Netlas.io

🚀 Introducing the Netlas Docs MCP Server We believe most of you already use AI agents in your daily work, so we decided to make Netlas easier to use with them. Meet the Netlas Docs MCP Server — a simple way to give AI assistants direct access to the latest Netlas documentation and reference data. Now your assistant can: • find exact field names for queries • explain how data is indexed and searched • check API endpoints and formats • pull up-to-date plan and feature details If you rely on Netlas for research, automation, or bug bounty work, this helps your AI tools stay accurate and up to date. 👉 Get started: https://docs.netlas.io/knowledge-base/mcp-server/

CVE-2026-42208: SQL Injection in LiteLLM, 9.3 rating 🔥 Pre-authentication SQL Injection in LiteLLM allows an attacker to read data from the proxy's database and modify it. This vulnerability is already being actively exploited in the wild! Search at Netlas.io: 👉 https://nt.ls/4MNkt 👉 Dork: http.title:LiteLLM OR http.favicon.hash_sha256:26e3e882e76c2dc171b1bda49455641e812b3524f1692729b1fde849b7d52a6f Read more: https://webflow.sysdig.com/blog/cve-2026-42208-targeted-sql-injection-against-litellms-authentication-path-discovered-36-hours-following-vulnerability-disclosure

CVE-2026-42231 and CVE-2026-42232: Two Prototype Pollution vulnerabilities in n8n, 9.4 & 10.0 rating 🔥🔥 Two recently disclosed Prototype Pollution vulnerabilities in n8n allow an authenticated attacker to execute arbitrary code on the server. Search at Netlas.io: 👉 https://nt.ls/beZWa 👉 Dork: http.title:"n8n.io - Workflow Automation" Read more: https://github.com/n8n-io/n8n/security

CVE-2026-3844: Unrestricted Arbitrary File Upload in Breeze WordPress plugin, 9.8 rating 🔥 Unrestricted Arbitrary File Upload in Breeze WordPress plugin allows an unauthenticated attacker to upload web shell and execute it remotely. This vulnerability is already being actively exploited in the wild! Search at Netlas.io: 👉 https://nt.ls/61VeQ 👉 Dork: http.body:"plugins/breeze" *Read more:** https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/breeze/breeze-cache-244-unauthenticated-arbitrary-file-upload-via-fetch-gravatar-from-remote

🚧 Planned Maintenance Netlas will be unavailable for up to two hours on the weekend of April 26, 2026, starting at 08:00 UTC. We will be reconfiguring our network. We expect the downtime to be no longer than two hours and will work to complete it as quickly as possible. Thank you for your understanding and patience. We are sorry for any inconvenience this may cause.

Netlas Python SDK & CLI v0.8.2 is now available via pip and brew. This release adds SDK and CLI support for the new Private Scanner Reports feature introduced in Netlas v1.7. Details at https://docs.netlas.io/changelog/

CVE-2026-21571: OS Command Injection in Atlassian Bamboo Data Center, 9.4 rating 🔥 RCE vulnerability in Atlassian Bamboo Data Center allows an authenticated attacker to execute commands on affected servers. It may cause to full server compromise. Search at Netlas.io: 👉 https://nt.ls/KqPWl Vendor's advisory: https://jira.atlassian.com/browse/BAM-26364

CVE-2026-33557, and CVE-2026-33558: Vulnerabilities in Apache Kafka, up to 9.1 rating 🔥 Two new vulnerabilities in Apache Kafka: the first allows attacker to generate their own JWT from any issuer, the second flow is the sensitive information disclosure, if the NetworkClient component is set to the DEBUG log level. Search at Netlas.io: 👉 Link: https://nt.ls/M6oTa 👉 Dork: http.title:”kafka” OR http.title:”Apache Kafka” OR http.body:”kafka” OR http.body:”Apache Kafka” Read more: https://kafka.apache.org/community/cve-list/

Netlas v1.7 is out 📊 Private Scanner Reports — summarized scan results for quick review and comparison. 🧩 Datasets now use NDJSON/JSONL format — easier to stream from archives. 🛠 Improved discovery & mapping UI, mobile experience, and host view. Details at https://docs.netlas.io/changelog/

CVE-2026-40530, CVE-2026-4036, and others: Vulnerabilities in Synology DSM, up to 8.0 rating 🔥 Several vulnerabilities in Synology DiskStation Manager (DSM) allow remote authenticated attacker to read or write files, conduct denial-of-service attacks, and obtain information, including arbitrary sharing files. Search at Netlas.io: 👉 Link: https://nt.ls/Ap4pz 👉 Dork: http.favicon.hash_sha256:b8f4bb2e2ba81cb86875fb89db4571278d6e23fd888313d0f4152b1adbc8bd08 Vendor's advisory: https://www.synology.com/en-us/security/advisory/Synology_SA_26_06

🤖 Abuse of Telegram Bot API Exploring how attackers misuse Telegram bots in real-world campaigns. • Learn how to hunt Telegram-based infrastructure using real Netlas queries • See detailed case studies with real IOCs • Understand stable detection patterns that work beyond hashes and domains ⏱️ 15 min read 👉🏼 Read the post: https://netlas.io/blog/abuse_of_telegram_bot_api/

CVE-2026-32201: Microsoft SharePoint Server Spoofing Vulnerability, 6.5 rating ❗️ Improper input validation in Microsoft SharePoint Server allows an unauthorized attacker to perform spoofing over a network and view sensitive internal data or make unauthorized changes. This vulnerability is already being actively exploited in the wild! Search at Netlas.io: 👉 Link: https://nt.ls/DjQpd 👉 Dork: http.headers.microsoftsharepointteamservices:* 👉 Dork (MS subdomains filtered): http.headers.microsoftsharepointteamservices:* !host:*.sharepoint.com Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201

CVE-2026-40175: Unrestricted Cloud Metadata Exfiltration in Axios, 10.0 rating 😱 A critical security vulnerability in Axios allows prototype pollution in any third-party dependency to be escalated into RCE or Full Cloud Compromise. PoC is now available! Search at Netlas.io: 👉 Link: https://nt.ls/i7rT8 👉 Dork: tag.name:"axios" Read more: https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx

CVE-2026-5173, CVE-2026-1092, CVE-2025-12664 and other: Vulnerabilities in GitLab CE and EE, up to 8.5 rating 🔥 Several vulnerabilities in GitLab could compromise code integrity and allow an unauthenticated user to cause denial of service. Search at Netlas.io: 👉 Link: https://nt.ls/QGxUF 👉 Dork: http.title:"GitLab" OR http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef Vendor's advisory: https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

CVE-2026-4112 and other: SQL injection and TOTP vulnerabilities in SonicWall SMA 1000 Series, up to 7.2 rating ❗️ The most severe vulnerability (SQL injection) allows remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator. Search at Netlas.io: 👉 Link: https://nt.ls/mzseI 👉 Dork: http.favicon.hash_sha256:6bb6f64adaa6a7ed4da10a2fe4edf4cb4d9914aa742c7ad607ca4ca678dcd3f1 OR certificate.subject_dn:"HTTPS Management Certificate for SonicWALL (self-signed)" Vendor's advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003

🔄 How to Find Unprotected Databases — Chapter 2 A Netlas beginner’s guide — now republished on our blog (moved from Medium). Reviewed and updated. 🕒 5 min read 👉 https://netlas.io/blog/how_to_find_unprotected_databases_chapter_2/

CVE-2026-0740: Vulnerability in Ninja Forms WordPress plugin, 9.8 rating The vulnerability allows unauthenticated attackers to upload arbitrary files to a vulnerable site and achieve remote code execution. Search at Netlas.io: 👉 Link: https://nt.ls/rkM7h 👉 Dork: http.body:"plugins/ninja-forms" Read more: https://www.wordfence.com/blog/2026/04/50000-wordpress-sites-affected-by-arbitrary-file-upload-vulnerability-in-ninja-forms-file-upload-wordpress-plugin/

CVE-2026-3429, CVE-2026-4636 and others in Keycloak. Several vulnerabilities in Keycloak allow attackers to bypass MFA, steal access tokens, and access confidential user data. Search at Netlas.io: 👉 Link: https://nt.ls/Ooqi1 👉 Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676 Vendor's advisory: https://www.keycloak.org/2026/04/keycloak-2657-released

⭐️ Ever wondered how professional threat intelligence feeds are actually built? Our partners at RST Cloud pull back the curtain on their approach to threat hunting — revealing how they identify, track, and expand command-and-control (C2) infrastructure at scale. 🔍 Inside the post: • How RST Cloud discovers malicious infrastructure in the wild • Techniques for linking isolated IoCs into meaningful threat clusters • The methodology behind building reliable, high-quality threat intelligence feeds • How Netlas data helps enrich and accelerate investigations This is a rare look into the real workflows behind modern threat intelligence — straight from a team doing it every day. 🕒 5 min read 👉 https://netlas.io/blog/с2_hunting_by_rst_cloud/

🔄 Netlas and Uncover The article has been updated. All commands were reviewed and tested. 👉🏼 Read the guide: https://netlas.io/blog/netlas_and_uncover/