๐ง Planned Maintenance ๐ง
The application will be unavailable for a period of timeโ๏ธ
The maintenance is scheduled to start today at 09:00 UTC โฐ. It is expected to take about ten minutes, but may take up to half an hour. We will do our best to complete it as quickly as possible.
Please remember to save your work before this time.
The application will be unavailable for a period of timeโ๏ธ
The maintenance is scheduled to start today at 09:00 UTC โฐ. It is expected to take about ten minutes, but may take up to half an hour. We will do our best to complete it as quickly as possible.
Please remember to save your work before this time.
โค2๐2๐1
๐ฏ Planned Maintenance Completed ๐ฏ
Our team apologizes that this process took longer than expected.
Netlas is fully online again, and you can get back to your projects! ๐พ
Our team apologizes that this process took longer than expected.
Netlas is fully online again, and you can get back to your projects! ๐พ
๐พ3๐2๐ญ1
Netlas 1.2.0 is Live! ๐
What's new:
๐ OpenAPI 3.1 Support
๐ Docs Portal Rebuild
๐ Field types added in Mapping View
๐ต๏ธโโ๏ธ New โTrackerโ Node (Google Tags, Facebook Pixels) into Attack Surface Discovery tool
Dive into the full changelog ๐ https://docs.netlas.io/changelog/
What's new:
๐ OpenAPI 3.1 Support
๐ Docs Portal Rebuild
๐ Field types added in Mapping View
๐ต๏ธโโ๏ธ New โTrackerโ Node (Google Tags, Facebook Pixels) into Attack Surface Discovery tool
Dive into the full changelog ๐ https://docs.netlas.io/changelog/
docs.netlas.io
Changelog - Netlas Docs
Explore the latest updates, enhancements, and fixes on the Netlas platform. Stay informed with our Changelog for all product and feature developments.
๐ฅ7
Netlas.io pinned ยซNetlas 1.2.0 is Live! ๐ What's new: ๐ OpenAPI 3.1 Support ๐ Docs Portal Rebuild ๐ Field types added in Mapping View ๐ต๏ธโโ๏ธ New โTrackerโ Node (Google Tags, Facebook Pixels) into Attack Surface Discovery tool Dive into the full changelog ๐ https://docs.โฆยป
CVE-2025-4123: 0-day in Grafana, 7.6 ratingโ๏ธ
Grafana Labs has released an unscheduled update that fixes an XSS injection vulnerability in all supported versions. This vulnerability does not require privileges and can be executed if anonymous access is present.
Search at Netlas.io:
๐ Link: https://nt.ls/BVyZk
๐ Dork: http.favicon.hash_sha256:80a7f87a79169cf0ac1ed3250d7c509368190a97bc7182cd4705deb8f8c70174 AND http.title:"Grafana"
Vendor's advisory: https://grafana.com/blog/2025/05/21/grafana-security-release-high-severity-security-fix-for-cve-2025-4123/
Grafana Labs has released an unscheduled update that fixes an XSS injection vulnerability in all supported versions. This vulnerability does not require privileges and can be executed if anonymous access is present.
Search at Netlas.io:
๐ Link: https://nt.ls/BVyZk
๐ Dork: http.favicon.hash_sha256:80a7f87a79169cf0ac1ed3250d7c509368190a97bc7182cd4705deb8f8c70174 AND http.title:"Grafana"
Vendor's advisory: https://grafana.com/blog/2025/05/21/grafana-security-release-high-severity-security-fix-for-cve-2025-4123/
๐ฅ2๐พ2๐1๐1
RCE in vBulletin, 9.5 rating ๐ฅ
vBulletin versions 5.0.0 through 6.0.3 contain an RCE vulnerability in the replaceAdTemplate endpoint that allows attackers to execute arbitrary PHP code on the server.
Search at Netlas.io:
๐ Link: https://nt.ls/42h8I
๐ Dork: http.meta:"vBulletin" AND (http.meta:"5.5.4" OR http.meta:"5.7.0" OR http.meta:"5.7.5" OR http.meta:"5.7.4")
Read more: https://cloud.projectdiscovery.io/library/vbulletin-replacead-rce
vBulletin versions 5.0.0 through 6.0.3 contain an RCE vulnerability in the replaceAdTemplate endpoint that allows attackers to execute arbitrary PHP code on the server.
Search at Netlas.io:
๐ Link: https://nt.ls/42h8I
๐ Dork: http.meta:"vBulletin" AND (http.meta:"5.5.4" OR http.meta:"5.7.0" OR http.meta:"5.7.5" OR http.meta:"5.7.4")
Read more: https://cloud.projectdiscovery.io/library/vbulletin-replacead-rce
๐พ4๐ฅ3
Authorization Error Fixed ๐
Over the weekend, some of our users encountered problems with authorization through third-party resources. This issue has now been fixed, and you can return to your projects!
