CVE-2025-8489: Path Traversal in ShopLentor WordPress Plugin, 9.8 rating π₯
A recent vulnerability in the ShopLentor (formerly WooLentor) plugin allows unauthenticated attackers to execute any code from PHP files on the server.
Search at Netlas.io:
π Link: https://nt.ls/wKuHH
π Dork: http.body:"plugins/woolentor-addons"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woolentor-addons/shoplentor-325-unauthenticated-local-php-file-inclusion-via-load-template
A recent vulnerability in the ShopLentor (formerly WooLentor) plugin allows unauthenticated attackers to execute any code from PHP files on the server.
Search at Netlas.io:
π Link: https://nt.ls/wKuHH
π Dork: http.body:"plugins/woolentor-addons"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woolentor-addons/shoplentor-325-unauthenticated-local-php-file-inclusion-via-load-template
πΎ5π€2
CVE-2025-64459, -64458: SQLi and DoS in Django Framework, 7.5 - 9.1 rating π₯
A recent security update from the Django Team fixes two vulnerabilities that could allow an attacker to destroy or retrieve database contents, as well as halt the operation of a Windows server.
Search at Netlas.io:
π Link: https://nt.ls/srswH
π Dork: tag.name:"django"
Vendor's advisory: https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
A recent security update from the Django Team fixes two vulnerabilities that could allow an attacker to destroy or retrieve database contents, as well as halt the operation of a Windows server.
Search at Netlas.io:
π Link: https://nt.ls/srswH
π Dork: tag.name:"django"
Vendor's advisory: https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
π₯5πΎ2
π LLM Vulnerabilities: how AI apps break β and how to harden them
This piece maps the most common ways LLM-powered systems fail in the real world and turns them into a practical hardening plan. From prompt and indirect injection to over-privileged tools, leaky RAG pipelines, data poisoning, jailbreaks, and supply-chain traps β plus the guardrails that actually help in production.
Key takeaways:
1οΈβ£ Prompt & indirect injection: attackers hide instructions in web pages, files, or retrieved notes; the model obeys them and exfiltrates secrets or performs unwanted actions.
2οΈβ£ Jailbreaks & policy evasion: harmless-looking reformulations bypass safety layers; outputs become unsafe or operationally risky.
3οΈβ£ RAG data leaks: sloppy retrieval exposes internal docs, customer data, and system prompts; cross-tenant bleed is a real risk.
4οΈβ£ Over-privileged tools/agents: broad filesystem, network, or payment permissions turn one prompt into a breach.
5οΈβ£ Poisoning & supply chain: tainted datasets, third-party prompts, and unpinned models/extensions undermine trust.
6οΈβ£ Output trust & hallucinations: fabricated facts sneak into workflows, tickets, or code β and humans often rubber-stamp them.
7οΈβ£ Telemetry gaps: without red-team sims and runtime monitoring, you wonβt see injection attempts until damage is done.
π Read here: https://netlas.io/blog/llm_vulnerabilities/
This piece maps the most common ways LLM-powered systems fail in the real world and turns them into a practical hardening plan. From prompt and indirect injection to over-privileged tools, leaky RAG pipelines, data poisoning, jailbreaks, and supply-chain traps β plus the guardrails that actually help in production.
Key takeaways:
1οΈβ£ Prompt & indirect injection: attackers hide instructions in web pages, files, or retrieved notes; the model obeys them and exfiltrates secrets or performs unwanted actions.
2οΈβ£ Jailbreaks & policy evasion: harmless-looking reformulations bypass safety layers; outputs become unsafe or operationally risky.
3οΈβ£ RAG data leaks: sloppy retrieval exposes internal docs, customer data, and system prompts; cross-tenant bleed is a real risk.
4οΈβ£ Over-privileged tools/agents: broad filesystem, network, or payment permissions turn one prompt into a breach.
5οΈβ£ Poisoning & supply chain: tainted datasets, third-party prompts, and unpinned models/extensions undermine trust.
6οΈβ£ Output trust & hallucinations: fabricated facts sneak into workflows, tickets, or code β and humans often rubber-stamp them.
7οΈβ£ Telemetry gaps: without red-team sims and runtime monitoring, you wonβt see injection attempts until damage is done.
