page generation. It affects Colorbox versions from 0.0.0 up to 2.2.0. No official patch or remediation guidance is currently provided. There are no known exploits in the wild at this time.

Join the discussion
CVE-2026-58588: CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Drupal Drupal CanvasCVE-2026-58588
0

CVE-2026-58588 is a Cross-Site Scripting (XSS) vulnerability in the Drupal Canvas product. It arises from improper neutralization of input during web page generation, allowing injection of malicious scripts. The vulnerability affects specific versions of Drupal Canvas, including 0.0.0, 1.5.0, 1.6.0, and 1.7.0. No official patch or remediation guidance is currently available, and there are no known exploits in the wild. The vulnerability is categorized under CWE-79, which covers XSS issues.

Join the discussion

Showing 1 to 10 of 4268 results

Filters:Severity: Medium
Page 1 of 427
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses