Netlas.io

CVE-2026-29202 & CVE-2026-29203: Two vulnerabilities in cPanel, 8.8 rating 🔥 The first vulnerability in cPanel allows an attacker to execute arbitrary commands directly on the server via Perl injection (CVE-2026-29202). The second one (CVE-2026-29203) allows for denial of service and possible privilege escalation. Search at Netlas.io: 👉 Link: https://nt.ls/2en2n 👉 Dork: http.title:cpanel OR http.headers.set_cookie:"cprelogin" OR http.headers.set_cookie:"cpsession" Vendor's advisory: https://support.cpanel.net/hc/en-us/articles/40311426610327-Security-CVE-2026-29202-cPanel-WHM-WP2-Security-Update-May-08-2026 https://support.cpanel.net/hc/en-us/articles/40311543760407-Security-CVE-2026-29203-cPanel-WHM-WP2-Security-Update-May-08-2026

CVE-2026-23870: DoS in React Server Components, 7.5 rating 🔥 DoS vulnerability in React Server Components allows an attacker to disable the web application by exhausting server resources. This vulnerability requires a specific architectural setup to be exploited. Search at Netlas.io: 👉 Link: https://nt.ls/akCFc 👉 Dork: tag.name:"react" Vendor's advisory: https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh

CVE-2026-23918 and other: Several vulnerabilities in Apache HTTP Server, up to 8.8 rating 🔥 Several vulnerabilities in Apache HTTP Server allow attacker to achieve RCE on the server, to bypass authentication, or escalate privileges. Search at Netlas.io: 👉 Link: https://nt.ls/I4fYP 👉 Dork: tag.name:"apache_http_server" Vendor's advisory: https://httpd.apache.org/security/vulnerabilities_24.html

CVE-2026-0204 and other: Several vulnerabilities in SonicWall SonicOS, up to 8.0 rating 🔥 Several vulnerabilities in SonicWall SonicOS allow attacker to bypass access controls, to interact with usually restricted services, or to crash a firewall. Search at Netlas.io: 👉 Link: https://nt.ls/H8DoW 👉 Dork: http.favicon.hash_sha256:6bb6f64adaa6a7ed4da10a2fe4edf4cb4d9914aa742c7ad607ca4ca678dcd3f1 OR certificate.subject_dn:"HTTPS Management Certificate for SonicWALL (self-signed)" Vendor's advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004

🚀 Introducing the Netlas Docs MCP Server We believe most of you already use AI agents in your daily work, so we decided to make Netlas easier to use with them. Meet the Netlas Docs MCP Server — a simple way to give AI assistants direct access to the latest Netlas documentation and reference data. Now your assistant can: • find exact field names for queries • explain how data is indexed and searched • check API endpoints and formats • pull up-to-date plan and feature details If you rely on Netlas for research, automation, or bug bounty work, this helps your AI tools stay accurate and up to date. 👉 Get started: https://docs.netlas.io/knowledge-base/mcp-server/

CVE-2026-42208: SQL Injection in LiteLLM, 9.3 rating 🔥 Pre-authentication SQL Injection in LiteLLM allows an attacker to read data from the proxy's database and modify it. This vulnerability is already being actively exploited in the wild! Search at Netlas.io: 👉 https://nt.ls/4MNkt 👉 Dork: http.title:LiteLLM OR http.favicon.hash_sha256:26e3e882e76c2dc171b1bda49455641e812b3524f1692729b1fde849b7d52a6f Read more: https://webflow.sysdig.com/blog/cve-2026-42208-targeted-sql-injection-against-litellms-authentication-path-discovered-36-hours-following-vulnerability-disclosure

CVE-2026-42231 and CVE-2026-42232: Two Prototype Pollution vulnerabilities in n8n, 9.4 & 10.0 rating 🔥🔥 Two recently disclosed Prototype Pollution vulnerabilities in n8n allow an authenticated attacker to execute arbitrary code on the server. Search at Netlas.io: 👉 https://nt.ls/beZWa 👉 Dork: http.title:"n8n.io - Workflow Automation" Read more: https://github.com/n8n-io/n8n/security

CVE-2026-3844: Unrestricted Arbitrary File Upload in Breeze WordPress plugin, 9.8 rating 🔥 Unrestricted Arbitrary File Upload in Breeze WordPress plugin allows an unauthenticated attacker to upload web shell and execute it remotely. This vulnerability is already being actively exploited in the wild! Search at Netlas.io: 👉 https://nt.ls/61VeQ 👉 Dork: http.body:"plugins/breeze" *Read more:** https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/breeze/breeze-cache-244-unauthenticated-arbitrary-file-upload-via-fetch-gravatar-from-remote

🚧 Planned Maintenance Netlas will be unavailable for up to two hours on the weekend of April 26, 2026, starting at 08:00 UTC. We will be reconfiguring our network. We expect the downtime to be no longer than two hours and will work to complete it as quickly as possible. Thank you for your understanding and patience. We are sorry for any inconvenience this may cause.