π Read here: https://netlas.io/blog/llm_vulnerabilities/
netlas.io
LLM Vulnerabilities: Why AI Models Are the Next Big Attack Surface - Netlas Blog
LLM vulnerabilities explained: prompt injection, data leaks, RAG risk, supply chain, and real incidents β plus OWASP guidance, mitigations, and testing tactics.
πΎ4β€2π₯1
CVE-2025-64492, -64493: SQL Injections in SuiteCRM, 6.5 - 8.8 ratingβοΈ
Vulnerabilities in SuiteCRM allow attackers to obtain information about databases and, in rare cases, perform RCE.
Search at Netlas.io:
π Link: https://nt.ls/rsV8B
π Dork: http.favicon.hash_sha256:6e1ab006d2a8e2e930bdd6f4e85ae3f7df8c46cd2062a9f85a7193e0558185bb
Vendor's advisory: https://github.com/SuiteCRM/SuiteCRM-Core/security/advisories/GHSA-54m4-4p54-j8hp
Vulnerabilities in SuiteCRM allow attackers to obtain information about databases and, in rare cases, perform RCE.
Search at Netlas.io:
π Link: https://nt.ls/rsV8B
π Dork: http.favicon.hash_sha256:6e1ab006d2a8e2e930bdd6f4e85ae3f7df8c46cd2062a9f85a7193e0558185bb
Vendor's advisory: https://github.com/SuiteCRM/SuiteCRM-Core/security/advisories/GHSA-54m4-4p54-j8hp
πΎ4
CVE-2025-11224 and other: Multiple vulnerabilities in GitLab, 3.1 - 7.7 ratingβοΈ
In a new bulletin, GitLab described nine vulnerabilities for CE and EE. These include XSS, Information Disclosure, Prompt Injection, and others.
Search at Netlas.io:
π Link: https://nt.ls/7x1Mf
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/
In a new bulletin, GitLab described nine vulnerabilities for CE and EE. These include XSS, Information Disclosure, Prompt Injection, and others.
Search at Netlas.io:
π Link: https://nt.ls/7x1Mf
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/
πΎ6
CVE-2025-10230: OS Command Injection in Samba, 10.0 rating π₯π₯π₯
An October vulnerability in the popular Samba AD package allows attackers to execute commands on a server by sending just one specially crafted packet.
Search at Netlas.io:
π Link: https://nt.ls/xGVmR
π Dork: smb:*
Vendor's advisory: https://www.samba.org/samba/history/security.html
An October vulnerability in the popular Samba AD package allows attackers to execute commands on a server by sending just one specially crafted packet.
Search at Netlas.io:
π Link: https://nt.ls/xGVmR
π Dork: smb:*
Vendor's advisory: https://www.samba.org/samba/history/security.html
π₯3π±3πΎ3
CVE-2025-64500: Authorization Bypass in Symfony, 7.3 ratingβοΈ
The vulnerability allows attackers to bypass certain access restrictions based on the leading "/" character.
Search at Netlas.io:
π Link: https://nt.ls/yxfE1
π Dork: http.body:"Symfony Web Debug Toolbar" OR http.title:"Welcome to Symfony!" OR http.title:"symfony project"
Vendor's advisory: https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
The vulnerability allows attackers to bypass certain access restrictions based on the leading "/" character.
Search at Netlas.io:
π Link: https://nt.ls/yxfE1
π Dork: http.body:"Symfony Web Debug Toolbar" OR http.title:"Welcome to Symfony!" OR http.title:"symfony project"
Vendor's advisory: https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
πΎ5
CVE-2025-9501: Command Injection in W3 Total Cache plugin, 9.0 rating π₯
A vulnerability in a popular website speedup plugin allows attackers to remotely execute PHP code.
Search at Netlas.io:
π Link: https://nt.ls/GUyZV
π Dork: http.body:"plugins/w3-total-cache"
Read more: https://wpscan.com/vulnerability/6697a2c9-63ae-42f0-8931-f2e5d67d45ae/
A vulnerability in a popular website speedup plugin allows attackers to remotely execute PHP code.
Search at Netlas.io:
π Link: https://nt.ls/GUyZV
π Dork: http.body:"plugins/w3-total-cache"
Read more: https://wpscan.com/vulnerability/6697a2c9-63ae-42f0-8931-f2e5d67d45ae/
πΎ3π₯2
βWe are currently experiencing a full service outage caused by a major Cloudflare CDN failure.
At the moment, Netlas App, API, and documentation portal are unavailable.