The Netlas team apologizes for the inconvenience.
Over the weekend, some of our users encountered problems with authorization through third-party resources. This issue has now been fixed, and you can return to your projects!
The Netlas team apologizes for the inconvenience.
๐ฅฐ3๐2โค1๐1
Account Takeover in Grafana โ PoC by Chirag Artani ๐ฅ
Our friendโs channel has posted a new video dedicated to exploiting a recent vulnerability. The guide includes finding targets in Netlas, as well as further exploitation. Donโt miss it!
We also recommend checking out Chirag Artaniโs website and Twitter for more cybersecurity insights:
๐ Website: 3rag.com
๐ Twitter: x.com/Chirag99Artani
Our friendโs channel has posted a new video dedicated to exploiting a recent vulnerability. The guide includes finding targets in Netlas, as well as further exploitation. Donโt miss it!
We also recommend checking out Chirag Artaniโs website and Twitter for more cybersecurity insights:
๐ Website: 3rag.com
๐ Twitter: x.com/Chirag99Artani
YouTube
Grafana CVE-2025-4123 Exploit Demo Open Redirect | XSS + SSRF + Account Takeover | Security POC
Description:
โ ๏ธ HIGH SEVERITY ALERT โ ๏ธ
One-click Grafana scanner: https://nt.ls/T5Akf (Netlas.io) 40000+ targets
In this video, I demonstrate the exploitation of CVE-2025-4123, a critical security vulnerability in Grafana with a CVSS score of 7.6. Thisโฆ
โ ๏ธ HIGH SEVERITY ALERT โ ๏ธ
One-click Grafana scanner: https://nt.ls/T5Akf (Netlas.io) 40000+ targets
In this video, I demonstrate the exploitation of CVE-2025-4123, a critical security vulnerability in Grafana with a CVSS score of 7.6. Thisโฆ
๐ฅ7๐4
CVE-2025-47577: Unrestricted Upload of File with Dangerous Type in TI WooCommerce Wishlist Plugin, 10.0 rating ๐ฅ๐ฅ๐ฅ
Failure to check the types of uploaded files allows attackers to upload a web shell to the server and perform RCE.
Search at Netlas.io:
๐ Link: https://nt.ls/jYyss
๐ Dork: http.body:"plugins/ti-woocommerce-wishlist"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ti-woocommerce-wishlist/ti-woocommerce-wishlist-292-unauthenticated-arbitrary-file-upload
Failure to check the types of uploaded files allows attackers to upload a web shell to the server and perform RCE.
Search at Netlas.io:
๐ Link: https://nt.ls/jYyss
๐ Dork: http.body:"plugins/ti-woocommerce-wishlist"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ti-woocommerce-wishlist/ti-woocommerce-wishlist-292-unauthenticated-arbitrary-file-upload
๐3๐ฅ3โค2๐พ1
Track Adversary Infrastructure Challenge Recap ๐
Last week, a major event concluded: the Track Adversary Infrastructure Challenge, which we held together with our colleagues from RST Cloud. Participants gained practical experience, and we were able to draw many conclusions regarding Netlasโs functionality and the improvements needed.
Thank you all for participating, and special congratulations to the winners:
๐ฅ 1st Place (tie): Daisuke Arai
๐ฅ 1st Place (tie): Marc Nebout
๐ฅ 2nd Place: Kishan Lal
๐ฅ 3rd Place: Koushik Pal
๐ You can read a more detailed report on our blog: https://netlas.io/blog/track_advisory_infrastructure_challenge/
Last week, a major event concluded: the Track Adversary Infrastructure Challenge, which we held together with our colleagues from RST Cloud. Participants gained practical experience, and we were able to draw many conclusions regarding Netlasโs functionality and the improvements needed.
Thank you all for participating, and special congratulations to the winners:
๐ฅ 1st Place (tie): Daisuke Arai
๐ฅ 1st Place (tie): Marc Nebout
๐ฅ 2nd Place: Kishan Lal
๐ฅ 3rd Place: Koushik Pal
๐ You can read a more detailed report on our blog: https://netlas.io/blog/track_advisory_infrastructure_challenge/
๐ฅ5๐2๐1
CVE-2025-49113: RCE in Roundcube Webmail, 9.9 rating ๐ฅ
A vulnerability in Roundcube allows attackers to perform RCE due to the lack of validation of the _from parameter, which leads to PHP objects deserialization.
