Explore the latest in cybersecurity with Netlas.io. Stay ahead with updates on high-profile vulnerabilities, expert tutorials, essential safety tips, and the latest Netlas developments.
Join @netlas for exclusive updates and expert content and discussions in 1
排名
全球排名
#3910无变化
语言排名
#858无变化
类别排名
#17无变化
订阅者增长 (过去 29 天)
总计: 2.1K
24 小时增长: -4 0%
Ad
Loading posts...
评分
需要登录
Loading reviews...
Ad
Netlas.io
Explore the latest in cybersecurity with Netlas.io. Stay ahead with updates on high-profile vulnerabilities, expert tutorials, essential safety tips, and the latest Netlas developments.
Join @netlas for exclusive updates and expert content and discussions in 1
CVE-2025-37165, -37166: Multiple vulnerabilities in Aruba, 7.5 rating❗️
Vulnerabilities in Aruba HPE allow an attacker to perform a DoS or gain knowledge of the internal network configuration.
Search at http://Netlas.io/:
👉 Link: https://nt.ls/AlIHR
👉 Dork: http.favicon.hash_sha256:dfa04944308ed6c96563ff88cdb767ed5177c76c8a386f7a5803b534e9bff753
Vendor's advisory: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04988en_us&docLocale=en_US#hpesbnw04988-rev-1-hpe-networking-instant-on-multi-0
597
5
0
Netlas.io
2026年3月11日 02:20
📌 Bug Bounty 101 — a complete 2026 roadmap for beginners
Netlas’ new guide cuts through the “dead vs $100k” hype: bug bounty isn’t dead, it’s just more mature. Success now comes from smart target selection, solid recon, manual testing, and reports that get accepted.
What’s inside:
1️⃣ Prerequisites checklist: networking, HTTP basics, light coding, core vulns, and why patience/focus matter.
2️⃣ Picking targets: start with VDPs and less-crowded programs; use HackerOne/Bugcrowd/Intigriti and Google dorks to find scopes; stick to one target.
3️⃣ Recon that works: org WHOIS → asset mapping → subdomains; customize your flow, with a concrete Netlas example and CLI tips.
4️⃣ Hunting methodology: build product knowledge first; use a single multi-signal test string to probe inputs; avoid blind payload spam.
5️⃣ Reports that get paid and beginner mistakes to avoid, plus a practical 60-day plan to your first live finding.
👉 Read here: https://netlas.io/blog/bug_bounty_roadmap/
675
7
Netlas.io
2026年3月11日 02:20
❗️Technical Issue Alert❗️
Due to issues with database cluster, Netlas is temporarily suspended to reboot the affected nodes.
Our team is working hard to resolve the issue as quickly as possible.
👉 You can also follow the Netlas status on the corresponding page: https://status.netlas.io/
We sincerely apologize for the inconvenience and appreciate your patience 🙏
772
4
0
Netlas.io
2026年3月11日 02:20
📌 Software Supply Chain Attacks — how trust breaks, and how to fix it
Modern apps lean on open-source packages, registries, clouds, and CI/CD. When any upstream link is compromised, clean projects ship trojanized code — as in the CCleaner incident. This explainer maps where trust fails and what to harden.
What’s inside:
1️⃣ The chain itself: repos, dependency managers, CI/CD, artifact storage — and the weak assumptions they rely on.
2️⃣ How attacks land: stolen maintainer accounts, poisoned updates, abused credentials, and automated pulls.
3️⃣ Case in point: a signed build gone rogue (CCleaner) shows why “official” isn’t always safe.
4️⃣ Mitigations that matter: SBOMs, provenance and signed builds to verify what you ship and where it came from.
👉 Full article here: https://netlas.io/blog/supply_chain_attack/
920
8
Netlas.io
2026年3月11日 02:20
📷 Photo
CVE-2025-68385: Cross-site Scripting in Kibana, 7.2 rating❗️
A vulnerability in the Vega renderer could allow an authenticated attacker to perform XSS injection.
Search at http://Netlas.io/:
👉 Link: https://nt.ls/XGTPX
👉 Dork: http.unknown_headers.key:"kbn_name"
Vendor's advisory: https://discuss.elastic.co/t/kibana-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-34/384182
724
4
Netlas.io
2026年3月11日 02:20
🎄🎅🏼❄️ Netlas v1.5.1
We introduce Daily Internet Scan Data Snapshots — time-bounded datasets containing all scan results collected within a 24-hour period.
