๐ง Cryptopayments Temporarily Unavailable
Due to a system failure, weโre resynchronizing our nodes. Bitcoin payments are expected to restore in 12 hours, while Litecoin payments may take up to 48 hours.
Sorry for any inconvenience.
Due to a system failure, weโre resynchronizing our nodes. Bitcoin payments are expected to restore in 12 hours, while Litecoin payments may take up to 48 hours.
Sorry for any inconvenience.
๐5
CVE-2024-51479: Improper Authorization in Next.js, 7.5 ratingโ๏ธ
The vulnerability allows attackers to access files in the root directory of the application when Next.js is authorized in the middleware.
Search at Netlas.io:
๐ Link: https://nt.ls/1jTTw
๐ Dork: http.headers.x_powered_by:"Next.js"
Vendor's advisory: https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f
The vulnerability allows attackers to access files in the root directory of the application when Next.js is authorized in the middleware.
Search at Netlas.io:
๐ Link: https://nt.ls/1jTTw
๐ Dork: http.headers.x_powered_by:"Next.js"
Vendor's advisory: https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f
๐พ4๐ฅ3๐1
CVE-2024-12727, -28, -29: Multiple vulnerabilties in Sophos Firewall, 8.8 - 9.8 rating ๐ฅ
The disclosed vulnerabilities in Sophos Firewall include two SQL injections, as well as a weak SSH passphrase, which was not chosen at random.
Search at Netlas.io:
๐ Link: https://nt.ls/yyWUE
๐ Dork: http.favicon.hash_sha256:f1b3895ca4ba5ef27244a9a7cd45fad7d05afb261f08f375ee4d0bd7008f87d5
Vendor's advisory: https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce
The disclosed vulnerabilities in Sophos Firewall include two SQL injections, as well as a weak SSH passphrase, which was not chosen at random.
Search at Netlas.io:
๐ Link: https://nt.ls/yyWUE
๐ Dork: http.favicon.hash_sha256:f1b3895ca4ba5ef27244a9a7cd45fad7d05afb261f08f375ee4d0bd7008f87d5
Vendor's advisory: https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce
๐ฅ5๐พ4
Netlas Datastore from Command Line ๐
Netlas SDK and Netlas CLI have been updated today. Now users can download datasets directly from their scripts.
๐ Read more: https://docs.netlas.io/changelog/
Netlas SDK and Netlas CLI have been updated today. Now users can download datasets directly from their scripts.
๐ Read more: https://docs.netlas.io/changelog/
docs.netlas.io
Changelog - Netlas Docs
Explore the latest updates, enhancements, and fixes on the Netlas platform. Stay informed with our Changelog for all product and feature developments.
๐3๐ฅ3
Netlas vs Fofa: A Comprehensive Analysis ๐งฎ
Weโre continuing our series of articles comparing Netlas with its largest competitors.
This time, weโve taken a deep dive into Fofa โ a formidable rival often seen as an equal to Shodan. Using 10+ key indicators, weโve thoroughly analyzed both platforms to help you understand pros and cons of the two solutions.
๐ Read now: https://netlas.io/blog/netlas_vs_fofa/
Weโre continuing our series of articles comparing Netlas with its largest competitors.
This time, weโve taken a deep dive into Fofa โ a formidable rival often seen as an equal to Shodan. Using 10+ key indicators, weโve thoroughly analyzed both platforms to help you understand pros and cons of the two solutions.
๐ Read now: https://netlas.io/blog/netlas_vs_fofa/
netlas.io
Netlas vs Fofa: Platforms Comparison - Netlas Blog
Compare IoT search engines Netlas and Fofa, highlighting their features, strengths, and ideal use cases for security research.
๐พ6๐ฅ3
CVE-2024-56145: Code Injection in Craft CMS, 9.3 rating ๐ฅ
The vulnerability we almost missed allows an attacker to pass code in place of CLI arguments and gain RCE.
Search at Netlas.io:
๐ Link: https://nt.ls/HFQTJ
๐ Dork: http.headers.x_powered_by:"Craft CMS"
Vendor's advisory: https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9
The vulnerability we almost missed allows an attacker to pass code in place of CLI arguments and gain RCE.
