uz
Feedback
Netlas.io

Netlas.io

Kanalga Telegram’da oβ€˜tish

Explore the latest in cybersecurity with Netlas.io. Stay ahead with updates on high-profile vulnerabilities, expert tutorials, essential safety tips, and the latest Netlas developments.

Ko'proq ko'rsatish
2 190
Obunachilar
+224 soatlar
+167 kunlar
+5030 kunlar
Postlar arxiv
CVE-2026-49869 & CVE-2026-53576: Two RCE vulnerabilities in kestra, 10.0 rating 😱 Recently disclosed vulnerabilities in Kest
CVE-2026-49869 & CVE-2026-53576: Two RCE vulnerabilities in kestra, 10.0 rating 😱 Recently disclosed vulnerabilities in Kestra allow an unauthenticated remote attacker to execute arbitrary code as root. Search at Netlas.io: πŸ‘‰ Link: https://nt.ls/58ToN πŸ‘‰ Dork: http.title:kestra OR http.favicon.hash_sha256:26119c9b0a6c4e82ae8c2d367e4a7cb56a30c4da664b7185d14f6fbdf50f8ec8 Read more: https://github.com/kestra-io/kestra/security

CVE-2026-52813 & CVE-2026-52806 & CVE-2026-52811: Three RCE vulnerabilities in gogs, up to 10.0 rating πŸ”₯ Recently disclosed
CVE-2026-52813 & CVE-2026-52806 & CVE-2026-52811: Three RCE vulnerabilities in gogs, up to 10.0 rating πŸ”₯ Recently disclosed vulnerabilities in gogs allow an attacker to execute arbitrary code. PoC exist for all three! Search at Netlas.io: πŸ‘‰ Link: https://nt.ls/A9o6h πŸ‘‰ Dork: tag.name:gogs Read more: https://github.com/gogs/gogs/security

CVE-2026-12046: RCE vulnerability in pgAdmin 4, 9.5 rating πŸ”₯ Two SQL Editor endpoints were missing the login-required decora
CVE-2026-12046: RCE vulnerability in pgAdmin 4, 9.5 rating πŸ”₯ Two SQL Editor endpoints were missing the login-required decorator and were reachable without authentication in server mode. This exposes an unauthenticated remote code execution path in the pgAdmin process. Search at Netlas.io: πŸ‘‰ Link: https://nt.ls/jbYEF πŸ‘‰ Dork: http.title:"pgAdmin" OR http.headers.set_cookie:"pga4_session=" OR http.favicon.hash_sha256:c3251099ffc5ed057dcbb624adbe79fa5794a0c64684442c1eaf1abc3edf7bde OR http.favicon.hash_sha256:6afa287fc6721817d9931bd8d7a796646ea535596f8bb038ff048666e19cfd17 Read more: https://github.com/pgadmin-org/pgadmin4/issues/10072

CVE-2026-8713: Arbitrary file deletion in Avada Builder WordPress plugin, 9.1 rating πŸ”₯ New vulnerability in Avada Builder Wo
CVE-2026-8713: Arbitrary file deletion in Avada Builder WordPress plugin, 9.1 rating πŸ”₯ New vulnerability in Avada Builder WordPress plugin (formerly Fusion Builder) allows an unauthenticated attacker to delete any file on the server. It can easily lead to remote code execution when the right file is deleted. Search at Netlas.io: πŸ‘‰ Link: https://nt.ls/ohFG5 πŸ‘‰ Dork: http.body:"wp-content/plugins/fusion-builder" Read more: https://www.wordfence.com/blog/2026/06/critical-unauthenticated-arbitrary-file-deletion-vulnerability-patched-in-avada-builder-wordpress-plugin/

CVE-2026-10829: Remote code execution in Moxa NPort, 8.6 rating πŸ”₯ A stack-based buffer overflow in Moxa NPort allows an atta
CVE-2026-10829: Remote code execution in Moxa NPort, 8.6 rating πŸ”₯ A stack-based buffer overflow in Moxa NPort allows an attacker to corrupt memory by sending crafted input. It could achieve remote code execution with root privileges. Search at Netlas.io: πŸ‘‰ Link: https://nt.ls/12mUL πŸ‘‰ Dork: http.title:"NPort Web Console" OR http.headers.server:"MoxaHttp" OR http.body:"NPort Web Console" OR http.body:"<TITLE>OnCell" OR http.body:"<TITLE>Moxa OnCell" Vendor's advisory: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-261910-cve-2026-10828,-cve-2026-10829-use-of-externally-controlled-format-string-and-stack-based-buffer-overflow-v

