CVE-2025-26794: SQL Injection in Exim 4.98, 7.5 ratingโ๏ธ
A vulnerability in the Exim mail transfer agent could allow a remote attacker to perform SQL injection.
Search at Netlas.io:
๐ Link: https://nt.ls/ge4Iy
๐ Dork: smtp.banner:"Exim 4.98"
Vendor's advisory: https://www.exim.org/static/doc/security/CVE-2025-26794.txt
A vulnerability in the Exim mail transfer agent could allow a remote attacker to perform SQL injection.
Search at Netlas.io:
๐ Link: https://nt.ls/ge4Iy
๐ Dork: smtp.banner:"Exim 4.98"
Vendor's advisory: https://www.exim.org/static/doc/security/CVE-2025-26794.txt
๐พ3๐ฅ2๐1
CVE-2025-1128: RCE in Everest Forms WordPress Plugin, 9.8 rating ๐ฅ
The vulnerability allows an unauthenticated attacker to perform a wide range of actions with the site: upload arbitrary files, RCE, delete config files.
Search at Netlas.io:
๐ Link: https://nt.ls/q6pgJ
๐ Dork: http.body:"plugins/everest-forms"
Read more: https://www.wordfence.com/blog/2025/02/100000-wordpress-sites-affected-by-arbitrary-file-upload-read-and-deletion-vulnerability-in-everest-forms-wordpress-plugin/
The vulnerability allows an unauthenticated attacker to perform a wide range of actions with the site: upload arbitrary files, RCE, delete config files.
Search at Netlas.io:
๐ Link: https://nt.ls/q6pgJ
๐ Dork: http.body:"plugins/everest-forms"
Read more: https://www.wordfence.com/blog/2025/02/100000-wordpress-sites-affected-by-arbitrary-file-upload-read-and-deletion-vulnerability-in-everest-forms-wordpress-plugin/
๐ฅ3๐พ2๐1
CVE-2025-24752: XSS in Elementor Page Builder, 7.1 ratingโ๏ธ
Reflected XSS in a large number of sites. Thanks to our friend Chirag Artani for suggesting the query!
Search at Netlas.io:
๐ Link: https://nt.ls/8wpei
๐ Dork: http.body:"plugins/elementor" AND host_type:domain
Read more: https://patchstack.com/articles/reflected-xss-patched-in-essential-addons-for-elementor-affecting-2-million-sites/
Reflected XSS in a large number of sites. Thanks to our friend Chirag Artani for suggesting the query!
Search at Netlas.io:
๐ Link: https://nt.ls/8wpei
๐ Dork: http.body:"plugins/elementor" AND host_type:domain
Read more: https://patchstack.com/articles/reflected-xss-patched-in-essential-addons-for-elementor-affecting-2-million-sites/
๐พ4โค2
CVE-2025-20029: Command Injection in F5 BIG-IP, 8.8 ratingโ๏ธ
The vulnerability allows an attacker to escalate privileges, execute arbitrary commands, and manipulate system files. Not the latest vulnerability, but the PoC was published just recently!
Search at Netlas.io:
๐ Link: https://nt.ls/e17gN
๐ Dork: http.headers.server:"BigIP"
Vendor's advisory: https://my.f5.com/manage/s/article/K000148587
The vulnerability allows an attacker to escalate privileges, execute arbitrary commands, and manipulate system files. Not the latest vulnerability, but the PoC was published just recently!
Search at Netlas.io:
๐ Link: https://nt.ls/e17gN
๐ Dork: http.headers.server:"BigIP"
Vendor's advisory: https://my.f5.com/manage/s/article/K000148587
โค3๐ฅ2๐พ1
CVE-2024-47051: RCE in Mautic, 9.1 rating ๐ฅ
The vulnerability allows an attacker to conduct RCE through asset loading, as well as manipulate the file deletion process to delete arbitrary files.
Search at Netlas.io:
๐ Link: https://nt.ls/odIOX
๐ Dork: http.favicon.hash_sha256:67a5904d731636c114513a7df90d4d6bff7a3f690f305ef3487ac84844a5874e
Vendor's advisory: https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2
The vulnerability allows an attacker to conduct RCE through asset loading, as well as manipulate the file deletion process to delete arbitrary files.
Search at Netlas.io:
๐ Link: https://nt.ls/odIOX
๐ Dork: http.favicon.hash_sha256:67a5904d731636c114513a7df90d4d6bff7a3f690f305ef3487ac84844a5874e
Vendor's advisory: https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2
๐พ3โค2๐ฅ2
CVE-2025-23388, -23389: DoS and Unauthorized Access in Rancher, 8.2 - 8.4 ratingโ๏ธ
Two vulnerabilities, one of which allows an attacker to crash the Rancher server, and the second - to impersonate any other user by manipulating cookies.
