CVE-2025-47110: Cross-site Scripting in Magento (and Adobe Commerce), 9.1 rating 🔥
An XSS vulnerability in Magento and Adobe Commerce allows an attacker to inject code into vulnerable forms and execute it in the victim's browser.
Search at Netlas.io:
👉 Link: https://nt.ls/v6wk6
👉 Dork: tag.name:"magento" AND http.headers.server:"Apache"
Vendor's advisory: https://helpx.adobe.com/security/products/magento/apsb25-50.html
An XSS vulnerability in Magento and Adobe Commerce allows an attacker to inject code into vulnerable forms and execute it in the victim's browser.
Search at Netlas.io:
👉 Link: https://nt.ls/v6wk6
👉 Dork: tag.name:"magento" AND http.headers.server:"Apache"
Vendor's advisory: https://helpx.adobe.com/security/products/magento/apsb25-50.html
🔥3👾3
CVE-2025-4798, -4799: Absolute Path Traversal in DownloadManager WordPress Plugin, 4.9 - 7.2 rating❗️
Vulnerabilities shared with us by the pen tester who found them. Allow attackers to manipulate files on the server, which can lead to RCE.
Search at Netlas.io:
👉 Link: https://nt.ls/DH8EA
👉 Dork: http.body:"plugins/wp-downloadmanager"
More information here: https://youtu.be/QTe3rf0-e7U?si=THZKoKeI1vN-arR7
Vulnerabilities shared with us by the pen tester who found them. Allow attackers to manipulate files on the server, which can lead to RCE.
Search at Netlas.io:
👉 Link: https://nt.ls/DH8EA
👉 Dork: http.body:"plugins/wp-downloadmanager"
More information here: https://youtu.be/QTe3rf0-e7U?si=THZKoKeI1vN-arR7
👾5🔥3
CVE-2025-48976, -48988, -49125: Multiple vulnerabilitites in Apache Tomcat, 7.5 rating❗️
Recent vulnerabilities in Apache Tomcat allow an attacker to perform DoS and gain access to resources through insecure path.
Search at Netlas.io:
👉 Link: https://nt.ls/oAb4X
👉 Dork: http.favicon.hash_sha256:64a3170a912786e9eece7e347b58f36471cb9d0bc790697b216c61050e6b1f08 OR http.headers.server:"Apache-Coyote"
Vendor's advisory: https://lists.apache.org/thread/m66cytbfrty9k7dc4cg6tl1czhsnbywk
Recent vulnerabilities in Apache Tomcat allow an attacker to perform DoS and gain access to resources through insecure path.
Search at Netlas.io:
👉 Link: https://nt.ls/oAb4X
👉 Dork: http.favicon.hash_sha256:64a3170a912786e9eece7e347b58f36471cb9d0bc790697b216c61050e6b1f08 OR http.headers.server:"Apache-Coyote"
Vendor's advisory: https://lists.apache.org/thread/m66cytbfrty9k7dc4cg6tl1czhsnbywk
🔥3👾3👍2
CVE-2025-4278, -5121, 2254 and other: Multiple vulnerabilities in GitLab, 3.7 - 8.7 rating❗️
In recent patch notes, GitLab reported ten vulnerabilities, including HTML injection, XSS, DoS, and more.
Search at Netlas.io:
👉 Link: https://nt.ls/dq6qU
👉 Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/06/11/patch-release-gitlab-18-0-2-released/#cve-2025-5121---missing-authorization-issue-impacts-gitlab-ultimate-ee
In recent patch notes, GitLab reported ten vulnerabilities, including HTML injection, XSS, DoS, and more.
Search at Netlas.io:
👉 Link: https://nt.ls/dq6qU
👉 Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/06/11/patch-release-gitlab-18-0-2-released/#cve-2025-5121---missing-authorization-issue-impacts-gitlab-ultimate-ee
👾3🔥2
AI‑Powered Attack Surface Mapping 🤖
Artificial intelligence is a topic that has not lost its popularity in recent years. Language models have proven themselves in many areas, including information security.
In our latest article, discover how to leverage AI for comprehensive attack surface discovery, plus get an unbiased comparison of leading models so you can pick the right one for your needs.