Plus:
🏷️ improved technology tags
💭 visual mapping hints
👉 Check full changelog here: https://docs.netlas.io/changelog/
791
7
0
Netlas.io
2026年3月11日 02:20
📌 The Evolution of C2: Centralized to On-Chain
We map how C2 moved from IRC and web panels to DGAs, P2P, fast-flux, abuse of legit cloud platforms, and now smart-contract C2 on public blockchains — with concrete detection playbooks.
What’s inside:
1. The lineage: IRC → HTTP/HTTPS → DGA & P2P → fast-flux → cloud/“legit” platforms → blockchain contracts.
2. Why on-chain C2 matters: immutable contracts, pseudonymous wallets, and payload retrieval over public RPC.
3. Trade-offs: resilience vs latency, and how transparency enables forensics even as takedowns get harder.
4. Practical detection: block JSON-RPC egress to public providers, use TLS/JARM and beacon-timing patterns, and watch for DNS tunneling.
👉 Read now: https://netlas.io/blog/evolution_of_c2_infrastructure/
895
5
Netlas.io
2026年3月11日 02:20
📷 Photo
CVE-2025-14265: Download of Code Without Integrity Check in ScreenConnect, 9.1 rating 🔥
A server-side vulnerability could allow an authenticated attacker to execute custom code or access configuration data.
Search at http://Netlas.io/:
👉 Link: https://nt.ls/1JSOa
👉 Dork: http.headers.server:"ScreenConnect"
Vendor's advisory: https://www.connectwise.com/company/trust/security-bulletins/screenconnect-2025.8-security-patch
847
7
Netlas.io
2026年3月11日 02:20
📷 Photo
CVE-2025-14733: Out-of-bounds Write in WatchGuard, 9.1 rating 🔥
A vulnerability in Fireware OS allows a remote unauthenticated user to execute arbitrary code.
Search at http://Netlas.io/:
👉 Link: https://nt.ls/jooF2
👉 Dork: http.favicon.hash_sha256:9560bc07784890efa36dc4636b6d5f091059914bb5cb8941d00c5b47646efb8c
Read more: https://github.com/advisories/GHSA-hv82-jj64-jf47
817
4
Netlas.io
2026年3月11日 02:20
📷 Photo
CVE-2025-66399: Command Injection in Cacti, 7.4 rating❗️
A vulnerability in the SNMP component of Cacti could allow an authenticated attacker to perform RCE.
Search at http://Netlas.io/:
👉 Link: https://nt.ls/VJyxC
👉 Dork: http.title:"Login to Cacti" OR http.headers.set_cookie:"Cacti"
Vendor's advisory: https://github.com/Cacti/cacti/security/advisories/GHSA-c7rr-2h93-7gjf
898
7
Netlas.io
2026年3月5日 19:23
📷 Photo
CVE-2025-55182: RCE in React Server Components, 10.0 rating 🔥🔥🔥
The code of vulnerable components insecurely deserializes HTTP requests, which could allow an attacker to perform RCE.
Search at http://Netlas.io/:
👉 Link: https://nt.ls/lg3gz
👉 Dork: http://tag.name/:"react"
Vendor's advisory: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
834
12
Netlas.io
2026年2月16日 08:40
CVE-2025-11699: Insufficient Session Expiration in nopCommerce, 7.1 rating❗️
Because some versions of nopCommerce do not clear cookies, an attacker who gains access to someone else's cookie can use it to hijack a session or escalate privileges.
Search at http://Netlas.io/:
👉 Link: https://nt.ls/6rFG4
👉 Dork: http.meta:"nopCommerce"
Read more: https://seclists.org/fulldisclosure/2025/Aug/14
714
5
0
Netlas.io
2026年2月16日 08:40
We’ve just shipped Netlas Python SDK v0.8.0 🐍✨
This update brings more reliable downloads, refreshed stats handling, and broader SDK coverage — including new Discovery/Mapping methods, improved Scanner and Datastore tools, and a couple of nice usability touches in both profiles and the CLI.
👉 Check full changelog here: https://docs.netlas.io/changelog/
701
8
0
Netlas.io
2026年2月6日 08:48
Netlas is back online 🚀
We’ve just finished rolling out Netlas v1.4.0 — a major upgrade that took a bit longer than expected, but it’s now live and ready to use.
Here’s what’s new:
🧭 Discovery Tool: significantly improved UI and reworked flow — discovery now runs in the background so you can keep exploring your attack surface while data is being fetched.
🌐 Port coverage: public scans now cover 1,000+ ports for broader visibility into exposed services.
🔍 Tech detection: improved HTTP software detection; the next public scan will include 6,000+ application and technology names.
📊 CVE mapping: completely redesigned mapping via CPEs and product names, plus a new sortable, filterable vulnerabilities table in the UI.