Our backend systems are running, but Cloudflareβs outage prevents any traffic from reaching our infrastructure.
We are actively monitoring Cloudflareβs incident and will restore service as soon as connectivity is back.
At the moment, Netlas App, API, and documentation portal are unavailable.
Our backend systems are running, but Cloudflareβs outage prevents any traffic from reaching our infrastructure.
We are actively monitoring Cloudflareβs incident and will restore service as soon as connectivity is back.
π7πΏ2
From Starlink to Star Wars: The Real Cyber Threats in Space πΈ
Satellites now prop up navigation, finance, aviation, weather, even battlefields β and that makes them prime targets. Our new piece maps how space systems are attacked across the ground, link, and space segments, what went wrong in real incidents, and which controls actually help. No, itβs not the Death Star you should fear β itβs the dish on your roof. These are not the packets youβre looking for.
Whatβs inside:
π Mega-constellations & dependencies: why thousands of LEO nodes + private networks raise systemic risk.
π° Anatomy of a satellite: bus, payload, TT&C β and where command hijack, unpatched firmware, and telemetry tampering creep in.
π‘ Ground first: supply-chain compromise, phishable ops networks, and user-terminal takeover.
πRF attacks: jamming, spoofing, and cheap SDR eavesdropping turning βspace-onlyβ data into low-cost targets.
πCase studies you can brief with: Viasat KA-SAT (AcidRain) and Landsat/Terra ground-station intrusions β play-by-play included.
π Read now: https://netlas.io/blog/space_cyber_threats/
Satellites now prop up navigation, finance, aviation, weather, even battlefields β and that makes them prime targets. Our new piece maps how space systems are attacked across the ground, link, and space segments, what went wrong in real incidents, and which controls actually help. No, itβs not the Death Star you should fear β itβs the dish on your roof. These are not the packets youβre looking for.
Whatβs inside:
π Mega-constellations & dependencies: why thousands of LEO nodes + private networks raise systemic risk.
π° Anatomy of a satellite: bus, payload, TT&C β and where command hijack, unpatched firmware, and telemetry tampering creep in.
π‘ Ground first: supply-chain compromise, phishable ops networks, and user-terminal takeover.
πRF attacks: jamming, spoofing, and cheap SDR eavesdropping turning βspace-onlyβ data into low-cost targets.
πCase studies you can brief with: Viasat KA-SAT (AcidRain) and Landsat/Terra ground-station intrusions β play-by-play included.
π Read now: https://netlas.io/blog/space_cyber_threats/
netlas.io
From Starlink to Star Wars - The Real Cyber Threats in Space - Netlas Blog
Explores how AI, cyber attacks and megaconstellations turn satellites into critical targets β and why securing space infrastructure is urgent.
π₯3πΎ3π1
CVE-2025-64656, -64657: Two vulnerabilitites in Azure Application Gateway, 9.4 - 9.8 rating π₯
Among the vulnerabilities recently published by Microsoft are Stack-based Buffer Overflow and Out-of-bounds Read, which allow an attacker to escalate privileges.
Search at Netlas.io:
π Link: https://nt.ls/2xeMm
π Dork: http.headers.server:"Azure Application Gateway"
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64657
Among the vulnerabilities recently published by Microsoft are Stack-based Buffer Overflow and Out-of-bounds Read, which allow an attacker to escalate privileges.
Search at Netlas.io:
π Link: https://nt.ls/2xeMm
π Dork: http.headers.server:"Azure Application Gateway"
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64657
πΎ4π₯1
π§ Planned Maintenance π§
An application will be unavailable for a period of timeβοΈ
On Thursday, November 27, 2025, at 09:00 UTC β°, a major update will be implemented, which will also require changes to the structure of the Netlas databases. This will take several hours, during which time the service will be down. Our team will do everything possible to complete this task as quickly as possible.
Please remember to save your work before this time.
An application will be unavailable for a period of timeβοΈ
On Thursday, November 27, 2025, at 09:00 UTC β°, a major update will be implemented, which will also require changes to the structure of the Netlas databases. This will take several hours, during which time the service will be down. Our team will do everything possible to complete this task as quickly as possible.
Please remember to save your work before this time.
π3
CVE-2024-9183, -12571, and other: Multiple vulnerabilities in GitLab, 2.4 - 7.7 ratingβοΈ
In a recent advisory, GitLab reports several vulnerabilities, including Race Conditions, DoS, and Authentication Bypass.