Search at Netlas.io:
๐ Link: https://nt.ls/HFQTJ
๐ Dork: http.headers.x_powered_by:"Craft CMS"
Vendor's advisory: https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9
๐ฅ4๐พ2
Using TLDFinder with the Netlas Module ๐
Check out our latest article, where we walk you through setting up ProjectDiscovery TLDFinder and using it alongside Netlas data for top-level domains and subdomains searching.
๐ Read now: https://netlas.io/blog/tldfinder_and_netlas/
Check out our latest article, where we walk you through setting up ProjectDiscovery TLDFinder and using it alongside Netlas data for top-level domains and subdomains searching.
๐ Read now: https://netlas.io/blog/tldfinder_and_netlas/
netlas.io
Using TLDFinder with Netlas - Netlas Blog
This article will look at using the TLDFinder tool to find top level domains and subdomains using the Netlas integration.
๐2๐พ2
CVE-2024-53961: Path Traversal in Adobe ColdFusion, 7.4 ratingโ๏ธ
A fresh vulnerability allows attackers to traverse the path and read arbitrary files on the server, including confidential information.
Search at Netlas.io:
๐ Link: https://nt.ls/nV0Cl
๐ Dork: tag.name:"adobe_coldfusion"
Vendor's advisory: https://helpx.adobe.com/security/products/coldfusion/apsb24-107.html
A fresh vulnerability allows attackers to traverse the path and read arbitrary files on the server, including confidential information.
Search at Netlas.io:
๐ Link: https://nt.ls/nV0Cl
๐ Dork: tag.name:"adobe_coldfusion"
Vendor's advisory: https://helpx.adobe.com/security/products/coldfusion/apsb24-107.html
๐3๐พ3๐ฅ2
CVE-2024-54148, -39930, -39932 and other: Multiple vulnerabilities in Gogs, 7.7 - 10.0 rating ๐ฅ๐ฅ๐ฅ
In the recent release, Gogs fixed many vulnerabilities, both old and new. These include Path Traversal, Argument Injection, Code Injection and others.
Search at Netlas.io:
๐ Link: https://nt.ls/Vd4fF
๐ Dork: http.meta:"content=\"Gogs"
Vendor's advisories: https://github.com/gogs/gogs/releases/tag/v0.13.2
In the recent release, Gogs fixed many vulnerabilities, both old and new. These include Path Traversal, Argument Injection, Code Injection and others.
Search at Netlas.io:
๐ Link: https://nt.ls/Vd4fF
๐ Dork: http.meta:"content=\"Gogs"
Vendor's advisories: https://github.com/gogs/gogs/releases/tag/v0.13.2
๐ฅ5๐พ4
Craft CMS RCE PoC by Chirag Artani ๐ฅ
Our friendโs channel posted new video about one of the latest vulnerabilities. As usual he demonstrated Proof of Concept using Netlas ๐
We also recommend checking out his website and Twitter for more tips:
๐ Site: 3rag.com
๐ Twitter: x.com/Chirag99Artani
Our friendโs channel posted new video about one of the latest vulnerabilities. As usual he demonstrated Proof of Concept using Netlas ๐
We also recommend checking out his website and Twitter for more tips:
๐ Site: 3rag.com
๐ Twitter: x.com/Chirag99Artani
YouTube
Craft CMS RCE - 0day - Live POC | CVE-2024-56145 | Remote Code Execution Using Netlas & Nuclei
Here are tools :
working poc - https://github.com/Sachinart/CVE-2024-56145-craftcms-rce (main)
1. https://github.com/Chocapikk/CVE-2024-56145/ (exploit)
2. Analysis & blog - https://www.assetnote.io/resources/research/how-an-obscure-php-footgun-led-toโฆ
working poc - https://github.com/Sachinart/CVE-2024-56145-craftcms-rce (main)
1. https://github.com/Chocapikk/CVE-2024-56145/ (exploit)
2. Analysis & blog - https://www.assetnote.io/resources/research/how-an-obscure-php-footgun-led-toโฆ
1๐พ7๐ฅ3๐1
๐ Merry Christmas from the Netlas Team!
Wishing you and your loved ones a joyful holiday season filled with warmth, happiness, and success. Thank you for being a part of our journey this yearโwe're deeply grateful for your support and trust.