📦 Private Scanner: major data storage redesign after a year of intensive use, improving reliability and paving the way for future features.
🔁 API change: when using the indices parameter, you now pass the scan label instead of its numeric ID.
Thanks a lot for your patience and support — it helped us get this release over the line.
👉 Full changelog and migration details: https://docs.netlas.io/changelog/
733
10
Netlas.io
2026年2月4日 13:33
🚧 Planned Maintenance 🚧 An application will be unavailable for a period of time❗️ On Thursday, November 27, 2025, at 09:00 UTC ⏰, a major update will be implemented, which will also require changes to the structure of the Netlas databases. This will take…
606
3
0
Netlas.io
2025年12月6日 10:56
CVE-2025-10230: OS Command Injection in Samba, 10.0 rating 🔥🔥🔥
An October vulnerability in the popular Samba AD package allows attackers to execute commands on a server by sending just one specially crafted packet.
Search at http://Netlas.io/:👉 Link: https://nt.ls/xGVmR
👉 Dork: smb:*
Vendor's advisory: https://www.samba.org/samba/history/security.html
981
16
0
Netlas.io
2025年12月6日 10:56
CVE-2025-64500: Authorization Bypass in Symfony, 7.3 rating❗️
The vulnerability allows attackers to bypass certain access restrictions based on the leading "/" character.
Search at http://Netlas.io/:👉 Link: https://nt.ls/yxfE1
👉 Dork: http.body:"Symfony Web Debug Toolbar" OR http.title:"Welcome to Symfony!" OR http.title:"symfony project"
Vendor's advisory: https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
531
8
0
Netlas.io
2025年12月6日 10:56
CVE-2025-9501: Command Injection in W3 Total Cache plugin, 9.0 rating 🔥
A vulnerability in a popular website speedup plugin allows attackers to remotely execute PHP code.
Search at http://Netlas.io/:👉 Link: https://nt.ls/GUyZV
👉 Dork: http.body:"plugins/w3-total-cache"
Read more: https://wpscan.com/vulnerability/6697a2c9-63ae-42f0-8931-f2e5d67d45ae/
548
8
0
Netlas.io
2025年12月6日 10:56
❗We are currently experiencing a full service outage caused by a major Cloudflare CDN failure.
At the moment, Netlas App, API, and documentation portal are unavailable.
Our backend systems are running, but Cloudflare’s outage prevents any traffic from reaching our infrastructure.
We are actively monitoring Cloudflare’s incident and will restore service as soon as connectivity is back.
541
16
0
Netlas.io
2025年12月6日 10:56
CVE-2025-64459, -64458: SQLi and DoS in Django Framework, 7.5 - 9.1 rating 🔥
A recent security update from the Django Team fixes two vulnerabilities that could allow an attacker to destroy or retrieve database contents, as well as halt the operation of a Windows server.
Search at http://Netlas.io/:👉 Link: https://nt.ls/srswH
👉 Dork: http://tag.name/:"django"
Vendor's advisory: https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
521
12
0
Netlas.io
2025年12月6日 10:56
📌 LLM Vulnerabilities: how AI apps break — and how to harden them
This piece maps the most common ways LLM-powered systems fail in the real world and turns them into a practical hardening plan. From prompt and indirect injection to over-privileged tools, leaky RAG pipelines, data poisoning, jailbreaks, and supply-chain traps — plus the guardrails that actually help in production.
Key takeaways:
1️⃣ Prompt & indirect injection: attackers hide instructions in web pages, files, or retrieved notes; the model obeys them and exfiltrates secrets or performs unwanted actions.
2️⃣ Jailbreaks & policy evasion: harmless-looking reformulations bypass safety layers; outputs become unsafe or operationally risky.
3️⃣ RAG data leaks: sloppy retrieval exposes internal docs, customer data, and system prompts; cross-tenant bleed is a real risk.
4️⃣ Over-privileged tools/agents: broad filesystem, network, or payment permissions turn one prompt into a breach.
5️⃣ Poisoning & supply chain: tainted datasets, third-party prompts, and unpinned models/extensions undermine trust.
6️⃣ Output trust & hallucinations: fabricated facts sneak into workflows, tickets, or code — and humans often rubber-stamp them.
7️⃣ Telemetry gaps: without red-team sims and runtime monitoring, you won’t see injection attempts until damage is done.
👉 Read here: https://netlas.io/blog/llm_vulnerabilities/
1,050
Netlas.io
2025年12月6日 10:56
CVE-2025-64492, -64493: SQL Injections in SuiteCRM, 6.5 - 8.8 rating❗️
Vulnerabilities in SuiteCRM allow attackers to obtain information about databases and, in rare cases, perform RCE.
