CVE-2025-53786: Elevation of Privilege in Microsoft Exchange, 8.0 rating❗️
A vulnerability in Microsoft Exchange hybrid configurations could potentially allow an attackers with high local privileges to escalate their privileges in an organization's cloud infrastructure.
Search at Netlas.io:
👉 Link: https://nt.ls/GBh5M
👉 Dork: tag.name:"microsoft_exchange"
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786
A vulnerability in Microsoft Exchange hybrid configurations could potentially allow an attackers with high local privileges to escalate their privileges in an organization's cloud infrastructure.
Search at Netlas.io:
👉 Link: https://nt.ls/GBh5M
👉 Dork: tag.name:"microsoft_exchange"
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786
🔥3🥰1👾1
CVE-2025-50055: SAML Injection in OpenVPN Access Server, high rating❗️
The vulnerability allows an attacker to perform JavaScript injection via SAML relaystate, potentially leading to RCE.
Search at Netlas.io:
👉 Link: https://nt.ls/uLSQx
👉 Dork: http.headers.server:"OpenVPN-AS"
Vendor's advisory: https://ssg-dev.openvpn.net/as-docs/as-3-0-release-notes.html#access-server-3-0-versions
The vulnerability allows an attacker to perform JavaScript injection via SAML relaystate, potentially leading to RCE.
Search at Netlas.io:
👉 Link: https://nt.ls/uLSQx
👉 Dork: http.headers.server:"OpenVPN-AS"
Vendor's advisory: https://ssg-dev.openvpn.net/as-docs/as-3-0-release-notes.html#access-server-3-0-versions
👾5
I, Robot + NIST AI RMF: Prevent the Great Robot Uprising 🤖
Thinking your toaster couldn’t lead an army? Think again.
In our latest article, we use classic scenes from I, Robot to break down the NIST AI Risk Management Framework’s four pillars — Map, Measure, Manage, Govern — so you can keep your AIs on task (and off the march).
👉 Read now: https://netlas.io/blog/nist_ai_rmf/
Thinking your toaster couldn’t lead an army? Think again.
In our latest article, we use classic scenes from I, Robot to break down the NIST AI Risk Management Framework’s four pillars — Map, Measure, Manage, Govern — so you can keep your AIs on task (and off the march).
👉 Read now: https://netlas.io/blog/nist_ai_rmf/
netlas.io
I, Robot + NIST AI RMF = Complete Guide on Preventing Robot Rebellion - Netlas Blog
A funny way to learn NIST AI Risk Management Framework through classic movie examples. Discover AI safety concepts via I, Robot's memorable scenes and real cases.
😁3👾3👍2🔥1
CVE-2025-54253 and CVE-2025-54254: Arbitrary code execution in Adobe Experience Manager CMS
Adobe is aware that CVE-2025-54253 and CVE-2025-54254 have a publicly available proof-of-concept. Adobe is not aware of these issues being exploited in the wild.
Search at Netlas.io:
👉 Link: https://nt.ls/MngFC
👉 Dork: tag.name:"adobe_experience_manager"
Vendor's advisory: https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html
Adobe is aware that CVE-2025-54253 and CVE-2025-54254 have a publicly available proof-of-concept. Adobe is not aware of these issues being exploited in the wild.
Search at Netlas.io:
👉 Link: https://nt.ls/MngFC
👉 Dork: tag.name:"adobe_experience_manager"
Vendor's advisory: https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html
🔥4👾2
👨💻 Want to level up your bug bounty skills? Check out these top-rated courses for 2025! From beginners to experts, there's something for everyone.
👉 Read now: https://netlas.io/blog/best_bug_boounty_courses/
👉 Read now: https://netlas.io/blog/best_bug_boounty_courses/
netlas.io
Bug Bounty 101: The Best Courses to Get Started in 2025 - Netlas Blog
Explore the best bug bounty courses to kickstart or boost your security career. Picks for every skill level, learning style, and budget.
🔥4❤2
CVE-2025-7384: Critical PHP Object Injection in WordPress Plugin
A critical vulnerability has been found in the Database for Contact Form 7, WPForms, and Elementor forms WordPress plugin. Since this is a backend-only plugin, it is not directly detectable through standard search dorks. Supported frontend plugins could help determine the scope. However, only about 1% of hosts identified this way are actually vulnerable.
🔍 Netlas: https://nt.ls/Be3g6
ℹ️ Advisory: https://nt.ls/RoI8t
A critical vulnerability has been found in the Database for Contact Form 7, WPForms, and Elementor forms WordPress plugin. Since this is a backend-only plugin, it is not directly detectable through standard search dorks. Supported frontend plugins could help determine the scope. However, only about 1% of hosts identified this way are actually vulnerable.
