CVE-2025-31324: Unrestricted Upload of File in SAP NetWeaver, 10.0 rating ๐ฅ๐ฅ๐ฅ
A vulnerability in SAP NetWeaver Visual Composer Metadata Uploader allows an attacker to perform unauthenticated file uploads, including malicious ones.
Search at Netlas.io:
๐ Link: https://nt.ls/nCgfN
๐ Dork: http.body:"This error page was generated by SAP Web Dispatcher!"
Read more: https://www.bleepingcomputer.com/news/security/sap-fixes-suspected-netweaver-zero-day-exploited-in-attacks/
A vulnerability in SAP NetWeaver Visual Composer Metadata Uploader allows an attacker to perform unauthenticated file uploads, including malicious ones.
Search at Netlas.io:
๐ Link: https://nt.ls/nCgfN
๐ Dork: http.body:"This error page was generated by SAP Web Dispatcher!"
Read more: https://www.bleepingcomputer.com/news/security/sap-fixes-suspected-netweaver-zero-day-exploited-in-attacks/
๐ฅ5๐พ2
CVE-2023-44221 and CVE-2024-38475: Admin Hijack Exploit in SonicWall ๐ฅ
In a recent research, watchTowr Labs demonstrated a working exploit chain that leverages two old vulnerabilities and allows a remote attacker to take control of a SonicWall instance.
Search at Netlas.io:
๐ Link: https://nt.ls/5973o
๐ Dork: http.favicon.hash_sha256:6bb6f64adaa6a7ed4da10a2fe4edf4cb4d9914aa742c7ad607ca4ca678dcd3f1
Read more: https://labs.watchtowr.com/sonicboom-from-stolen-tokens-to-remote-shells-sonicwall-sma100-cve-2023-44221-cve-2024-38475/
In a recent research, watchTowr Labs demonstrated a working exploit chain that leverages two old vulnerabilities and allows a remote attacker to take control of a SonicWall instance.
Search at Netlas.io:
๐ Link: https://nt.ls/5973o
๐ Dork: http.favicon.hash_sha256:6bb6f64adaa6a7ed4da10a2fe4edf4cb4d9914aa742c7ad607ca4ca678dcd3f1
Read more: https://labs.watchtowr.com/sonicboom-from-stolen-tokens-to-remote-shells-sonicwall-sma100-cve-2023-44221-cve-2024-38475/
๐ฅ4๐พ2
CVE-2025-27007: Privilege Escalation in OttoKit WordPress Plugin, 9.8 rating ๐ฅ
Errors in the logic of the plugin's API could potentially lead to an attacker gaining access to the administrator account. According to Patchstack, exploitation of the vulnerability began just an hour after public disclosure!
Search at Netlas.io:
๐ Link: https://nt.ls/y4FXX
๐ Dork: http.body:"plugins/suretriggers"
Read more: https://patchstack.com/database/wordpress/plugin/suretriggers/vulnerability/wordpress-suretriggers-1-0-82-privilege-escalation-vulnerability?_s_id=cve
Errors in the logic of the plugin's API could potentially lead to an attacker gaining access to the administrator account. According to Patchstack, exploitation of the vulnerability began just an hour after public disclosure!
Search at Netlas.io:
๐ Link: https://nt.ls/y4FXX
๐ Dork: http.body:"plugins/suretriggers"
Read more: https://patchstack.com/database/wordpress/plugin/suretriggers/vulnerability/wordpress-suretriggers-1-0-82-privilege-escalation-vulnerability?_s_id=cve
๐ฅ3๐พ2
CVE-2025-20188: Use of Hard-coded Credentials in Cisco IOS XE, 10.0 rating ๐ฅ๐ฅ๐ฅ
Due to hard-coded JWT, Cisco IOS XE instances may be vulnerable to arbitrary file uploads, path traversal, and arbitrary command execution. Catalyst controllers are primarily affected.