👉 Read now: https://netlas.io/blog/ai-driven_attack_surface_discovery/
Artificial intelligence is a topic that has not lost its popularity in recent years. Language models have proven themselves in many areas, including information security.
In our latest article, discover how to leverage AI for comprehensive attack surface discovery, plus get an unbiased comparison of leading models so you can pick the right one for your needs.
👉 Read now: https://netlas.io/blog/ai-driven_attack_surface_discovery/
netlas.io
AI-Driven Attack Surface Discovery - Netlas Blog
Can large language models assist in attack surface mapping? We put them to the test using the Netlas Discovery API in a hands-on classification experiment.
🔥5👍2👾1
CVE-2025-4981: RCE in Mattermost, 9.9 rating 🔥
A recently patched vulnerability in some versions of Mattermost allowed attackers to write files to arbitrary locations on the host system, which could lead to remote code execution.
Search at Netlas.io:
👉 Link: https://nt.ls/zchKc
👉 Dork: http.meta:"mattermost"
Vendor's advisory: https://mattermost.com/security-updates/
A recently patched vulnerability in some versions of Mattermost allowed attackers to write files to arbitrary locations on the host system, which could lead to remote code execution.
Search at Netlas.io:
👉 Link: https://nt.ls/zchKc
👉 Dork: http.meta:"mattermost"
Vendor's advisory: https://mattermost.com/security-updates/
🔥4👾3
CVE-2025-48703: RCE in Centos7 Web Panel, high rating❗️
The vulnerability allows an attacker to bypass the authentication process and perform code injection.
Search at Netlas.io:
👉 Link: https://nt.ls/2pJo7
👉 Dork: http.headers.server:"cwpsrv"
Read more: https://fenrisk.com/rce-centos-webpanel
The vulnerability allows an attacker to bypass the authentication process and perform code injection.
Search at Netlas.io:
👉 Link: https://nt.ls/2pJo7
👉 Dork: http.headers.server:"cwpsrv"
Read more: https://fenrisk.com/rce-centos-webpanel
🔥4👍3❤2👾2
CVE-2025-6543, -5777: Vulnerabilities in NetScaler ADC/Gateway, 9.2 - 9.3 rating 🔥
Fresh vulnerabilities related to file manipulation outside the memory buffer. The first of them allows an attacker to perform DoS, the second - to obtain private data.
Search at Netlas.io:
👉 Link: https://nt.ls/XriYU
👉 Dork: http.noscript:"Netscaler Gateway" OR http.noscript:"Citrix Gateway" OR http.headers.x_powered_by:"Citrix ADC (formerly NetScaler)"
Vendor's advisory: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788
Fresh vulnerabilities related to file manipulation outside the memory buffer. The first of them allows an attacker to perform DoS, the second - to obtain private data.
Search at Netlas.io:
👉 Link: https://nt.ls/XriYU
👉 Dork: http.noscript:"Netscaler Gateway" OR http.noscript:"Citrix Gateway" OR http.headers.x_powered_by:"Citrix ADC (formerly NetScaler)"
Vendor's advisory: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788
🔥3👾3👍1
CVE-2025-6709: Improper Input Validation in MongoDB Server, 7.5 rating❗️
Due to insufficient handling of values in JSON input data, MongoDB servers are vulnerable to unauthenticated DoS.
Search at Netlas.io:
👉 Link: https://nt.ls/pVXpg
👉 Dork: mongodb:*
Vendor's advisory: https://jira.mongodb.org/browse/SERVER-106748
Due to insufficient handling of values in JSON input data, MongoDB servers are vulnerable to unauthenticated DoS.
Search at Netlas.io:
👉 Link: https://nt.ls/pVXpg
👉 Dork: mongodb:*
Vendor's advisory: https://jira.mongodb.org/browse/SERVER-106748
🔥4👾2
Dear Netlas Community Members,
We are seeking passionate authors to contribute to our cybersecurity blog. If you’re interested in sharing your expertise and insights, we welcome you to join us 🤝
✍️ What’s in it for you?
• Competitive compensation in USDT — from $200 up to $1000 per article.
• A dedicated author profile to boost your visibility.
• Editorial support from our professional team.
👉 Ready to share your knowledge?