Search at http://Netlas.io/:👉 Link: https://nt.ls/rsV8B
👉 Dork: http.favicon.hash_sha256:6e1ab006d2a8e2e930bdd6f4e85ae3f7df8c46cd2062a9f85a7193e0558185bb
Vendor's advisory: https://github.com/SuiteCRM/SuiteCRM-Core/security/advisories/GHSA-54m4-4p54-j8hp
623
6
0
Netlas.io
2025年12月6日 10:56
CVE-2025-11224 and other: Multiple vulnerabilities in GitLab, 3.1 - 7.7 rating❗️
In a new bulletin, GitLab described nine vulnerabilities for CE and EE. These include XSS, Information Disclosure, Prompt Injection, and others.
Search at http://Netlas.io/:👉 Link: https://nt.ls/7x1Mf
👉 Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/
553
10
0
Netlas.io
2025年12月6日 10:56
CVE-2025-24893: Eval Injection in XWiki Platform, 9.8 rating 🔥
In a recent post, CISA added an old RCE vulnerability to the list of actively exploited ones.
Search at http://Netlas.io/:👉 Link: https://nt.ls/ue2o0
👉 Dork: http.title:"XWiki" OR http.favicon.hash_sha256:6f0fdef9a229150fbc7183a1bbb136d7b44b6df7c34369c14bebb6adae8aaf20
Read more: https://www.cisa.gov/news-events/alerts/2025/10/30/cisa-adds-two-known-exploited-vulnerabilities-catalog
587
10
0
Netlas.io
2025年12月6日 10:56
CVE-2025-8489: Path Traversal in ShopLentor WordPress Plugin, 9.8 rating 🔥
A recent vulnerability in the ShopLentor (formerly WooLentor) plugin allows unauthenticated attackers to execute any code from PHP files on the server.
Search at http://Netlas.io/:👉 Link: https://nt.ls/wKuHH
👉 Dork: http.body:"plugins/woolentor-addons"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woolentor-addons/shoplentor-325-unauthenticated-local-php-file-inclusion-via-load-template
647
12
0
Netlas.io
2025年12月5日 11:35
CVE-2025-64095: Unauthenticated File Upload in DNN Platform CMS, 10.0 rating 🔥🔥🔥
The vulnerability allows an unauthenticated user to upload files to the server, overwriting existing ones.
Search at http://Netlas.io/:👉 Link: https://nt.ls/m2HEG
👉 Dork: http.headers.set_cookie:"dnn_IsMobile"
Vendor's advisory: https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3m8r-w7xg-jqvw
549
10
0
Netlas.io
2025年12月4日 15:02
📌 When AI Turns Criminal: deepfakes, voice-cloning & LLM-powered malware
Today we unpack how attackers weaponize generative AI — sharper spear-phishing, real-time voice/video fakes, and malware that models can write and refactor on the fly — plus what defenders can do today.
What’s inside:
🤖 How deepfakes and voice clones short-circuit trust, approvals, and even MFAs.
🔎 AI-scaled social engineering: personalized, context-aware outreach at volume.
🦠 LLM-assisted malware chains and why detection misses “AI fingerprints.”
🛡 Concrete playbooks: out-of-band verification, liveness checks, device fingerprinting, intent-aware filtering, tabletop drills.
👉 Read now: https://netlas.io/blog/ai_turns_criminal/
517
12
Netlas.io
2025年12月3日 02:04
⚠️ Service Maintenance Notice
Please note that Netlas will experience brief service interruptions several times today and tomorrow due to maintenance. We appreciate your understanding and patience while we work to improve our system performance.
407
4
0
Netlas.io
2025年12月2日 02:04
CVE-2025-54236: Improper Input Validation in Magento (Adobe Commerce), 9.1 rating 🔥
A critical vulnerability disclosed in a recent advisory allows attackers to perform RCE. Exploitation attempts have already been recorded!
Search at http://Netlas.io/:👉 Link: https://nt.ls/Edck5
👉 Dork: http://tag.name/:"magento" AND http.headers.server:"Apache"
Vendor's advisory: https://helpx.adobe.com/security/products/magento/apsb25-88.html
494
12
0
Netlas.io
2025年11月28日 12:46
CVE-2025-55752, -55754, -61795: Multiple vulnerabilites in Apache Tomcat, 5.3 - 9.6 rating 🔥
Three new vulnerabilities in Apache Tomcat allow attackers to perform DoS, RCE, and ANSI Injection.