Search at Netlas.io:
๐ Link: https://nt.ls/BKkJI
๐ Dork: certificate.issuer_dn:"IOS-Self-Signed-Certificate"
Vendor's advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC
Due to hard-coded JWT, Cisco IOS XE instances may be vulnerable to arbitrary file uploads, path traversal, and arbitrary command execution. Catalyst controllers are primarily affected.
Search at Netlas.io:
๐ Link: https://nt.ls/BKkJI
๐ Dork: certificate.issuer_dn:"IOS-Self-Signed-Certificate"
Vendor's advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC
1๐ฅ3๐2๐พ2
CVE-2025-31644: Command Injection' in F5 BIG-IP, 8.7 ratingโ๏ธ
A vulnerability in the "file" parameter of the "save" command allows authenticated attackers to execute arbitrary commands as root.
Search at Netlas.io:
๐ Link: https://nt.ls/5WHZt
๐ Dork: http.headers.server:"BigIP"
Vendor's advisory: https://my.f5.com/manage/s/article/K000148591
A vulnerability in the "file" parameter of the "save" command allows authenticated attackers to execute arbitrary commands as root.
Search at Netlas.io:
๐ Link: https://nt.ls/5WHZt
๐ Dork: http.headers.server:"BigIP"
Vendor's advisory: https://my.f5.com/manage/s/article/K000148591
๐พ4๐ฅ3
CVE-2025-42999: Deserialization of Untrusted Data in SAP NetWeaver, 9.1 rating ๐ฅ
A vulnerability in SAP NetWeaver Visual Composer Metadata Uploader allows a privileged attacker to upload arbitrary content that could compromise the confidentiality and integrity of the system.
Search at Netlas.io:
๐ Link: https://nt.ls/QzmGI
๐ Dork: http.body:"This error page was generated by SAP Web Dispatcher!"
Read more: https://www.bleepingcomputer.com/news/security/sap-patches-second-zero-day-flaw-exploited-in-recent-attacks/
A vulnerability in SAP NetWeaver Visual Composer Metadata Uploader allows a privileged attacker to upload arbitrary content that could compromise the confidentiality and integrity of the system.
Search at Netlas.io:
๐ Link: https://nt.ls/QzmGI
๐ Dork: http.body:"This error page was generated by SAP Web Dispatcher!"
Read more: https://www.bleepingcomputer.com/news/security/sap-patches-second-zero-day-flaw-exploited-in-recent-attacks/
๐พ3๐ฅ2
CVE-2025-22252: Bypass Authentication in FortiOS/FortiProxy, 9.0 rating ๐ฅ
Systems configured to use TACACS+ with ASCII authentication may be affected by a vulnerability that could allow an attacker to bypass authentication and gain administrative privileges.
Search at Netlas.io:
๐ Link: https://nt.ls/JYafs
๐ Dork: http.favicon.hash_sha256:d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f
Vendor's advisory: https://fortiguard.fortinet.com/psirt/FG-IR-24-472
Systems configured to use TACACS+ with ASCII authentication may be affected by a vulnerability that could allow an attacker to bypass authentication and gain administrative privileges.
Search at Netlas.io:
๐ Link: https://nt.ls/JYafs
๐ Dork: http.favicon.hash_sha256:d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f
Vendor's advisory: https://fortiguard.fortinet.com/psirt/FG-IR-24-472
๐ฅ2๐พ2
CVE-2025-47884, -47885, -47889: Multiple vulnerabilities in Jenkins, 8.8 - 9.8 rating ๐ฅ
Three vulnerabilities in Jenkins that were recently disclosed: Improper Access Control, XSS, Auth Bypass.
Search at Netlas.io:
๐ Link: https://nt.ls/6d5ql
๐ Dork: http.headers.x_jenkins:*
Vendor's advisory: https://www.jenkins.io/security/advisory/2025-05-14/
Three vulnerabilities in Jenkins that were recently disclosed: Improper Access Control, XSS, Auth Bypass.