Netlas Python SDK & CLI v0.8.2 is now available via pip and brew. This release adds SDK and CLI support for the new Private Scanner Reports feature introduced in Netlas v1.7. Details at https://docs.netlas.io/changelog/

CVE-2026-21571: OS Command Injection in Atlassian Bamboo Data Center, 9.4 rating 🔥 RCE vulnerability in Atlassian Bamboo Data Center allows an authenticated attacker to execute commands on affected servers. It may cause to full server compromise. Search at Netlas.io: 👉 https://nt.ls/KqPWl Vendor's advisory: https://jira.atlassian.com/browse/BAM-26364

CVE-2026-33557, and CVE-2026-33558: Vulnerabilities in Apache Kafka, up to 9.1 rating 🔥 Two new vulnerabilities in Apache Kafka: the first allows attacker to generate their own JWT from any issuer, the second flow is the sensitive information disclosure, if the NetworkClient component is set to the DEBUG log level. Search at Netlas.io: 👉 Link: https://nt.ls/M6oTa 👉 Dork: http.title:”kafka” OR http.title:”Apache Kafka” OR http.body:”kafka” OR http.body:”Apache Kafka” Read more: https://kafka.apache.org/community/cve-list/

Netlas v1.7 is out 📊 Private Scanner Reports — summarized scan results for quick review and comparison. 🧩 Datasets now use NDJSON/JSONL format — easier to stream from archives. 🛠 Improved discovery & mapping UI, mobile experience, and host view. Details at https://docs.netlas.io/changelog/

CVE-2026-40530, CVE-2026-4036, and others: Vulnerabilities in Synology DSM, up to 8.0 rating 🔥 Several vulnerabilities in Synology DiskStation Manager (DSM) allow remote authenticated attacker to read or write files, conduct denial-of-service attacks, and obtain information, including arbitrary sharing files. Search at Netlas.io: 👉 Link: https://nt.ls/Ap4pz 👉 Dork: http.favicon.hash_sha256:b8f4bb2e2ba81cb86875fb89db4571278d6e23fd888313d0f4152b1adbc8bd08 Vendor's advisory: https://www.synology.com/en-us/security/advisory/Synology_SA_26_06

🤖 Abuse of Telegram Bot API Exploring how attackers misuse Telegram bots in real-world campaigns. • Learn how to hunt Telegram-based infrastructure using real Netlas queries • See detailed case studies with real IOCs • Understand stable detection patterns that work beyond hashes and domains ⏱️ 15 min read 👉🏼 Read the post: https://netlas.io/blog/abuse_of_telegram_bot_api/

CVE-2026-32201: Microsoft SharePoint Server Spoofing Vulnerability, 6.5 rating ❗️ Improper input validation in Microsoft SharePoint Server allows an unauthorized attacker to perform spoofing over a network and view sensitive internal data or make unauthorized changes. This vulnerability is already being actively exploited in the wild! Search at Netlas.io: 👉 Link: https://nt.ls/DjQpd 👉 Dork: http.headers.microsoftsharepointteamservices:* 👉 Dork (MS subdomains filtered): http.headers.microsoftsharepointteamservices:* !host:*.sharepoint.com Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201

CVE-2026-40175: Unrestricted Cloud Metadata Exfiltration in Axios, 10.0 rating 😱 A critical security vulnerability in Axios allows prototype pollution in any third-party dependency to be escalated into RCE or Full Cloud Compromise. PoC is now available! Search at Netlas.io: 👉 Link: https://nt.ls/i7rT8 👉 Dork: tag.name:"axios" Read more: https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx

CVE-2026-5173, CVE-2026-1092, CVE-2025-12664 and other: Vulnerabilities in GitLab CE and EE, up to 8.5 rating 🔥 Several vulnerabilities in GitLab could compromise code integrity and allow an unauthenticated user to cause denial of service. Search at Netlas.io: 👉 Link: https://nt.ls/QGxUF 👉 Dork: http.title:"GitLab" OR http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef Vendor's advisory: https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

CVE-2026-4112 and other: SQL injection and TOTP vulnerabilities in SonicWall SMA 1000 Series, up to 7.2 rating ❗️ The most severe vulnerability (SQL injection) allows remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator. Search at Netlas.io: 👉 Link: https://nt.ls/mzseI 👉 Dork: http.favicon.hash_sha256:6bb6f64adaa6a7ed4da10a2fe4edf4cb4d9914aa742c7ad607ca4ca678dcd3f1 OR certificate.subject_dn:"HTTPS Management Certificate for SonicWALL (self-signed)" Vendor's advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003

🔄 How to Find Unprotected Databases — Chapter 2 A Netlas beginner’s guide — now republished on our blog (moved from Medium). Reviewed and updated. 🕒 5 min read 👉 https://netlas.io/blog/how_to_find_unprotected_databases_chapter_2/