CVE-2025-26465, -26466: Two vulnerabilities in OpenSSH, 6.8 ratingβοΈ
MitM and DoS in OpenSSH. The severity level is medium, but the vulnerabilities cover many versions: from 2013 for -26465 and from 2023 for -26466.
Search at Netlas.io:
π Link: https://nt.ls/1TTrj
π Dork: ssh.server_key_exchange.client_to_server_compression:"[email protected]"
Read more: https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466
MitM and DoS in OpenSSH. The severity level is medium, but the vulnerabilities cover many versions: from 2013 for -26465 and from 2023 for -26466.
Search at Netlas.io:
π Link: https://nt.ls/1TTrj
π Dork: ssh.server_key_exchange.client_to_server_compression:"[email protected]"
Read more: https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466
π10π₯5β€2π±1π€£1
Please open Telegram to view this post
VIEW IN TELEGRAM
10π±12π7π₯7
CVE-2025-23209: Code Injection in CraftCMS, 8.1 ratingβοΈ
Craft CMS contains a code injection vulnerability that allows for remote code execution as vulnerable versions have compromised user security keys.
Search at Netlas.io:
π Link: https://nt.ls/brxoj
π Dork: http.headers.x_powered_by:"Craft CMS"
Vendor's advisory: https://github.com/craftcms/cms/security/advisories/GHSA-x684-96hh-833x
Craft CMS contains a code injection vulnerability that allows for remote code execution as vulnerable versions have compromised user security keys.
Search at Netlas.io:
π Link: https://nt.ls/brxoj
π Dork: http.headers.x_powered_by:"Craft CMS"
Vendor's advisory: https://github.com/craftcms/cms/security/advisories/GHSA-x684-96hh-833x
π₯4π2π±1
javascript:(function(){var scripts=document.getElementsByTagName("script"),regex=/(?<=(\"|\'|\`))\/[a-zA-Z0β9_?&=\/\-\#\.]*(?=(\"|\'|\`))/g;const results=new Set;for(var i=0;i<scripts.length;i++){var t=scripts[i].src;""!=t&&fetch(t).then(function(t){return t.text()}).then(function(t){var e=t.matchAll(regex);for(let r of e)results.add(r[0])}).catch(function(t){console.log("An error occurred: ",t)})}var pageContent=document.documentElement.outerHTML,matches=pageContent.matchAll(regex);for(const match of matches)results.add(match[0]);function writeResults(){results.forEach(function(t){document.write(t+"<br>")})}setTimeout(writeResults,3e3);})();Please open Telegram to view this post
VIEW IN TELEGRAM
10π7β€6π₯5π€2
Please open Telegram to view this post
VIEW IN TELEGRAM
πΏ19π₯5π³4
grep-backURLs - Automated way to extract juicy info with subfinder and waybackurls
https://github.com/gigachad80/grep-backURLs
https://github.com/gigachad80/grep-backURLs
1π₯12π4
templates/processed/syslog-tcp-forward.conf
templates/processed/config.ini
Credit- Suyash Sharma
Please open Telegram to view this post
VIEW IN TELEGRAM
π18π₯9β€2
https://github.com/iamunixtz/Lazy-Hunter
Please open Telegram to view this post
VIEW IN TELEGRAM
π17π₯8β€3πΏ1
Need an extensive SQL injection cheat sheet for bug bounty hunting and pentesting in general? π§
Check out @0xTib3rius' SQL Injection cheat sheet, it provides payloads for the 5 most popular databases such as MySQL, PostgreSQL, Oracle, etc.! π
π buff.ly/3WeSO5X
Check out @0xTib3rius' SQL Injection cheat sheet, it provides payloads for the 5 most popular databases such as MySQL, PostgreSQL, Oracle, etc.! π
π buff.ly/3WeSO5X
π13π6
π€6
This media is not supported in your browser
VIEW IN TELEGRAM
urlhunter: A recon tool that allows searching on URLs that are exposed via shortener services
Link: https://github.com/utkusen/urlhunter
Link: https://github.com/utkusen/urlhunter
π₯18π3β€2π€2
Brut Security
From The Author https://www.youtube.com/watch?v=qY6Zl43hMko
YouTube
EpicGames - Live Bug Bounty Hunting on Hackerone (hunting cves)
EpicGames - Live Bug Bounty Hunting on HackerOne (Hunting CVEs) | Using Lazy-Hunter
Tool: https://github.com/iamunixtz/Lazy-Hunter
Join us as we dive into live bug bounty hunting on HackerOne, specifically targeting EpicGames vulnerabilities! In this sessionβ¦
Tool: https://github.com/iamunixtz/Lazy-Hunter
Join us as we dive into live bug bounty hunting on HackerOne, specifically targeting EpicGames vulnerabilities! In this sessionβ¦
π₯23π7
CVE-2025-26794: SQL Injection in Exim 4.98, 7.5 ratingβοΈ
A vulnerability in the Exim mail transfer agent could allow a remote attacker to perform SQL injection.
Search at Netlas.io:
π Link: https://nt.ls/ge4Iy
π Dork: smtp.banner:"Exim 4.98"
Vendor's advisory: https://www.exim.org/static/doc/security/CVE-2025-26794.txt
A vulnerability in the Exim mail transfer agent could allow a remote attacker to perform SQL injection.
Search at Netlas.io:
π Link: https://nt.ls/ge4Iy
π Dork: smtp.banner:"Exim 4.98"
Vendor's advisory: https://www.exim.org/static/doc/security/CVE-2025-26794.txt
π₯35π10π³1
Please open Telegram to view this post
VIEW IN TELEGRAM
π14π₯3π³1πΏ1
CVE-2025-1128: RCE in Everest Forms WordPress Plugin, 9.8 rating π₯
The vulnerability allows an unauthenticated attacker to perform a wide range of actions with the site: upload arbitrary files, RCE, delete config files.
Search at Netlas.io:
π Link: https://nt.ls/q6pgJ
π Dork: http.body:"plugins/everest-forms"
Read more: https://www.wordfence.com/blog/2025/02/100000-wordpress-sites-affected-by-arbitrary-file-upload-read-and-deletion-vulnerability-in-everest-forms-wordpress-plugin/
The vulnerability allows an unauthenticated attacker to perform a wide range of actions with the site: upload arbitrary files, RCE, delete config files.
Search at Netlas.io:
π Link: https://nt.ls/q6pgJ
π Dork: http.body:"plugins/everest-forms"
Read more: https://www.wordfence.com/blog/2025/02/100000-wordpress-sites-affected-by-arbitrary-file-upload-read-and-deletion-vulnerability-in-everest-forms-wordpress-plugin/
π₯11π1