Search at Netlas.io:
๐ Link: https://nt.ls/fCvlC
๐ Dork: http.favicon.hash_sha256:2d7adbc74e7c8941927d04e702acbff577d219fef8617c8c3014d34ae395525b
Vendor's advisory: https://github.com/rancher/rancher/security/advisories/GHSA-mq23-vvg7-xfm4
Two vulnerabilities, one of which allows an attacker to crash the Rancher server, and the second - to impersonate any other user by manipulating cookies.
Search at Netlas.io:
๐ Link: https://nt.ls/fCvlC
๐ Dork: http.favicon.hash_sha256:2d7adbc74e7c8941927d04e702acbff577d219fef8617c8c3014d34ae395525b
Vendor's advisory: https://github.com/rancher/rancher/security/advisories/GHSA-mq23-vvg7-xfm4
๐พ3๐ฅ2
CVE-2025-22224, -22225, -22226: Multiple vulnerabilities in VMware ESXi, 7.1 - 9.3 rating ๐ฅ
Three vulnerabilities affecting several VMware products, including ESXi. Includes Code Exection, Sandbox Escape and Memory Leak.
Search at Netlas.io:
๐ Link: https://nt.ls/9Iw92
๐ Dork: http.title:"+ ID_EESX_Welcome +"
Vendor's advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390
Three vulnerabilities affecting several VMware products, including ESXi. Includes Code Exection, Sandbox Escape and Memory Leak.
Search at Netlas.io:
๐ Link: https://nt.ls/9Iw92
๐ Dork: http.title:"+ ID_EESX_Welcome +"
Vendor's advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390
๐พ4๐ฅ3๐1
CVE-2025-26776: Unrestricted Upload of File with Dangerous Type in Chaty Pro WordPress Plugin, 10.0 rating ๐ฅ๐ฅ๐ฅ
The vulnerability allows an attacker to upload malicious files that can be used to take control of a website.
Search at Netlas.io:
๐ Link: https://nt.ls/DCwYC
๐ Dork: http.body:"plugins/chaty-pro"
Read more: https://patchstack.com/database/wordpress/plugin/chaty-pro/vulnerability/wordpress-chaty-pro-plugin-3-3-3-arbitrary-file-upload-vulnerability?_s_id=cve
The vulnerability allows an attacker to upload malicious files that can be used to take control of a website.
Search at Netlas.io:
๐ Link: https://nt.ls/DCwYC
๐ Dork: http.body:"plugins/chaty-pro"
Read more: https://patchstack.com/database/wordpress/plugin/chaty-pro/vulnerability/wordpress-chaty-pro-plugin-3-3-3-arbitrary-file-upload-vulnerability?_s_id=cve
๐ฅ4๐พ2
๐ง Planned Maintenance ๐ง
Short-term interruptions in service provision are possibleโ๏ธ
On the weekend of March 8-9, 2025, we will carry out work aimed at improving server stability and quality of service. All this time, the replicas will be disabled, which is why interruptions are possible in case of problems with the main server. We will do our best to complete it as quickly as possible.
Please remember to save your work before this time.
Short-term interruptions in service provision are possibleโ๏ธ
On the weekend of March 8-9, 2025, we will carry out work aimed at improving server stability and quality of service. All this time, the replicas will be disabled, which is why interruptions are possible in case of problems with the main server. We will do our best to complete it as quickly as possible.
Please remember to save your work before this time.
๐จโ๐ป3
CVE-2025-27622, -27623, -27624, -27625: Multiple vulnerabilitites in Jenkins, medium ratingโ๏ธ
The vulnerabilities allow attackers to view encrypted secret values โโand potentially store attacker-controlled content in other users' profiles.
Search at Netlas.io:
๐ Link: https://nt.ls/SyXh2
๐ Dork: http.headers.x_jenkins:*
Vendor's advisory: https://www.jenkins.io/security/advisory/2025-03-05/
The vulnerabilities allow attackers to view encrypted secret values โโand potentially store attacker-controlled content in other users' profiles.
Search at Netlas.io:
๐ Link: https://nt.ls/SyXh2
๐ Dork: http.headers.x_jenkins:*
Vendor's advisory: https://www.jenkins.io/security/advisory/2025-03-05/
๐ฅ3๐พ3๐1
โ๏ธTemporary Issues with Private Scanner โ๏ธ
While expanding disk space, we encountered unexpected issues that temporarily affected one of our servers. As a result, Private Scanner is currently unavailable. All other functions work properly.