Fill out the form and join the Netlas author team today: https://netlas.io/promo/write_for_netlas/
We are seeking passionate authors to contribute to our cybersecurity blog. If you’re interested in sharing your expertise and insights, we welcome you to join us 🤝
✍️ What’s in it for you?
• Competitive compensation in USDT — from $200 up to $1000 per article.
• A dedicated author profile to boost your visibility.
• Editorial support from our professional team.
👉 Ready to share your knowledge?
Fill out the form and join the Netlas author team today: https://netlas.io/promo/write_for_netlas/
netlas.io
Join as an author - Netlas
Are you a cybersecurity pro? Write about the internet and cybersecurity with the Netlas team.
🔥7
CVE-2025-47812: RCE in Wing FTP Server, 10.0 rating 🔥🔥🔥
NULL byte injection vulnerability allows attacker to take full control of Wing server. PoC is now available!
Search at Netlas.io:
👉 Link: https://nt.ls/dzdTV
👉 Dork: \*.banner:"Wing FTP"
Read more: https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-47812.txt
NULL byte injection vulnerability allows attacker to take full control of Wing server. PoC is now available!
Search at Netlas.io:
👉 Link: https://nt.ls/dzdTV
👉 Dork: \*.banner:"Wing FTP"
Read more: https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-47812.txt
❤4🔥3👾1
CVE-2025-49826: DoS in Next.js, 7.5 rating❗️
A vulnerability in some versions of the Next.js framework allows attackers to perform cache poisoning, leading to a denial of service.
Search at Netlas.io:
👉 Link: https://nt.ls/raJ1k
👉 Dork: http.headers.x_powered_by:"Next.js"
Read more: https://github.com/vercel/next.js/security/advisories/GHSA-67rr-84xm-4c7r
A vulnerability in some versions of the Next.js framework allows attackers to perform cache poisoning, leading to a denial of service.
Search at Netlas.io:
👉 Link: https://nt.ls/raJ1k
👉 Dork: http.headers.x_powered_by:"Next.js"
Read more: https://github.com/vercel/next.js/security/advisories/GHSA-67rr-84xm-4c7r
🔥3👾1
CVE-2025-48367: DoS in Redis, 7.0 rating❗️
One of two recent vulnerabilities discovered in Redis. Allows an attacker to perform a DoS, while the other allows an attacker to write out of bounds on hyperloglog operations, potentially leading to remote code execution.
Search at Netlas.io:
👉 Link: https://nt.ls/Lve8A
👉 Dork: redis:*
Vendor's advisory: https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9
One of two recent vulnerabilities discovered in Redis. Allows an attacker to perform a DoS, while the other allows an attacker to write out of bounds on hyperloglog operations, potentially leading to remote code execution.
Search at Netlas.io:
👉 Link: https://nt.ls/Lve8A
👉 Dork: redis:*
Vendor's advisory: https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9
🔥2👾2🤔1
CVE-2025-42963: Deserialization of Untrusted Data in SAP NetWeaver Application server for Java, 9.1 rating 🔥
A vulnerability in the LogViewer component allows an authenticated attacker to exploit unsafe Java object deserialization, which could lead to complete control over the system.
Search at Netlas.io:
👉 Link: https://nt.ls/0c6Ud
👉 Dork: http.headers.server:"NetWeaver"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html
A vulnerability in the LogViewer component allows an authenticated attacker to exploit unsafe Java object deserialization, which could lead to complete control over the system.
Search at Netlas.io:
👉 Link: https://nt.ls/0c6Ud
👉 Dork: http.headers.server:"NetWeaver"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html
👾3👍2🔥1
CVE-2025-49704: Code Injection in Microsoft SharePoint, 8.8 rating❗️
The vulnerability allows an authenticated attacker to execute code over the network.
Search at Netlas.io:
👉 Link: https://nt.ls/1egrV
👉 Dork: http.headers.microsoftsharepointteamservices:*
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704
The vulnerability allows an authenticated attacker to execute code over the network.
Search at Netlas.io:
👉 Link: https://nt.ls/1egrV
👉 Dork: http.headers.microsoftsharepointteamservices:*
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704
🔥2👾2👍1
CVE-2025-49535, -49551, -49536, and other: Multiple vulnerabilities in Adobe ColdFusion, 2.7 - 9.3 rating 🔥
13 vulnerabilities were disclosed in the latest advisory, including XXE, Hard-coded Credentials, Incorrect Authorization, XSS and many others.