This year, we launched exciting features like the Netlas Private Scanner, Team Access, and celebrated the v.1.0 release! ๐
Hereโs to a secure and innovative new year together! ๐
Wishing you and your loved ones a joyful holiday season filled with warmth, happiness, and success. Thank you for being a part of our journey this yearโwe're deeply grateful for your support and trust.
This year, we launched exciting features like the Netlas Private Scanner, Team Access, and celebrated the v.1.0 release! ๐
Hereโs to a secure and innovative new year together! ๐
2๐8๐5๐2
๐จ Major API Outage Caused by PostgreSQL Cluster Synchronization Issues
Yesterday at 19:40 UTC, a significant outage affected the availability of our API, causing service disruptions for a majority of our users. Despite extensive efforts over the past night, the issue remains unresolved. The root cause has been identified as an unstable connection between our backend and database, which is continuing to impact overall application performance.
While the API is currently accessible, the application remains unstable. Our team is actively investigating and working diligently toward a resolution. Further updates will be shared as progress is made.
Yesterday at 19:40 UTC, a significant outage affected the availability of our API, causing service disruptions for a majority of our users. Despite extensive efforts over the past night, the issue remains unresolved. The root cause has been identified as an unstable connection between our backend and database, which is continuing to impact overall application performance.
While the API is currently accessible, the application remains unstable. Our team is actively investigating and working diligently toward a resolution. Further updates will be shared as progress is made.
๐8
โ
Major API Outage Resolved
Our team has successfully restored full functionality, and both the API and application are now operational. We have definitively identified the causes of the issue and will work on improving synchronization configurations in the near future to prevent similar incidents.
We sincerely apologize for the inconvenience caused and thank you for your patience and understanding during this time. If you experience any further issues, please contact our support team.
For real-time updates on Netlas Services' health status, please refer to https://status.netlas.io.
Our team has successfully restored full functionality, and both the API and application are now operational. We have definitively identified the causes of the issue and will work on improving synchronization configurations in the near future to prevent similar incidents.
We sincerely apologize for the inconvenience caused and thank you for your patience and understanding during this time. If you experience any further issues, please contact our support team.
For real-time updates on Netlas Services' health status, please refer to https://status.netlas.io.
โค5
CVE-2024-3393: DoS in Palo Alto PAN OS, 8.7 ratingโ๏ธ
The vulnerability allows an unauthenticated user to send a malicious packet that can cause Denial of Service.
Search at Netlas.io:
๐ Link: https://nt.ls/UwnvG
๐ Dork: http.body_sha256:"7bc15a9ba71464596444ad648fa144937b848b302459c4103deae105cf42ce42" OR http.favicon.hash_sha256:a03ff6778b0535b9c4388e88c674eeeac91c0cc4b25bd23bf30f8d0bd98ac854
Vendor's advisory: https://security.paloaltonetworks.com/CVE-2024-3393
The vulnerability allows an unauthenticated user to send a malicious packet that can cause Denial of Service.
Search at Netlas.io:
๐ Link: https://nt.ls/UwnvG
๐ Dork: http.body_sha256:"7bc15a9ba71464596444ad648fa144937b848b302459c4103deae105cf42ce42" OR http.favicon.hash_sha256:a03ff6778b0535b9c4388e88c674eeeac91c0cc4b25bd23bf30f8d0bd98ac854
Vendor's advisory: https://security.paloaltonetworks.com/CVE-2024-3393
๐ฅ3๐พ2๐1
Using theHarvester with the Netlas Module ๐
In our latest article, we demonstrate how to leverage the theHarvester framework integrated with Netlas to efficiently discover subdomains.
๐ Read now: https://netlas.io/blog/theharvester_and_netlas/
In our latest article, we demonstrate how to leverage the theHarvester framework integrated with Netlas to efficiently discover subdomains.
๐ Read now: https://netlas.io/blog/theharvester_and_netlas/
netlas.io
Using theHarvester with Netlas - Netlas Blog
In this article we will look at using theHarvester tool to find subdomains with the Netlas integration.
๐พ3๐ฅ2๐2
Minor App Improvements ๐ฅ
In the 1.0.9 update, we made some fixes aimed at increasing the stability of the application and improving the user experience.
Hereโs whatโs new:
๐ Optimized the autocomplete feature.
๐ Added status page and link on it in the footer.
๐ Fixed some bugs and issues.
๐ฅ A few other minor improvements.