CVE-2026-48062: Arbitrary code execution in CodeIgniter, 9.8 rating πŸ”₯ Uploaded file extension validation bypass in PHP frame
CVE-2026-48062: Arbitrary code execution in CodeIgniter, 9.8 rating πŸ”₯ Uploaded file extension validation bypass in PHP framework CodeIgniter may in some cases lead to arbitrary code execution. Search at Netlas.io: πŸ‘‰ Link: https://nt.ls/HPzgw πŸ‘‰ Dork: tag.name:codeigniter Vendor's advisory: https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-2gr4-ppc7-7mhx

CVE-2026-47367 and other: Improper Input Validation vulnerabilities in Ubiquiti UniFi OS, 9.9 rating πŸ”₯ Several improper inpu
CVE-2026-47367 and other: Improper Input Validation vulnerabilities in Ubiquiti UniFi OS, 9.9 rating πŸ”₯ Several improper input validation and other weaknesses allow low-privileged attacker to execute command injection and possible to compromise network. Search at Netlas.io: πŸ‘‰ Link: https://nt.ls/TczjZ πŸ‘‰ Dork: tag.name:"ubiquiti_unifi" Vendor's advisory: https://community.ui.com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a

CVE-2026-47759 - CVE-2026-47762: Four XSS vulnerabilities in TinyMCE, 8.7 rating πŸ”₯ Four recently disclosed Cross-Site Script
CVE-2026-47759 - CVE-2026-47762: Four XSS vulnerabilities in TinyMCE, 8.7 rating πŸ”₯ Four recently disclosed Cross-Site Scripting (XSS) vulnerabilities allow remote attacker to inject malicious scripts into web pages. Search at Netlas.io: πŸ‘‰ Link: https://nt.ls/DRDw1 πŸ‘‰ Dork: tag.name:"tinymce" Read more: https://github.com/tinymce/tinymce/security

CVE-2026-44494: Full Man-in-the-Middle via Prototype Pollution Gadget in Axios, 8.7 rating πŸ”₯ The Axios library is vulnerable
CVE-2026-44494: Full Man-in-the-Middle via Prototype Pollution Gadget in Axios, 8.7 rating πŸ”₯ The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows an attacker intercept, read, and modify all outgoing HTTP requests including authentication credentials. Search at Netlas.io: πŸ‘‰ Link: https://nt.ls/emv2w πŸ‘‰ Dork: tag.name:"axios" Read more: https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh

πŸ“˜ Attackers no longer need custom malware. Legitimate Remote Monitoring & Management (RMM) tools like AnyDesk, ScreenConnect, TeamViewer, Atera, and others are increasingly being weaponized for initial access, persistence, and ransomware operations. Our latest research breaks down how threat actors abuse RMM platforms, common attack chains, detection opportunities, and defensive measures. πŸ‘‰ Read the blog: https://netlas.io/blog/weaponized_rmm/

CVE-2026-47783 &amp; CVE-2026-47784: Two SASL vulnerabilities in Memcached, 8.1 rating πŸ”₯ Two new vulnerabilities Memcached a
CVE-2026-47783 & CVE-2026-47784: Two SASL vulnerabilities in Memcached, 8.1 rating πŸ”₯ Two new vulnerabilities Memcached allow an attacker to enumerate valid usernames on the system and guess their passwords because password and username data for SASL password database authentication has a timing side channel. Search at Netlas.io: πŸ‘‰ Link: https://nt.ls/zZBd0 πŸ‘‰ Dork: memcached.version:<1.6.42 Read more: https://github.com/memcached/memcached/wiki/ReleaseNotes1642

CVE-2026-34908, CVE-2026-34909 & CVE-2026-34910: Vulnerabilities in Ubiquiti UniFi OS, 10.0 rating πŸ”₯πŸ”₯πŸ”₯ Three new vulnerabi
CVE-2026-34908, CVE-2026-34909 & CVE-2026-34910: Vulnerabilities in Ubiquiti UniFi OS, 10.0 rating πŸ”₯πŸ”₯πŸ”₯ Three new vulnerabilities in Ubiquiti UniFi OS allow an network attacker to make unauthorized changes, access files and execute arbitrary command. It may cause to full device compromise. Search at Netlas.io: πŸ‘‰ Link: https://nt.ls/oMQHo πŸ‘‰ Dork: tag.name:"ubiquiti_unifi" Vendor's advisory: https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

CVE-2026-46354: Token theft in Coder, 9.1 rating πŸ”₯ New vulnerability in Coder allows an attacker on any Azure VM to steal an
CVE-2026-46354: Token theft in Coder, 9.1 rating πŸ”₯ New vulnerability in Coder allows an attacker on any Azure VM to steal an agent session token, and with the stolen token get access to Git SSH private key, OAuth access tokens or workspace secrets. Search at Netlas.io: πŸ‘‰ Link: https://nt.ls/JwI80 πŸ‘‰ Dork: http.favicon.hash_sha256:05d85ef30160f0c790ba0acf9470dae35a85a90a2b79387fe4b6994852c1dbf4 OR http.meta:"https://coder.com/docs" OR http.unknon_headers.key:"x_coder_request_id" OR http.unknown_headers.key:"x_coder_build_version" Vendor's advisory: https://github.com/advisories/GHSA-6x44-w3xg-hqqf