🔍 Netlas: https://nt.ls/Be3g6
ℹ️ Advisory: https://nt.ls/RoI8t
🔥4👾2👍1🥰1
CVE-2025-27210 – High Severity Path Traversal in Node.js (Windows)
One of our Netlas users identified a serious flaw in Windows builds of Node.js and asked us to inform the community. Any web app running Node.js 20.x before 20.19.4, 22.x before 22.17.1, or 24.x before 24.4.1 on Windows may be at risk of unauthorized file access through path traversal.
⚡️ Update immediately
ℹ️ Advisory: https://nt.ls/YX7xc
One of our Netlas users identified a serious flaw in Windows builds of Node.js and asked us to inform the community. Any web app running Node.js 20.x before 20.19.4, 22.x before 22.17.1, or 24.x before 24.4.1 on Windows may be at risk of unauthorized file access through path traversal.
⚡️ Update immediately
ℹ️ Advisory: https://nt.ls/YX7xc
❤3👍2🔥1
CVE-2025-20265 — Critical RCE in Cisco Secure Firewall Management Center (CVSS 10).
Exploitable by unauthenticated attackers when RADIUS authentication is enabled; affects FMC 7.0.7 & 7.7.0. We see <200 internet-exposed on-prem FMCs (cloud-hosted cdFMC excluded).
🔍 Netlas: https://nt.ls/E5j8D
ℹ️ Advisory: https://nt.ls/C3hPx
Exploitable by unauthenticated attackers when RADIUS authentication is enabled; affects FMC 7.0.7 & 7.7.0. We see <200 internet-exposed on-prem FMCs (cloud-hosted cdFMC excluded).
🔍 Netlas: https://nt.ls/E5j8D
ℹ️ Advisory: https://nt.ls/C3hPx
🔥5❤1
Meet Kanvas — an open-source incident response tool that turns chaos into clarity with built-in visualizations, intel lookups, and teamwork-friendly features.
This post, written by an experienced security analyst for fellow security analysts, breaks down how Kanvas can supercharge your IR workflow.
👉 Read the post: https://netlas.io/blog/kanvas/
This post, written by an experienced security analyst for fellow security analysts, breaks down how Kanvas can supercharge your IR workflow.
👉 Read the post: https://netlas.io/blog/kanvas/
netlas.io
From Chaos to Control: Kanvas Incident Management Tool - Netlas Blog
Kanvas: Open-source DFIR case management that streamlines incident response, turning Spreadsheet of Doom chaos into organized, efficient investigations.
👍3🔥3
🚀 Netlas v1.3.0 is live!
This update doubles the number of scanned ports, adds protocol detection to public scans, boosts vulnerability coverage, and makes downloads lightning-fast.
Explore what’s new 👉 https://docs.netlas.io/changelog/#netlas-v1-3-0
This update doubles the number of scanned ports, adds protocol detection to public scans, boosts vulnerability coverage, and makes downloads lightning-fast.
Explore what’s new 👉 https://docs.netlas.io/changelog/#netlas-v1-3-0
docs.netlas.io
Changelog - Netlas Docs
Explore the latest updates, enhancements, and fixes on the Netlas platform. Stay informed with our Changelog for all product and feature developments.
🔥5❤🔥1🙏1
⚠️ Today, 2025-08-22, starting from 04:30 UTC, we began experiencing a major service outage.
The issue has been localized to a problem within our database cluster. Our engineering team is actively working to resolve the issue and restore full service as quickly as possible. We will continue to provide updates as we make progress.
The issue has been localized to a problem within our database cluster. Our engineering team is actively working to resolve the issue and restore full service as quickly as possible. We will continue to provide updates as we make progress.
💊6👍1
CVE-2025-26496 and other: Multiple vulnerabilities in Tableau Server, 7.7 - 9.6 rating 🔥
Five new vulnerabilities in Tableau Server include Type Confusion, Path Traversal, Dangerous File Uploads and Improper Input Validation.
Search at Netlas.io:
👉 Link: https://nt.ls/gsuQl
👉 Dork: http.headers.server:"Tableau"
Read more: https://help.salesforce.com/s/articleView?id=005132575&type=1
Five new vulnerabilities in Tableau Server include Type Confusion, Path Traversal, Dangerous File Uploads and Improper Input Validation.
Search at Netlas.io:
👉 Link: https://nt.ls/gsuQl
👉 Dork: http.headers.server:"Tableau"
Read more: https://help.salesforce.com/s/articleView?id=005132575&type=1
🔥3👾2❤1
CVE-2025-57819: Authentication Bypass in FreePBX Administrator, 10.0 rating 🔥🔥🔥
A critical zero-day vulnerability in FreePBX could allow an attacker to perform SQL injection and RCE. Exploitation has already been observed in the wild!