Search at http://Netlas.io/:👉 Link: https://nt.ls/OLbr7
👉 Dork: http.favicon.hash_sha256:64a3170a912786e9eece7e347b58f36471cb9d0bc790697b216c61050e6b1f08 OR http.headers.server:"Apache-Coyote"
Vendor's advisory: https://lists.apache.org/thread/38vqp0v1fg4gr8c6lvm15wj6k67hxzxd
CVE-2025-37165, -37166: Multiple vulnerabilities in Aruba, 7.5 rating❗️
Vulnerabilities in Aruba HPE allow an attacker to perform a DoS or gain knowledge of the internal network configuration.
Search at http://Netlas.io/:
👉 Link: https://nt.ls/AlIHR
👉 Dork: http.favicon.hash_sha256:dfa04944308ed6c96563ff88cdb767ed5177c76c8a386f7a5803b534e9bff753
Vendor's advisory: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04988en_us&docLocale=en_US#hpesbnw04988-rev-1-hpe-networking-instant-on-multi-0
0
0
0
0
0
0
0
0
0
10
0
0
597
5
0
Netlas.io
2026年3月11日 02:20
📌 Bug Bounty 101 — a complete 2026 roadmap for beginners
Netlas’ new guide cuts through the “dead vs $100k” hype: bug bounty isn’t dead, it’s just more mature. Success now comes from smart target selection, solid recon, manual testing, and reports that get accepted.
What’s inside:
1️⃣ Prerequisites checklist: networking, HTTP basics, light coding, core vulns, and why patience/focus matter.
2️⃣ Picking targets: start with VDPs and less-crowded programs; use HackerOne/Bugcrowd/Intigriti and Google dorks to find scopes; stick to one target.
3️⃣ Recon that works: org WHOIS → asset mapping → subdomains; customize your flow, with a concrete Netlas example and CLI tips.
4️⃣ Hunting methodology: build product knowledge first; use a single multi-signal test string to probe inputs; avoid blind payload spam.
5️⃣ Reports that get paid and beginner mistakes to avoid, plus a practical 60-day plan to your first live finding.
👉 Read here: https://netlas.io/blog/bug_bounty_roadmap/
675
7
0
Netlas.io
2026年3月11日 02:20
❗️Technical Issue Alert❗️
Due to issues with database cluster, Netlas is temporarily suspended to reboot the affected nodes.
Our team is working hard to resolve the issue as quickly as possible.
👉 You can also follow the Netlas status on the corresponding page: https://status.netlas.io/
We sincerely apologize for the inconvenience and appreciate your patience 🙏
772
4
0
Netlas.io
2026年3月11日 02:20
📌 Software Supply Chain Attacks — how trust breaks, and how to fix it
Modern apps lean on open-source packages, registries, clouds, and CI/CD. When any upstream link is compromised, clean projects ship trojanized code — as in the CCleaner incident. This explainer maps where trust fails and what to harden.
What’s inside:
1️⃣ The chain itself: repos, dependency managers, CI/CD, artifact storage — and the weak assumptions they rely on.
2️⃣ How attacks land: stolen maintainer accounts, poisoned updates, abused credentials, and automated pulls.
3️⃣ Case in point: a signed build gone rogue (CCleaner) shows why “official” isn’t always safe.
4️⃣ Mitigations that matter: SBOMs, provenance and signed builds to verify what you ship and where it came from.
👉 Full article here: https://netlas.io/blog/supply_chain_attack/
920
8
0
Netlas.io
2026年3月11日 02:20
📷 Photo
CVE-2025-68385: Cross-site Scripting in Kibana, 7.2 rating❗️
A vulnerability in the Vega renderer could allow an authenticated attacker to perform XSS injection.
Search at http://Netlas.io/:
👉 Link: https://nt.ls/XGTPX
👉 Dork: http.unknown_headers.key:"kbn_name"
Vendor's advisory: https://discuss.elastic.co/t/kibana-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-34/384182
724
4
0
Netlas.io
2026年3月11日 02:20
🎄🎅🏼❄️ Netlas v1.5.1
We introduce Daily Internet Scan Data Snapshots — time-bounded datasets containing all scan results collected within a 24-hour period.
Plus:
🏷️ improved technology tags
💭 visual mapping hints
👉 Check full changelog here: https://docs.netlas.io/changelog/
791
7
0
Netlas.io
2026年3月11日 02:20
📌 The Evolution of C2: Centralized to On-Chain
We map how C2 moved from IRC and web panels to DGAs, P2P, fast-flux, abuse of legit cloud platforms, and now smart-contract C2 on public blockchains — with concrete detection playbooks.