Totally new 0-day RCE vulnerability in NGINX. Again 😱 New zero-day RCE vulnerability named nginx-poolslip targets the latest
Totally new 0-day RCE vulnerability in NGINX. Again 😱 New zero-day RCE vulnerability named nginx-poolslip targets the latest mainline release 1.31.0. Search at Netlas.io: πŸ‘‰ Link: https://nt.ls/k1sOO πŸ‘‰ Dork: tag.name:nginx Read more: https://x.com/nebusecurity/status/2057071579876753643

πŸ““ Discovering Data Exposure with Netlas A practical walkthrough of how security researchers can use Netlas to identify exposed / leaked sensitive data across internet-facing systems. βœ” Methods for finding leaked data βœ” Common exposure patterns βœ” Real-world search techniques πŸ‘‰ Read the article: https://netlas.io/blog/discovering_data_exposure_with_netlas/

🌍 Netlas v1.8 is live Private Scanner now supports Scanner Locations! Run scans from different countries to see infrastructu
🌍 Netlas v1.8 is live Private Scanner now supports Scanner Locations! Run scans from different countries to see infrastructure from multiple geographic perspectives. New in this release: βœ“ Distributed Scanner Locations βœ“ Location details in reports & API βœ“ UI polish and ASD bug fixes. πŸ‘‰ Details: https://docs.netlas.io/changelog/

CVE-2026-44789, CVE-2026-44790 & CVE-2026-44791: 3 new vulnerabilities in n8n, 9.4 rating πŸ”₯ Recently disclosed vulnerabiliti
CVE-2026-44789, CVE-2026-44790 & CVE-2026-44791: 3 new vulnerabilities in n8n, 9.4 rating πŸ”₯ Recently disclosed vulnerabilities in n8n allow an attacker to read arbitrary files from the server, achieve global prototype pollution and bypass the patch for previous vulnerability (CVE-2026-42232). Search at Netlas.io: πŸ‘‰ Link: https://nt.ls/dRB5p πŸ‘‰ Dork: http.title:"n8n.io - Workflow Automation" Read more: https://github.com/n8n-io/n8n/security

CVE-2026-42945: 18-Year-Old vulnerability in NGINX, 9.2 rating πŸ”₯ Heap buffer overflow vulnerability in NGINX Plus and NGINX
CVE-2026-42945: 18-Year-Old vulnerability in NGINX, 9.2 rating πŸ”₯ Heap buffer overflow vulnerability in NGINX Plus and NGINX Open Source allows an unauthenticated attacker to lead NGINX worker process to restart by sending crafted HTTP requests. Additionally, in some cases code execution is possible. This vulnerability is already being actively exploited in the wild! Search at Netlas.io: πŸ‘‰ Link: https://nt.ls/9xSvG πŸ‘‰ Dork: tag.name:nginx Vendor's advisory: https://my.f5.com/manage/s/article/K000161019

CVE-2026-42897: Microsoft Exchange Server spoofing vulnerability, 8.1 rating πŸ”₯ New spoofing vulnerability in on-premise Micr
CVE-2026-42897: Microsoft Exchange Server spoofing vulnerability, 8.1 rating πŸ”₯ New spoofing vulnerability in on-premise Microsoft Exchange Server hits OWA and allows an unauthorized attacker to execute malicious code by sending a specially crafted email to a user. This vulnerability is already being actively exploited in the wild! Search at Netlas.io: πŸ‘‰ Link: https://nt.ls/64QAo πŸ‘‰ Dork: tag.name:"microsoft_exchange" Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42897

CVE-2026-44194 & CVE-2026-45158: Two RCE vulnerabilities in OPNsense, 9.1 rating πŸ”₯ Two vulnerabilities in OPNsense allows an
CVE-2026-44194 & CVE-2026-45158: Two RCE vulnerabilities in OPNsense, 9.1 rating πŸ”₯ Two vulnerabilities in OPNsense allows an authenticated attacker to execute arbitrary code as root on the firewall host via User management system (CVE-2026-44194) and DHCP Config (CVE-2026-45158). PoC already available! Search at Netlas.io: πŸ‘‰ Link: https://nt.ls/S0qIg πŸ‘‰ Dork: tag.name:opnsense Vendor's advisory: https://github.com/opnsense/core/security