๐ Read more: https://docs.netlas.io/changelog/
In the 1.0.9 update, we made some fixes aimed at increasing the stability of the application and improving the user experience.
Hereโs whatโs new:
๐ Optimized the autocomplete feature.
๐ Added status page and link on it in the footer.
๐ Fixed some bugs and issues.
๐ฅ A few other minor improvements.
๐ Read more: https://docs.netlas.io/changelog/
docs.netlas.io
Changelog - Netlas Docs
Explore the latest updates, enhancements, and fixes on the Netlas platform. Stay informed with our Changelog for all product and feature developments.
๐พ3๐2
Tomorrow the new year will begin, and Netlas wants to share with you some statistics of the outgoing year! ๐
This year we achieved the following:
๐ Total requests: 15,552,390
๐ New users: 16,633
๐ Total coins spent: 474,734,108
๐ Total graphs stored: 1,165
๐ Total private scans was started: 789
๐ Most popular article: https://netlas.io/blog/attack_surface_discovery_guide/
โ Most popular CVE post: CVE-2024-6387 (https://x.com/Netlas_io/status/1807760965967937826)
Thank you for being with us. The Netlas team wishes you success in your projects, safe surfaces, fast pentests and all the best. See you next year!
This year we achieved the following:
๐ Total requests: 15,552,390
๐ New users: 16,633
๐ Total coins spent: 474,734,108
๐ Total graphs stored: 1,165
๐ Total private scans was started: 789
๐ Most popular article: https://netlas.io/blog/attack_surface_discovery_guide/
โ Most popular CVE post: CVE-2024-6387 (https://x.com/Netlas_io/status/1807760965967937826)
Thank you for being with us. The Netlas team wishes you success in your projects, safe surfaces, fast pentests and all the best. See you next year!
1๐4๐พ2โ1
CVE-2025-0282, -0283: Two vulnerabilities in Ivanti Connect Secure, 7.0 - 9.0 rating ๐ฅ
Stack-based buffer overflow caused potential RCE and privilege escalation.
Search at Netlas.io:
๐ Link: https://nt.ls/WMQwN
๐ Dork: http.body:"welcome.cgi?p=logo"
Vendor's advisory: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US
Stack-based buffer overflow caused potential RCE and privilege escalation.
Search at Netlas.io:
๐ Link: https://nt.ls/WMQwN
๐ Dork: http.body:"welcome.cgi?p=logo"
Vendor's advisory: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US
๐พ4๐2๐ฅ1
CVE-2025-22777: Privilege Escalation in GiveWP WordPress Plugin, 9.8 rating ๐ฅ
Unauthenticated PHP Object Injection allows attackers to take control of websites.
Search at Netlas.io:
๐ Link: https://nt.ls/amyWM
๐ Dork: http.body:"plugins/give/assets/dist"
Read more: https://patchstack.com/articles/critical-vulnerability-patched-in-givewp-plugin/
Unauthenticated PHP Object Injection allows attackers to take control of websites.
Search at Netlas.io:
๐ Link: https://nt.ls/amyWM
๐ Dork: http.body:"plugins/give/assets/dist"
Read more: https://patchstack.com/articles/critical-vulnerability-patched-in-givewp-plugin/
๐ฅ3๐พ2
CVE-2025-21598: Out-of-bounds Read in Juniper Junos OS, 8.2 ratingโ๏ธ
An out-of-bouds read vulnerability in the RDP daemon, fixed last week, could potentially lead to DoS.
Search at Netlas.io:
๐ Link: https://nt.ls/HqWq2
๐ Dork: http.title:"Juniper"
Vendor's advisory: https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-traceoptions-are-configured-receipt-of-malformed-BGP-packets-causes-RPD-to-crash-CVE-2025-21598
An out-of-bouds read vulnerability in the RDP daemon, fixed last week, could potentially lead to DoS.
Search at Netlas.io:
๐ Link: https://nt.ls/HqWq2
๐ Dork: http.title:"Juniper"
Vendor's advisory: https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-traceoptions-are-configured-receipt-of-malformed-BGP-packets-causes-RPD-to-crash-CVE-2025-21598
๐2๐ฅ2๐พ1