What’s inside:
1. The lineage: IRC → HTTP/HTTPS → DGA & P2P → fast-flux → cloud/“legit” platforms → blockchain contracts.
2. Why on-chain C2 matters: immutable contracts, pseudonymous wallets, and payload retrieval over public RPC.
3. Trade-offs: resilience vs latency, and how transparency enables forensics even as takedowns get harder.
4. Practical detection: block JSON-RPC egress to public providers, use TLS/JARM and beacon-timing patterns, and watch for DNS tunneling.
👉 Read now: https://netlas.io/blog/evolution_of_c2_infrastructure/
895
5
0
Netlas.io
2026年3月11日 02:20
📷 Photo
CVE-2025-14265: Download of Code Without Integrity Check in ScreenConnect, 9.1 rating 🔥
A server-side vulnerability could allow an authenticated attacker to execute custom code or access configuration data.
Search at http://Netlas.io/:
👉 Link: https://nt.ls/1JSOa
👉 Dork: http.headers.server:"ScreenConnect"
Vendor's advisory: https://www.connectwise.com/company/trust/security-bulletins/screenconnect-2025.8-security-patch
847
7
0
Netlas.io
2026年3月11日 02:20
📷 Photo
CVE-2025-14733: Out-of-bounds Write in WatchGuard, 9.1 rating 🔥
A vulnerability in Fireware OS allows a remote unauthenticated user to execute arbitrary code.
Search at http://Netlas.io/:
👉 Link: https://nt.ls/jooF2
👉 Dork: http.favicon.hash_sha256:9560bc07784890efa36dc4636b6d5f091059914bb5cb8941d00c5b47646efb8c
Read more: https://github.com/advisories/GHSA-hv82-jj64-jf47
817
4
0
Netlas.io
2026年3月11日 02:20
📷 Photo
CVE-2025-66399: Command Injection in Cacti, 7.4 rating❗️
A vulnerability in the SNMP component of Cacti could allow an authenticated attacker to perform RCE.
Search at http://Netlas.io/:
👉 Link: https://nt.ls/VJyxC
👉 Dork: http.title:"Login to Cacti" OR http.headers.set_cookie:"Cacti"
Vendor's advisory: https://github.com/Cacti/cacti/security/advisories/GHSA-c7rr-2h93-7gjf
898
7
0
Netlas.io
2026年3月5日 19:23
📷 Photo
CVE-2025-55182: RCE in React Server Components, 10.0 rating 🔥🔥🔥
The code of vulnerable components insecurely deserializes HTTP requests, which could allow an attacker to perform RCE.
Search at http://Netlas.io/:
👉 Link: https://nt.ls/lg3gz
👉 Dork: http://tag.name/:"react"
Vendor's advisory: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
834
12
0
Netlas.io
2026年2月16日 08:40
CVE-2025-11699: Insufficient Session Expiration in nopCommerce, 7.1 rating❗️
Because some versions of nopCommerce do not clear cookies, an attacker who gains access to someone else's cookie can use it to hijack a session or escalate privileges.
Search at http://Netlas.io/:
👉 Link: https://nt.ls/6rFG4
👉 Dork: http.meta:"nopCommerce"
Read more: https://seclists.org/fulldisclosure/2025/Aug/14
714
5
0
Netlas.io
2026年2月16日 08:40
We’ve just shipped Netlas Python SDK v0.8.0 🐍✨
This update brings more reliable downloads, refreshed stats handling, and broader SDK coverage — including new Discovery/Mapping methods, improved Scanner and Datastore tools, and a couple of nice usability touches in both profiles and the CLI.
👉 Check full changelog here: https://docs.netlas.io/changelog/
701
8
0
Netlas.io
2026年2月6日 08:48
Netlas is back online 🚀
We’ve just finished rolling out Netlas v1.4.0 — a major upgrade that took a bit longer than expected, but it’s now live and ready to use.
Here’s what’s new:
🧭 Discovery Tool: significantly improved UI and reworked flow — discovery now runs in the background so you can keep exploring your attack surface while data is being fetched.
🌐 Port coverage: public scans now cover 1,000+ ports for broader visibility into exposed services.
🔍 Tech detection: improved HTTP software detection; the next public scan will include 6,000+ application and technology names.
📊 CVE mapping: completely redesigned mapping via CPEs and product names, plus a new sortable, filterable vulnerabilities table in the UI.
📦 Private Scanner: major data storage redesign after a year of intensive use, improving reliability and paving the way for future features.
🔁 API change: when using the indices parameter, you now pass the scan label instead of its numeric ID.
Thanks a lot for your patience and support — it helped us get this release over the line.