Search at Netlas.io:
π Link: https://nt.ls/IH1NS
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/
In a recent advisory, GitLab reports several vulnerabilities, including Race Conditions, DoS, and Authentication Bypass.
Search at Netlas.io:
π Link: https://nt.ls/IH1NS
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/
πΎ4
Netlas.io
π§ Planned Maintenance π§ An application will be unavailable for a period of timeβοΈ On Thursday, November 27, 2025, at 09:00 UTC β°, a major update will be implemented, which will also require changes to the structure of the Netlas databases. This will takeβ¦
βοΈ Maintenance Update βοΈ
Due to additional testing, the update has been postponed to Friday, November 28, 2025, at 08:00 UTC β°.
Please remember to save your work before this time.
Due to additional testing, the update has been postponed to Friday, November 28, 2025, at 08:00 UTC β°.
Please remember to save your work before this time.
π3
Netlas is back online π
Weβve just finished rolling out Netlas v1.4.0 β a major upgrade that took a bit longer than expected, but itβs now live and ready to use.
Hereβs whatβs new:
π§ Discovery Tool: significantly improved UI and reworked flow β discovery now runs in the background so you can keep exploring your attack surface while data is being fetched.
π Port coverage: public scans now cover 1,000+ ports for broader visibility into exposed services.
π Tech detection: improved HTTP software detection; the next public scan will include 6,000+ application and technology names.
π CVE mapping: completely redesigned mapping via CPEs and product names, plus a new sortable, filterable vulnerabilities table in the UI.
π¦ Private Scanner: major data storage redesign after a year of intensive use, improving reliability and paving the way for future features.
π API change: when using the indices parameter, you now pass the scan label instead of its numeric ID.
Thanks a lot for your patience and support β it helped us get this release over the line.
π Full changelog and migration details: https://docs.netlas.io/changelog/
Weβve just finished rolling out Netlas v1.4.0 β a major upgrade that took a bit longer than expected, but itβs now live and ready to use.
Hereβs whatβs new:
π§ Discovery Tool: significantly improved UI and reworked flow β discovery now runs in the background so you can keep exploring your attack surface while data is being fetched.
π Port coverage: public scans now cover 1,000+ ports for broader visibility into exposed services.
π Tech detection: improved HTTP software detection; the next public scan will include 6,000+ application and technology names.
π CVE mapping: completely redesigned mapping via CPEs and product names, plus a new sortable, filterable vulnerabilities table in the UI.
π¦ Private Scanner: major data storage redesign after a year of intensive use, improving reliability and paving the way for future features.
π API change: when using the indices parameter, you now pass the scan label instead of its numeric ID.
Thanks a lot for your patience and support β it helped us get this release over the line.
π Full changelog and migration details: https://docs.netlas.io/changelog/
docs.netlas.io
Changelog - Netlas Docs
Explore the latest updates, enhancements, and fixes on the Netlas platform. Stay informed with our Changelog for all product and feature developments.
β€3π₯3π2πΎ2
Weβve just shipped Netlas Python SDK v0.8.0 πβ¨
This update brings more reliable downloads, refreshed stats handling, and broader SDK coverage β including new Discovery/Mapping methods, improved Scanner and Datastore tools, and a couple of nice usability touches in both profiles and the CLI.
π Check full changelog here: https://docs.netlas.io/changelog/
This update brings more reliable downloads, refreshed stats handling, and broader SDK coverage β including new Discovery/Mapping methods, improved Scanner and Datastore tools, and a couple of nice usability touches in both profiles and the CLI.
π Check full changelog here: https://docs.netlas.io/changelog/
docs.netlas.io
Changelog - Netlas Docs
Explore the latest updates, enhancements, and fixes on the Netlas platform. Stay informed with our Changelog for all product and feature developments.
π₯4β€2πΎ2
CVE-2025-11699: Insufficient Session Expiration in nopCommerce, 7.1 ratingβοΈ
Because some versions of nopCommerce do not clear cookies, an attacker who gains access to someone else's cookie can use it to hijack a session or escalate privileges.
Search at Netlas.io:
π Link: https://nt.ls/6rFG4
π Dork: http.meta:"nopCommerce"
Read more: https://seclists.org/fulldisclosure/2025/Aug/14
Because some versions of nopCommerce do not clear cookies, an attacker who gains access to someone else's cookie can use it to hijack a session or escalate privileges.