Search at Netlas.io:
๐ Link: https://nt.ls/6d5ql
๐ Dork: http.headers.x_jenkins:*
Vendor's advisory: https://www.jenkins.io/security/advisory/2025-05-14/
๐ฅ3๐พ2
Netlas vs. IPinfo: A Comprehensive Analysis ๐งฎ
Our latest article puts Netlas head-to-head with one of its indirect competitors, IPinfo.
Inside, youโll find:
- Deep dive into each toolโs core features ๐
- Clear, side-by-side pricing comparison ๐ธ
- Actionable insights on where each platform shines ๐ค
๐ Read the article here: https://netlas.io/blog/netlas_vs_ipinfo/
Our latest article puts Netlas head-to-head with one of its indirect competitors, IPinfo.
Inside, youโll find:
- Deep dive into each toolโs core features ๐
- Clear, side-by-side pricing comparison ๐ธ
- Actionable insights on where each platform shines ๐ค
๐ Read the article here: https://netlas.io/blog/netlas_vs_ipinfo/
netlas.io
Netlas vs IPinfo: Tools Comparison - Netlas Blog
Explore the features, strengths, pricing, and automation options of Netlas and IPinfo to choose the best IP intelligence tool for your cybersecurity or research needs.
๐พ3๐ฅ2๐1
CVE-2024-57273, -54779, 54780: Multiple vulnerabilities in pfSense, 5.4 - 8.8 ratingโ๏ธ
The three newly disclosed vulnerabilities include Stored XSS, Command Injection and XML Injection.
Since the details of the vulnerabilities have already been disclosed, we recommend that anyone involved update their software.
Search at Netlas.io:
๐ Link: https://nt.ls/DOmg1
๐ Dork: http.title:"pfSense - Login"
Read more: https://blog.brillantit.com/exploiting-pfsense-xss-command-injection-cloud-hijack/
The three newly disclosed vulnerabilities include Stored XSS, Command Injection and XML Injection.
Since the details of the vulnerabilities have already been disclosed, we recommend that anyone involved update their software.
Search at Netlas.io:
๐ Link: https://nt.ls/DOmg1
๐ Dork: http.title:"pfSense - Login"
Read more: https://blog.brillantit.com/exploiting-pfsense-xss-command-injection-cloud-hijack/
๐พ4๐2๐ฅ2
CVE-2025-22157: Improper Access Control in Atlassian Jira, 7.2 ratingโ๏ธ
The vulnerability allows an authenticated attackers to escalate their privileges to administrator level or gain access to restricted workflows in Jira.
Search at Netlas.io:
๐ Link: https://nt.ls/lVuft
๐ Dork: http.meta:"content=\"JIRA\""
Vendor's advisory: https://confluence.atlassian.com/security/security-bulletin-may-20-2025-1561365992.html
The vulnerability allows an authenticated attackers to escalate their privileges to administrator level or gain access to restricted workflows in Jira.
Search at Netlas.io:
๐ Link: https://nt.ls/lVuft
๐ Dork: http.meta:"content=\"JIRA\""
Vendor's advisory: https://confluence.atlassian.com/security/security-bulletin-may-20-2025-1561365992.html
๐พ4๐2
๐ง Planned Maintenance ๐ง
The application will be unavailable for a period of timeโ๏ธ
The maintenance is scheduled to start today at 09:00 UTC โฐ. It is expected to take about ten minutes, but may take up to half an hour. We will do our best to complete it as quickly as possible.
Please remember to save your work before this time.
The application will be unavailable for a period of timeโ๏ธ
The maintenance is scheduled to start today at 09:00 UTC โฐ. It is expected to take about ten minutes, but may take up to half an hour. We will do our best to complete it as quickly as possible.
Please remember to save your work before this time.
โค2๐2๐1
๐ฏ Planned Maintenance Completed ๐ฏ
Our team apologizes that this process took longer than expected.
Netlas is fully online again, and you can get back to your projects! ๐พ
Our team apologizes that this process took longer than expected.