👉 Full changelog and migration details: https://docs.netlas.io/changelog/
733
10
0
Netlas.io
2026年2月4日 13:33
🚧 Planned Maintenance 🚧 An application will be unavailable for a period of time❗️ On Thursday, November 27, 2025, at 09:00 UTC ⏰, a major update will be implemented, which will also require changes to the structure of the Netlas databases. This will take…
606
3
0
Netlas.io
2025年12月6日 10:56
CVE-2025-10230: OS Command Injection in Samba, 10.0 rating 🔥🔥🔥
An October vulnerability in the popular Samba AD package allows attackers to execute commands on a server by sending just one specially crafted packet.
Search at http://Netlas.io/:👉 Link: https://nt.ls/xGVmR
👉 Dork: smb:*
Vendor's advisory: https://www.samba.org/samba/history/security.html
981
16
0
Netlas.io
2025年12月6日 10:56
CVE-2025-64500: Authorization Bypass in Symfony, 7.3 rating❗️
The vulnerability allows attackers to bypass certain access restrictions based on the leading "/" character.
Search at http://Netlas.io/:👉 Link: https://nt.ls/yxfE1
👉 Dork: http.body:"Symfony Web Debug Toolbar" OR http.title:"Welcome to Symfony!" OR http.title:"symfony project"
Vendor's advisory: https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
531
8
0
Netlas.io
2025年12月6日 10:56
CVE-2025-9501: Command Injection in W3 Total Cache plugin, 9.0 rating 🔥
A vulnerability in a popular website speedup plugin allows attackers to remotely execute PHP code.
Search at http://Netlas.io/:👉 Link: https://nt.ls/GUyZV
👉 Dork: http.body:"plugins/w3-total-cache"
Read more: https://wpscan.com/vulnerability/6697a2c9-63ae-42f0-8931-f2e5d67d45ae/
548
8
0
Netlas.io
2025年12月6日 10:56
❗We are currently experiencing a full service outage caused by a major Cloudflare CDN failure.
At the moment, Netlas App, API, and documentation portal are unavailable.
Our backend systems are running, but Cloudflare’s outage prevents any traffic from reaching our infrastructure.
We are actively monitoring Cloudflare’s incident and will restore service as soon as connectivity is back.
541
16
0
Netlas.io
2025年12月6日 10:56
CVE-2025-64459, -64458: SQLi and DoS in Django Framework, 7.5 - 9.1 rating 🔥
A recent security update from the Django Team fixes two vulnerabilities that could allow an attacker to destroy or retrieve database contents, as well as halt the operation of a Windows server.
Search at http://Netlas.io/:👉 Link: https://nt.ls/srswH
👉 Dork: http://tag.name/:"django"
Vendor's advisory: https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
521
12
0
Netlas.io
2025年12月6日 10:56
📌 LLM Vulnerabilities: how AI apps break — and how to harden them
This piece maps the most common ways LLM-powered systems fail in the real world and turns them into a practical hardening plan. From prompt and indirect injection to over-privileged tools, leaky RAG pipelines, data poisoning, jailbreaks, and supply-chain traps — plus the guardrails that actually help in production.
Key takeaways:
1️⃣ Prompt & indirect injection: attackers hide instructions in web pages, files, or retrieved notes; the model obeys them and exfiltrates secrets or performs unwanted actions.
2️⃣ Jailbreaks & policy evasion: harmless-looking reformulations bypass safety layers; outputs become unsafe or operationally risky.
3️⃣ RAG data leaks: sloppy retrieval exposes internal docs, customer data, and system prompts; cross-tenant bleed is a real risk.
4️⃣ Over-privileged tools/agents: broad filesystem, network, or payment permissions turn one prompt into a breach.
5️⃣ Poisoning & supply chain: tainted datasets, third-party prompts, and unpinned models/extensions undermine trust.
6️⃣ Output trust & hallucinations: fabricated facts sneak into workflows, tickets, or code — and humans often rubber-stamp them.
7️⃣ Telemetry gaps: without red-team sims and runtime monitoring, you won’t see injection attempts until damage is done.
👉 Read here: https://netlas.io/blog/llm_vulnerabilities/
1,050
10
0
Netlas.io
2025年12月6日 10:56
CVE-2025-64492, -64493: SQL Injections in SuiteCRM, 6.5 - 8.8 rating❗️
Vulnerabilities in SuiteCRM allow attackers to obtain information about databases and, in rare cases, perform RCE.