Our team is actively working on a fix, and the service will be restored by the end of the week โ possibly sooner.
We appreciate your patience and apologize for the inconvenience!
While expanding disk space, we encountered unexpected issues that temporarily affected one of our servers. As a result, Private Scanner is currently unavailable. All other functions work properly.
Our team is actively working on a fix, and the service will be restored by the end of the week โ possibly sooner.
We appreciate your patience and apologize for the inconvenience!
๐4๐2
CVE-2025-24813: Potential RCE in Apache Tomcatโ๏ธ
Deserialization of Untrusted Data and Path Equivalence vulnerabilities potentially allow an attacker to perform RCE or information disclosure.
Search at Netlas.io:
๐ Link: https://nt.ls/bzlj4
๐ Dork: http.favicon.hash_sha256:64a3170a912786e9eece7e347b58f36471cb9d0bc790697b216c61050e6b1f08 OR http.headers.server:"Apache-Coyote"
Vendor's advisory: https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq
Deserialization of Untrusted Data and Path Equivalence vulnerabilities potentially allow an attacker to perform RCE or information disclosure.
Search at Netlas.io:
๐ Link: https://nt.ls/bzlj4
๐ Dork: http.favicon.hash_sha256:64a3170a912786e9eece7e347b58f36471cb9d0bc790697b216c61050e6b1f08 OR http.headers.server:"Apache-Coyote"
Vendor's advisory: https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq
๐ฅ4๐พ2๐1
CVE-2025-1661: Path Traversal in The HUSKY WordPress Plugin, 9.8 rating ๐ฅ
The vulnerability allows an attacker to execute arbitrary files on the server, including PHP code.
Search at Netlas.io:
๐ Link: https://nt.ls/OEg7k
๐ Dork: http.body:"plugins/woocommerce-products-filter"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-products-filter/husky-products-filter-professional-for-woocommerce-1365-unauthenticated-local-file-inclusion
The vulnerability allows an attacker to execute arbitrary files on the server, including PHP code.
Search at Netlas.io:
๐ Link: https://nt.ls/OEg7k
๐ Dork: http.body:"plugins/woocommerce-products-filter"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-products-filter/husky-products-filter-professional-for-woocommerce-1365-unauthenticated-local-file-inclusion
๐ฅ3๐พ3๐1
Netlas 1.1.0 is Here! ๐
We've just rolled out a fresh update, fine-tuning Netlas for a smoother, more reliable experience.
๐ฑ Mobile-Friendly: The Netlas app now plays nice with mobile devices
โก๏ธ Better Loading Experience: The IP/Domain Info Tool now shows a sleek skeleton page while loading
๐ Bug Squash & Polish: We've tackled various issues under the hood.
Check out the full details here ๐ https://docs.netlas.io/changelog/
We've just rolled out a fresh update, fine-tuning Netlas for a smoother, more reliable experience.
๐ฑ Mobile-Friendly: The Netlas app now plays nice with mobile devices
โก๏ธ Better Loading Experience: The IP/Domain Info Tool now shows a sleek skeleton page while loading
๐ Bug Squash & Polish: We've tackled various issues under the hood.
Check out the full details here ๐ https://docs.netlas.io/changelog/
docs.netlas.io
Changelog - Netlas Docs
Explore the latest updates, enhancements, and fixes on the Netlas platform. Stay informed with our Changelog for all product and feature developments.
โค2๐ฅ2๐พ2
CVE-2025-25291, -25292 and other: Multiple vulnerabilitites in GitLab, 8.8 ratingโ๏ธ
Traditionally, GitLab publishes information about several vulnerabilities at once. These include Interpretation Conflict, DoS, Credentials Disclose, etc.
Search at Netlas.io:
๐ Link: https://nt.ls/PDxYA
๐ Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/
Traditionally, GitLab publishes information about several vulnerabilities at once. These include Interpretation Conflict, DoS, Credentials Disclose, etc.
Search at Netlas.io:
๐ Link: https://nt.ls/PDxYA
๐ Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/
๐ฅ3๐พ3
Netlas Plugins Update โก๏ธ
We've updated our Google Chrome and Mozilla Firefox plugins, fixing some bugs and improving stability. If you use them, we recommend updating to the latest version!