Netlas is fully online again, and you can get back to your projects! ๐พ
๐พ3๐2๐ญ1
Netlas 1.2.0 is Live! ๐
What's new:
๐ OpenAPI 3.1 Support
๐ Docs Portal Rebuild
๐ Field types added in Mapping View
๐ต๏ธโโ๏ธ New โTrackerโ Node (Google Tags, Facebook Pixels) into Attack Surface Discovery tool
Dive into the full changelog ๐ https://docs.netlas.io/changelog/
What's new:
๐ OpenAPI 3.1 Support
๐ Docs Portal Rebuild
๐ Field types added in Mapping View
๐ต๏ธโโ๏ธ New โTrackerโ Node (Google Tags, Facebook Pixels) into Attack Surface Discovery tool
Dive into the full changelog ๐ https://docs.netlas.io/changelog/
docs.netlas.io
Changelog - Netlas Docs
Explore the latest updates, enhancements, and fixes on the Netlas platform. Stay informed with our Changelog for all product and feature developments.
๐ฅ7
Netlas.io pinned ยซNetlas 1.2.0 is Live! ๐ What's new: ๐ OpenAPI 3.1 Support ๐ Docs Portal Rebuild ๐ Field types added in Mapping View ๐ต๏ธโโ๏ธ New โTrackerโ Node (Google Tags, Facebook Pixels) into Attack Surface Discovery tool Dive into the full changelog ๐ https://docs.โฆยป
CVE-2025-4123: 0-day in Grafana, 7.6 ratingโ๏ธ
Grafana Labs has released an unscheduled update that fixes an XSS injection vulnerability in all supported versions. This vulnerability does not require privileges and can be executed if anonymous access is present.
Search at Netlas.io:
๐ Link: https://nt.ls/BVyZk
๐ Dork: http.favicon.hash_sha256:80a7f87a79169cf0ac1ed3250d7c509368190a97bc7182cd4705deb8f8c70174 AND http.title:"Grafana"
Vendor's advisory: https://grafana.com/blog/2025/05/21/grafana-security-release-high-severity-security-fix-for-cve-2025-4123/
Grafana Labs has released an unscheduled update that fixes an XSS injection vulnerability in all supported versions. This vulnerability does not require privileges and can be executed if anonymous access is present.
Search at Netlas.io:
๐ Link: https://nt.ls/BVyZk
๐ Dork: http.favicon.hash_sha256:80a7f87a79169cf0ac1ed3250d7c509368190a97bc7182cd4705deb8f8c70174 AND http.title:"Grafana"
Vendor's advisory: https://grafana.com/blog/2025/05/21/grafana-security-release-high-severity-security-fix-for-cve-2025-4123/
๐ฅ2๐พ2๐1๐1
RCE in vBulletin, 9.5 rating ๐ฅ
vBulletin versions 5.0.0 through 6.0.3 contain an RCE vulnerability in the replaceAdTemplate endpoint that allows attackers to execute arbitrary PHP code on the server.
Search at Netlas.io:
๐ Link: https://nt.ls/42h8I
๐ Dork: http.meta:"vBulletin" AND (http.meta:"5.5.4" OR http.meta:"5.7.0" OR http.meta:"5.7.5" OR http.meta:"5.7.4")
Read more: https://cloud.projectdiscovery.io/library/vbulletin-replacead-rce
vBulletin versions 5.0.0 through 6.0.3 contain an RCE vulnerability in the replaceAdTemplate endpoint that allows attackers to execute arbitrary PHP code on the server.
Search at Netlas.io:
๐ Link: https://nt.ls/42h8I
๐ Dork: http.meta:"vBulletin" AND (http.meta:"5.5.4" OR http.meta:"5.7.0" OR http.meta:"5.7.5" OR http.meta:"5.7.4")
Read more: https://cloud.projectdiscovery.io/library/vbulletin-replacead-rce
๐พ4๐ฅ3
Authorization Error Fixed ๐
Over the weekend, some of our users encountered problems with authorization through third-party resources. This issue has now been fixed, and you can return to your projects!
The Netlas team apologizes for the inconvenience.
Over the weekend, some of our users encountered problems with authorization through third-party resources. This issue has now been fixed, and you can return to your projects!