Search at http://Netlas.io/:👉 Link: https://nt.ls/rsV8B
👉 Dork: http.favicon.hash_sha256:6e1ab006d2a8e2e930bdd6f4e85ae3f7df8c46cd2062a9f85a7193e0558185bb
Vendor's advisory: https://github.com/SuiteCRM/SuiteCRM-Core/security/advisories/GHSA-54m4-4p54-j8hp
623
6
0
Netlas.io
2025年12月6日 10:56
CVE-2025-11224 and other: Multiple vulnerabilities in GitLab, 3.1 - 7.7 rating❗️
In a new bulletin, GitLab described nine vulnerabilities for CE and EE. These include XSS, Information Disclosure, Prompt Injection, and others.
Search at http://Netlas.io/:👉 Link: https://nt.ls/7x1Mf
👉 Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/
553
10
0
Netlas.io
2025年12月6日 10:56
CVE-2025-24893: Eval Injection in XWiki Platform, 9.8 rating 🔥
In a recent post, CISA added an old RCE vulnerability to the list of actively exploited ones.
Search at http://Netlas.io/:👉 Link: https://nt.ls/ue2o0
👉 Dork: http.title:"XWiki" OR http.favicon.hash_sha256:6f0fdef9a229150fbc7183a1bbb136d7b44b6df7c34369c14bebb6adae8aaf20
Read more: https://www.cisa.gov/news-events/alerts/2025/10/30/cisa-adds-two-known-exploited-vulnerabilities-catalog
587
10
0
Netlas.io
2025年12月6日 10:56
CVE-2025-8489: Path Traversal in ShopLentor WordPress Plugin, 9.8 rating 🔥
A recent vulnerability in the ShopLentor (formerly WooLentor) plugin allows unauthenticated attackers to execute any code from PHP files on the server.
Search at http://Netlas.io/:👉 Link: https://nt.ls/wKuHH
👉 Dork: http.body:"plugins/woolentor-addons"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woolentor-addons/shoplentor-325-unauthenticated-local-php-file-inclusion-via-load-template
647
12
0
Netlas.io
2025年12月5日 11:35
CVE-2025-64095: Unauthenticated File Upload in DNN Platform CMS, 10.0 rating 🔥🔥🔥
The vulnerability allows an unauthenticated user to upload files to the server, overwriting existing ones.
Search at http://Netlas.io/:👉 Link: https://nt.ls/m2HEG
👉 Dork: http.headers.set_cookie:"dnn_IsMobile"
Vendor's advisory: https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3m8r-w7xg-jqvw
549
10
0
Netlas.io
2025年12月4日 15:02
📌 When AI Turns Criminal: deepfakes, voice-cloning & LLM-powered malware
Today we unpack how attackers weaponize generative AI — sharper spear-phishing, real-time voice/video fakes, and malware that models can write and refactor on the fly — plus what defenders can do today.
What’s inside:
🤖 How deepfakes and voice clones short-circuit trust, approvals, and even MFAs.
🔎 AI-scaled social engineering: personalized, context-aware outreach at volume.
🦠 LLM-assisted malware chains and why detection misses “AI fingerprints.”
🛡 Concrete playbooks: out-of-band verification, liveness checks, device fingerprinting, intent-aware filtering, tabletop drills.
👉 Read now: https://netlas.io/blog/ai_turns_criminal/
517
12
0
Netlas.io
2025年12月3日 02:04
⚠️ Service Maintenance Notice
Please note that Netlas will experience brief service interruptions several times today and tomorrow due to maintenance. We appreciate your understanding and patience while we work to improve our system performance.
407
4
0
Netlas.io
2025年12月2日 02:04
CVE-2025-54236: Improper Input Validation in Magento (Adobe Commerce), 9.1 rating 🔥
A critical vulnerability disclosed in a recent advisory allows attackers to perform RCE. Exploitation attempts have already been recorded!
Search at http://Netlas.io/:👉 Link: https://nt.ls/Edck5
👉 Dork: http://tag.name/:"magento" AND http.headers.server:"Apache"
Vendor's advisory: https://helpx.adobe.com/security/products/magento/apsb25-88.html
494
12
0
Netlas.io
2025年11月28日 12:46
CVE-2025-55752, -55754, -61795: Multiple vulnerabilites in Apache Tomcat, 5.3 - 9.6 rating 🔥
Three new vulnerabilities in Apache Tomcat allow attackers to perform DoS, RCE, and ANSI Injection.
Search at http://Netlas.io/:👉 Link: https://nt.ls/OLbr7
👉 Dork: http.favicon.hash_sha256:64a3170a912786e9eece7e347b58f36471cb9d0bc790697b216c61050e6b1f08 OR http.headers.server:"Apache-Coyote"
Vendor's advisory: https://lists.apache.org/thread/38vqp0v1fg4gr8c6lvm15wj6k67hxzxd