๐ Netlas for Chrome: https://chromewebstore.google.com/detail/netlasio/pncoieihjcmpooceknjajojehmhdedii
๐ Netlas for Firefox: https://addons.mozilla.org/en-US/firefox/addon/netlas-io/
We've updated our Google Chrome and Mozilla Firefox plugins, fixing some bugs and improving stability. If you use them, we recommend updating to the latest version!
๐ Netlas for Chrome: https://chromewebstore.google.com/detail/netlasio/pncoieihjcmpooceknjajojehmhdedii
๐ Netlas for Firefox: https://addons.mozilla.org/en-US/firefox/addon/netlas-io/
Google
Netlas.io - Chrome Web Store
The Netlas plugin gives information about where the website is hosted, who owns the IP and what other services and ports are open.
๐ฅ2๐พ2
CVE-2024-13918, -13919: XSS in Laravel Framework, 8.0 ratingโ๏ธ
The vulnerabilities allow an attacker to execute code in the victim's browser via Reflected XSS if the victim clicks on a decoy link.
More then 770k instances at Netlas.io:
๐ Link: https://nt.ls/95OAY
๐ Dork: http.headers.set_cookie:"laravel_session="
Read more: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page
The vulnerabilities allow an attacker to execute code in the victim's browser via Reflected XSS if the victim clicks on a decoy link.
More then 770k instances at Netlas.io:
๐ Link: https://nt.ls/95OAY
๐ Dork: http.headers.set_cookie:"laravel_session="
Read more: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page
โค5๐ฅ3๐พ3
๐ง Planned Maintenance ๐ง
The application will be unavailable for a period of timeโ๏ธ
The maintenance is scheduled to start on March 23, 2025, at 08:00 UTC โฐ. It is expected to take a couple of hours, and we will do our best to complete it as quickly as possible.
Please remember to save your work before this time.
The application will be unavailable for a period of timeโ๏ธ
The maintenance is scheduled to start on March 23, 2025, at 08:00 UTC โฐ. It is expected to take a couple of hours, and we will do our best to complete it as quickly as possible.
Please remember to save your work before this time.
๐3๐จโ๐ป1
CVE-2024-10441: RCE in Synology products, 9.8 rating ๐ฅ
Synology DSM and BSM are vulnerable to Improper Encoding or Escaping of Output, which could potentially lead to remote execution of arbitrary code.
Search at Netlas.io:
๐ Link: https://nt.ls/KOa1N
๐ Dork: http.favicon.hash_sha256:b8f4bb2e2ba81cb86875fb89db4571278d6e23fd888313d0f4152b1adbc8bd08
Vendor's advisory: https://www.synology.com/en-global/security/advisory/Synology_SA_24_20
Synology DSM and BSM are vulnerable to Improper Encoding or Escaping of Output, which could potentially lead to remote execution of arbitrary code.
Search at Netlas.io:
๐ Link: https://nt.ls/KOa1N
๐ Dork: http.favicon.hash_sha256:b8f4bb2e2ba81cb86875fb89db4571278d6e23fd888313d0f4152b1adbc8bd08
Vendor's advisory: https://www.synology.com/en-global/security/advisory/Synology_SA_24_20
๐ฅ4๐พ3
CVE-2025-2505: Path Traversal in Age Gate WordPress plugin, 9.8 rating ๐ฅ
A vulnerability in a popular plugin allows attackers to include and execute arbitrary PHP files, potentially executing the code contained within.
Search at Netlas.io:
๐ Link: https://nt.ls/3gfAq
๐ Dork: http.body:"plugins/age-gate"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/age-gate/age-gate-353-unauthenticated-local-php-file-inclusion-via-lang
A vulnerability in a popular plugin allows attackers to include and execute arbitrary PHP files, potentially executing the code contained within.
Search at Netlas.io:
๐ Link: https://nt.ls/3gfAq
๐ Dork: http.body:"plugins/age-gate"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/age-gate/age-gate-353-unauthenticated-local-php-file-inclusion-via-lang
๐ฅ5๐พ2๐1
Netlas vs ZoomEye: A Comprehensive Analysis ๐งฎ
The final article in our series of comparisons with competitors.
This time we looked at ZoomEye, honestly comparing it with Netlas on more than 10 key metrics.
๐ Read now: https://netlas.io/blog/netlas_vs_zoomeye/
The final article in our series of comparisons with competitors.
This time we looked at ZoomEye, honestly comparing it with Netlas on more than 10 key metrics.
๐ Read now: https://netlas.io/blog/netlas_vs_zoomeye/
netlas.io
Netlas vs ZoomEye - Netlas Blog
Compare IoT search engines Netlas and Zoomeye, highlighting their features, strengths, and ideal use cases for security research.
๐พ6๐5