Search at Netlas.io:
๐ Link: https://nt.ls/9M4Rh
๐ Dork: http.headers.set_cookie:"roundcube_sessid"
Read more: https://fearsoff.org/research/roundcube
A vulnerability in Roundcube allows attackers to perform RCE due to the lack of validation of the _from parameter, which leads to PHP objects deserialization.
Search at Netlas.io:
๐ Link: https://nt.ls/9M4Rh
๐ Dork: http.headers.set_cookie:"roundcube_sessid"
Read more: https://fearsoff.org/research/roundcube
๐พ3๐ฅ2
๐ง Planned Maintenance ๐ง
The application may be unavailable for a period of timeโ๏ธ
On the weekend of June 7โ8, 2025, we will carry out work aimed at improving server stability and quality of service. In case of problems, the application may be unavailable for up to two days. Our team will do everything possible to prevent this.
Please remember to save your work before this time.
The application may be unavailable for a period of timeโ๏ธ
On the weekend of June 7โ8, 2025, we will carry out work aimed at improving server stability and quality of service. In case of problems, the application may be unavailable for up to two days. Our team will do everything possible to prevent this.
Please remember to save your work before this time.
๐2๐จโ๐ป2๐1
Netlas vs. Urlscan: In-Depth Comparison ๐งฎ
In our new blog post, we stack Netlas against Urlscan to finally answer the question: are these tools similar?
Inside, youโll discover:
- An in-depth look at each platformโs standout capabilities ๐
- Similarities and differences between applications โ๏ธ
- Practical recommendations on when to choose one over the other ๐ค
๐ Check it out here: https://netlas.io/blog/netlas_vs_urlscan/
In our new blog post, we stack Netlas against Urlscan to finally answer the question: are these tools similar?
Inside, youโll discover:
- An in-depth look at each platformโs standout capabilities ๐
- Similarities and differences between applications โ๏ธ
- Practical recommendations on when to choose one over the other ๐ค
๐ Check it out here: https://netlas.io/blog/netlas_vs_urlscan/
netlas.io
Netlas vs Urlscan: Tools Comparison - Netlas Blog
At first glance, Netlas and Urlscan seem similar, but their core functions and use cases differ greatly. Discover which tool fits your needs.
๐ฅ3๐พ3
CVE-2025-32756: Buffer Overflow in Fortinet products, 9.8 rating ๐ฅ
Some Fortinet products, including FortiMail, FortiRecorder, and FortiVoice, are vulnerable to a buffer overflow that could allow a remote, unauthenticated attacker to execute arbitrary code or commands.
The vulnerability is not new, but a PoC was recently released!
Search at Netlas.io:
๐ Link: https://nt.ls/nmu5K
๐ Dork: certificate.subject.common_name:"FortiMail" OR certificate.subject.common_name:"FortiRecorder" OR certificate.subject.common_name:"FortiVoice"
Vendor's advisory: https://fortiguard.fortinet.com/psirt/FG-IR-25-254
Some Fortinet products, including FortiMail, FortiRecorder, and FortiVoice, are vulnerable to a buffer overflow that could allow a remote, unauthenticated attacker to execute arbitrary code or commands.
The vulnerability is not new, but a PoC was recently released!
Search at Netlas.io:
๐ Link: https://nt.ls/nmu5K
๐ Dork: certificate.subject.common_name:"FortiMail" OR certificate.subject.common_name:"FortiRecorder" OR certificate.subject.common_name:"FortiVoice"
Vendor's advisory: https://fortiguard.fortinet.com/psirt/FG-IR-25-254
๐ฅ5โ2๐พ2
CVE-2025-42989: Missing Authorization in SAP NetWeaver, 9.6 rating ๐ฅ
One of the vulnerabilities disclosed in a recent patch allows an authenticated user to escalate their privileges, which could critically impact the integrity and availability of the system.
Search at Netlas.io:
๐ Link: https://nt.ls/lB0fI
๐ Dork: http.body:"This error page was generated by SAP Web Dispatcher!"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/june-2025.html
One of the vulnerabilities disclosed in a recent patch allows an authenticated user to escalate their privileges, which could critically impact the integrity and availability of the system.
Search at Netlas.io:
๐ Link: https://nt.ls/lB0fI
๐ Dork: http.body:"This error page was generated by SAP Web Dispatcher!"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/june-2025.html
๐ฅ3๐พ2
CVE-2025-47110: Cross-site Scripting in Magento (and Adobe Commerce), 9.1 rating ๐ฅ
An XSS vulnerability in Magento and Adobe Commerce allows an attacker to inject code into vulnerable forms and execute it in the victim's browser.