Search at Netlas.io:
π Link: https://nt.ls/6rFG4
π Dork: http.meta:"nopCommerce"
Read more: https://seclists.org/fulldisclosure/2025/Aug/14
πΎ5
CVE-2025-55182: RCE in React Server Components, 10.0 rating π₯π₯π₯
The code of vulnerable components insecurely deserializes HTTP requests, which could allow an attacker to perform RCE.
Search at Netlas.io:
π Link: https://nt.ls/lg3gz
π Dork: tag.name:"react"
Vendor's advisory: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
The code of vulnerable components insecurely deserializes HTTP requests, which could allow an attacker to perform RCE.
Search at Netlas.io:
π Link: https://nt.ls/lg3gz
π Dork: tag.name:"react"
Vendor's advisory: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
π₯8πΎ4
CVE-2025-66399: Command Injection in Cacti, 7.4 ratingβοΈ
A vulnerability in the SNMP component of Cacti could allow an authenticated attacker to perform RCE.
Search at Netlas.io:
π Link: https://nt.ls/VJyxC
π Dork: http.title:"Login to Cacti" OR http.headers.set_cookie:"Cacti"
Vendor's advisory: https://github.com/Cacti/cacti/security/advisories/GHSA-c7rr-2h93-7gjf
A vulnerability in the SNMP component of Cacti could allow an authenticated attacker to perform RCE.
Search at Netlas.io:
π Link: https://nt.ls/VJyxC
π Dork: http.title:"Login to Cacti" OR http.headers.set_cookie:"Cacti"
Vendor's advisory: https://github.com/Cacti/cacti/security/advisories/GHSA-c7rr-2h93-7gjf
πΎ7
π The Evolution of C2: Centralized to On-Chain
We map how C2 moved from IRC and web panels to DGAs, P2P, fast-flux, abuse of legit cloud platforms, and now smart-contract C2 on public blockchains β with concrete detection playbooks.
Whatβs inside:
1. The lineage: IRC β HTTP/HTTPS β DGA & P2P β fast-flux β cloud/βlegitβ platforms β blockchain contracts.
2. Why on-chain C2 matters: immutable contracts, pseudonymous wallets, and payload retrieval over public RPC.
3. Trade-offs: resilience vs latency, and how transparency enables forensics even as takedowns get harder.
4. Practical detection: block JSON-RPC egress to public providers, use TLS/JARM and beacon-timing patterns, and watch for DNS tunneling.
π Read now: https://netlas.io/blog/evolution_of_c2_infrastructure/
We map how C2 moved from IRC and web panels to DGAs, P2P, fast-flux, abuse of legit cloud platforms, and now smart-contract C2 on public blockchains β with concrete detection playbooks.
Whatβs inside:
1. The lineage: IRC β HTTP/HTTPS β DGA & P2P β fast-flux β cloud/βlegitβ platforms β blockchain contracts.
2. Why on-chain C2 matters: immutable contracts, pseudonymous wallets, and payload retrieval over public RPC.
3. Trade-offs: resilience vs latency, and how transparency enables forensics even as takedowns get harder.
4. Practical detection: block JSON-RPC egress to public providers, use TLS/JARM and beacon-timing patterns, and watch for DNS tunneling.
π Read now: https://netlas.io/blog/evolution_of_c2_infrastructure/
netlas.io
The Evolution of C2: Centralized to On-Chain - Netlas Blog
How C2 moved from centralized servers to blockchain contracts. Resilience, trade-offs, real cases, and practical detection via RPC filtering and on-chain analysis.
πΎ3π₯2
CVE-2025-14265: Download of Code Without Integrity Check in ScreenConnect, 9.1 rating π₯
A server-side vulnerability could allow an authenticated attacker to execute custom code or access configuration data.
Search at Netlas.io:
π Link: https://nt.ls/1JSOa
π Dork: http.headers.server:"ScreenConnect"
Vendor's advisory: https://www.connectwise.com/company/trust/security-bulletins/screenconnect-2025.8-security-patch
A server-side vulnerability could allow an authenticated attacker to execute custom code or access configuration data.
Search at Netlas.io:
π Link: https://nt.ls/1JSOa
π Dork: http.headers.server:"ScreenConnect"
Vendor's advisory: https://www.connectwise.com/company/trust/security-bulletins/screenconnect-2025.8-security-patch
πΎ7