The Netlas team apologizes for the inconvenience.
๐ฅฐ3๐2โค1๐1
Account Takeover in Grafana โ PoC by Chirag Artani ๐ฅ
Our friendโs channel has posted a new video dedicated to exploiting a recent vulnerability. The guide includes finding targets in Netlas, as well as further exploitation. Donโt miss it!
We also recommend checking out Chirag Artaniโs website and Twitter for more cybersecurity insights:
๐ Website: 3rag.com
๐ Twitter: x.com/Chirag99Artani
Our friendโs channel has posted a new video dedicated to exploiting a recent vulnerability. The guide includes finding targets in Netlas, as well as further exploitation. Donโt miss it!
We also recommend checking out Chirag Artaniโs website and Twitter for more cybersecurity insights:
๐ Website: 3rag.com
๐ Twitter: x.com/Chirag99Artani
YouTube
Grafana CVE-2025-4123 Exploit Demo Open Redirect | XSS + SSRF + Account Takeover | Security POC
Description:
โ ๏ธ HIGH SEVERITY ALERT โ ๏ธ
One-click Grafana scanner: https://nt.ls/T5Akf (Netlas.io) 40000+ targets
In this video, I demonstrate the exploitation of CVE-2025-4123, a critical security vulnerability in Grafana with a CVSS score of 7.6. Thisโฆ
โ ๏ธ HIGH SEVERITY ALERT โ ๏ธ
One-click Grafana scanner: https://nt.ls/T5Akf (Netlas.io) 40000+ targets
In this video, I demonstrate the exploitation of CVE-2025-4123, a critical security vulnerability in Grafana with a CVSS score of 7.6. Thisโฆ
๐ฅ7๐4
CVE-2025-47577: Unrestricted Upload of File with Dangerous Type in TI WooCommerce Wishlist Plugin, 10.0 rating ๐ฅ๐ฅ๐ฅ
Failure to check the types of uploaded files allows attackers to upload a web shell to the server and perform RCE.
Search at Netlas.io:
๐ Link: https://nt.ls/jYyss
๐ Dork: http.body:"plugins/ti-woocommerce-wishlist"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ti-woocommerce-wishlist/ti-woocommerce-wishlist-292-unauthenticated-arbitrary-file-upload
Failure to check the types of uploaded files allows attackers to upload a web shell to the server and perform RCE.
Search at Netlas.io:
๐ Link: https://nt.ls/jYyss
๐ Dork: http.body:"plugins/ti-woocommerce-wishlist"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ti-woocommerce-wishlist/ti-woocommerce-wishlist-292-unauthenticated-arbitrary-file-upload
๐3๐ฅ3โค2๐พ1
Track Adversary Infrastructure Challenge Recap ๐
Last week, a major event concluded: the Track Adversary Infrastructure Challenge, which we held together with our colleagues from RST Cloud. Participants gained practical experience, and we were able to draw many conclusions regarding Netlasโs functionality and the improvements needed.
Thank you all for participating, and special congratulations to the winners:
๐ฅ 1st Place (tie): Daisuke Arai
๐ฅ 1st Place (tie): Marc Nebout
๐ฅ 2nd Place: Kishan Lal
๐ฅ 3rd Place: Koushik Pal
๐ You can read a more detailed report on our blog: https://netlas.io/blog/track_advisory_infrastructure_challenge/
Last week, a major event concluded: the Track Adversary Infrastructure Challenge, which we held together with our colleagues from RST Cloud. Participants gained practical experience, and we were able to draw many conclusions regarding Netlasโs functionality and the improvements needed.
Thank you all for participating, and special congratulations to the winners:
๐ฅ 1st Place (tie): Daisuke Arai
๐ฅ 1st Place (tie): Marc Nebout
๐ฅ 2nd Place: Kishan Lal
๐ฅ 3rd Place: Koushik Pal
๐ You can read a more detailed report on our blog: https://netlas.io/blog/track_advisory_infrastructure_challenge/
๐ฅ5๐2๐1