Search at Netlas.io:
๐ Link: https://nt.ls/v6wk6
๐ Dork: tag.name:"magento" AND http.headers.server:"Apache"
Vendor's advisory: https://helpx.adobe.com/security/products/magento/apsb25-50.html
An XSS vulnerability in Magento and Adobe Commerce allows an attacker to inject code into vulnerable forms and execute it in the victim's browser.
Search at Netlas.io:
๐ Link: https://nt.ls/v6wk6
๐ Dork: tag.name:"magento" AND http.headers.server:"Apache"
Vendor's advisory: https://helpx.adobe.com/security/products/magento/apsb25-50.html
๐ฅ3๐พ3
CVE-2025-4798, -4799: Absolute Path Traversal in DownloadManager WordPress Plugin, 4.9 - 7.2 ratingโ๏ธ
Vulnerabilities shared with us by the pen tester who found them. Allow attackers to manipulate files on the server, which can lead to RCE.
Search at Netlas.io:
๐ Link: https://nt.ls/DH8EA
๐ Dork: http.body:"plugins/wp-downloadmanager"
More information here: https://youtu.be/QTe3rf0-e7U?si=THZKoKeI1vN-arR7
Vulnerabilities shared with us by the pen tester who found them. Allow attackers to manipulate files on the server, which can lead to RCE.
Search at Netlas.io:
๐ Link: https://nt.ls/DH8EA
๐ Dork: http.body:"plugins/wp-downloadmanager"
More information here: https://youtu.be/QTe3rf0-e7U?si=THZKoKeI1vN-arR7
๐พ5๐ฅ3
CVE-2025-48976, -48988, -49125: Multiple vulnerabilitites in Apache Tomcat, 7.5 ratingโ๏ธ
Recent vulnerabilities in Apache Tomcat allow an attacker to perform DoS and gain access to resources through insecure path.
Search at Netlas.io:
๐ Link: https://nt.ls/oAb4X
๐ Dork: http.favicon.hash_sha256:64a3170a912786e9eece7e347b58f36471cb9d0bc790697b216c61050e6b1f08 OR http.headers.server:"Apache-Coyote"
Vendor's advisory: https://lists.apache.org/thread/m66cytbfrty9k7dc4cg6tl1czhsnbywk
Recent vulnerabilities in Apache Tomcat allow an attacker to perform DoS and gain access to resources through insecure path.
Search at Netlas.io:
๐ Link: https://nt.ls/oAb4X
๐ Dork: http.favicon.hash_sha256:64a3170a912786e9eece7e347b58f36471cb9d0bc790697b216c61050e6b1f08 OR http.headers.server:"Apache-Coyote"
Vendor's advisory: https://lists.apache.org/thread/m66cytbfrty9k7dc4cg6tl1czhsnbywk
๐ฅ3๐พ3๐2
CVE-2025-4278, -5121, 2254 and other: Multiple vulnerabilities in GitLab, 3.7 - 8.7 ratingโ๏ธ
In recent patch notes, GitLab reported ten vulnerabilities, including HTML injection, XSS, DoS, and more.
Search at Netlas.io:
๐ Link: https://nt.ls/dq6qU
๐ Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/06/11/patch-release-gitlab-18-0-2-released/#cve-2025-5121---missing-authorization-issue-impacts-gitlab-ultimate-ee
In recent patch notes, GitLab reported ten vulnerabilities, including HTML injection, XSS, DoS, and more.
Search at Netlas.io:
๐ Link: https://nt.ls/dq6qU
๐ Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/06/11/patch-release-gitlab-18-0-2-released/#cve-2025-5121---missing-authorization-issue-impacts-gitlab-ultimate-ee
๐พ3๐ฅ2
AIโPowered Attack Surface Mapping ๐ค
Artificial intelligence is a topic that has not lost its popularity in recent years. Language models have proven themselves in many areas, including information security.
In our latest article, discover how to leverage AI for comprehensive attack surface discovery, plus get an unbiased comparison of leading models so you can pick the right one for your needs.
๐ Read now: https://netlas.io/blog/ai-driven_attack_surface_discovery/
Artificial intelligence is a topic that has not lost its popularity in recent years. Language models have proven themselves in many areas, including information security.
In our latest article, discover how to leverage AI for comprehensive attack surface discovery, plus get an unbiased comparison of leading models so you can pick the right one for your needs.
๐ Read now: https://netlas.io/blog/ai-driven_attack_surface_discovery/
netlas.io
AI-Driven Attack Surface Discovery - Netlas Blog
Can large language models assist in attack surface mapping? We put them to the test using the Netlas Discovery API in a hands-on classification experiment.
๐ฅ5๐2๐พ1