Search at Netlas.io:
👉 Link: https://nt.ls/3uuev
👉 Dork: http.headers.set_cookie:"CFTOKEN="
Vendor's advisory: https://helpx.adobe.com/security/products/coldfusion/apsb25-69.html
13 vulnerabilities were disclosed in the latest advisory, including XXE, Hard-coded Credentials, Incorrect Authorization, XSS and many others.
Search at Netlas.io:
👉 Link: https://nt.ls/3uuev
👉 Dork: http.headers.set_cookie:"CFTOKEN="
Vendor's advisory: https://helpx.adobe.com/security/products/coldfusion/apsb25-69.html
👾2👍1🔥1
16B Credential Leak: The Largest Data Breach Ever? 😱
Over 16 billion credentials - usernames, passwords, and session tokens - have been exposed in a single aggregation of malware logs and past breaches, impacting accounts from Google, Facebook, Apple, GitHub, Telegram, and more.
Learn how this accidental mega-dump was uncovered, who’s behind it, and how to check if your data is at risk in the our new article.
👉 Read now: https://netlas.io/blog/16_billion_credential_breach/
Over 16 billion credentials - usernames, passwords, and session tokens - have been exposed in a single aggregation of malware logs and past breaches, impacting accounts from Google, Facebook, Apple, GitHub, Telegram, and more.
Learn how this accidental mega-dump was uncovered, who’s behind it, and how to check if your data is at risk in the our new article.
👉 Read now: https://netlas.io/blog/16_billion_credential_breach/
❤4👾3
CVE-2025-25257: SQL Injection in FortiWeb, 9.6 rating 🔥
A vulnerability in the FortiWeb firewall could allow attackers to inject code or commands and then execute them.
Search at Netlas.io:
👉 Link: https://nt.ls/EBjSq
👉 Dork: certificate.subject.common_name:"FortiWeb"
Vendor's advisory: https://www.fortiguard.com/psirt/FG-IR-25-151
A vulnerability in the FortiWeb firewall could allow attackers to inject code or commands and then execute them.
Search at Netlas.io:
👉 Link: https://nt.ls/EBjSq
👉 Dork: certificate.subject.common_name:"FortiWeb"
Vendor's advisory: https://www.fortiguard.com/psirt/FG-IR-25-151
🔥4👾3❤2😁1
CVE-2025-30023: Deserialization of Untrusted Data in Axis Video Management, 9.0 rating 🔥
A vulnerability in the communication protocol between the Axis server and client could potentially allow an attacker to perform remote code execution.
Search at Netlas.io:
👉 Link: https://nt.ls/4rSfl
👉 Dork: http.meta:"Axis Communications AB"
Vendor's advisory: https://www.axis.com/dam/public/9b/a5/72/cve-2025-30023pdf-en-US-485733.pdf
A vulnerability in the communication protocol between the Axis server and client could potentially allow an attacker to perform remote code execution.
Search at Netlas.io:
👉 Link: https://nt.ls/4rSfl
👉 Dork: http.meta:"Axis Communications AB"
Vendor's advisory: https://www.axis.com/dam/public/9b/a5/72/cve-2025-30023pdf-en-US-485733.pdf
🔥3👾3
CVE-2025-7340, -7341, 7360: Multiple vulnerabilities in HT Contact Plugin for WordPress, 9.1 - 9.8 rating 🔥
Three vulnerabilities allow attackers to upload and execute arbitrary files, potentially leading to remote code execution.
Search at Netlas.io:
👉 Link: https://nt.ls/I1NeM
👉 Dork: http.body:"plugins/ht-contactform"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ht-contactform/ht-contact-form-widget-for-elementor-page-builder-gutenberg-blocks-form-builder-221-unauthenticated-arbitrary-file-upload
Three vulnerabilities allow attackers to upload and execute arbitrary files, potentially leading to remote code execution.
Search at Netlas.io:
👉 Link: https://nt.ls/I1NeM
👉 Dork: http.body:"plugins/ht-contactform"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ht-contactform/ht-contact-form-widget-for-elementor-page-builder-gutenberg-blocks-form-builder-221-unauthenticated-arbitrary-file-upload
👾3👍1