Search at Netlas.io:
👉 Link: https://nt.ls/ebwk9
👉 Dork: http.favicon.hash_sha256:dfc3cc989bec09d968e978cde336709c655fa85469fd482ac10e17942da80be9
Vendor's advisory: https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h
A critical zero-day vulnerability in FreePBX could allow an attacker to perform SQL injection and RCE. Exploitation has already been observed in the wild!
Search at Netlas.io:
👉 Link: https://nt.ls/ebwk9
👉 Dork: http.favicon.hash_sha256:dfc3cc989bec09d968e978cde336709c655fa85469fd482ac10e17942da80be9
Vendor's advisory: https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h
🔥3👾3
Vibe-Coding Security Risks: When AI Ships Insecurity ⚠️
AI helps you ship code fast — and sometimes ships vulnerabilities faster.
In our latest article, learn how vibe-coding introduces issues like package hallucination, typosquatting, weak auth, and exposed configs, see real-world fallout, and get practical steps to secure AI-generated code.
👉 Read now: https://netlas.io/blog/vibe-coding-security-risks/
AI helps you ship code fast — and sometimes ships vulnerabilities faster.
In our latest article, learn how vibe-coding introduces issues like package hallucination, typosquatting, weak auth, and exposed configs, see real-world fallout, and get practical steps to secure AI-generated code.
👉 Read now: https://netlas.io/blog/vibe-coding-security-risks/
netlas.io
Top Vibe-Coding Security Risks - Netlas Blog
Why can vibe-coding with AI cause costly breaches that developers may miss? Let's find out!
❤5👾2👏1
CVE-2025-57833: SQL Injection in Django, 7.1 rating❗️
A vulnerability in some versions of the Django framework allows attackers to access sensitive data if a web application uses insecure versions.
Search at Netlas.io:
👉 Link: https://nt.ls/gu9dj
👉 Dork: tag.name:"django"
Read more: https://www.cve.org/CVERecord?id=CVE-2025-57833
A vulnerability in some versions of the Django framework allows attackers to access sensitive data if a web application uses insecure versions.
Search at Netlas.io:
👉 Link: https://nt.ls/gu9dj
👉 Dork: tag.name:"django"
Read more: https://www.cve.org/CVERecord?id=CVE-2025-57833
👾4❤1👍1
Mapping Dark Web Infrastructure 💀
In latest article we break down practical techniques investigators use to trace hidden services — clearnet resource leaks, header fingerprints, certificate reuse, and bulletproof hosting overlaps.
Real examples and ethical do’s & don’ts included.
👉 Read now: https://netlas.io/blog/mapping_dark_web/
In latest article we break down practical techniques investigators use to trace hidden services — clearnet resource leaks, header fingerprints, certificate reuse, and bulletproof hosting overlaps.
Real examples and ethical do’s & don’ts included.
👉 Read now: https://netlas.io/blog/mapping_dark_web/
netlas.io
Mapping Dark Web Infrastructure - Netlas Blog
Explore how investigators trace dark web infrastructure through clues and errors that exposed AlphaBay, Hansa, and other hidden services.
🔥5👻4❤2
CVE-2025-8085: SSRF in Ditty WordPress plugin, 8.6 rating❗️
The vulnerability allows attackers without authentication to make requests to arbitrary URLs.
Search at Netlas.io:
👉 Link: https://nt.ls/HthP0
👉 Dork: http.body:"plugins/ditty-news-ticker"
Read more: https://wpscan.com/vulnerability/f42c37bb-1ae0-49ab-bd81-7864dff0fcff/
The vulnerability allows attackers without authentication to make requests to arbitrary URLs.
Search at Netlas.io:
👉 Link: https://nt.ls/HthP0
👉 Dork: http.body:"plugins/ditty-news-ticker"
Read more: https://wpscan.com/vulnerability/f42c37bb-1ae0-49ab-bd81-7864dff0fcff/
👾5👏1
CVE-2025-42944, -42922, -27500 and other: Multiple vulnerabilities in SAP NetWeaver, 3.1 - 10.0 rating 🔥🔥🔥
In the September patch, SAP reported 21 vulnerabilities, including Path Traversal, Missing Authentication check, Insecure File Operations, and RCE with the highest severity score!
Search at Netlas.io:
👉 Link: https://nt.ls/wFC1w
👉 Dork: http.headers.server:"NetWeaver"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2025.html
In the September patch, SAP reported 21 vulnerabilities, including Path Traversal, Missing Authentication check, Insecure File Operations, and RCE with the highest severity score!
Search at Netlas.io:
👉 Link: https://nt.ls/wFC1w
👉 Dork: http.headers.server:"NetWeaver"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2025.html
👾4❤3
Bug Bounty + Recon Toolkit: Stop Hunting Blind 🧭
Still brute-forcing in the dark? Bring a map.
In our new article, we lay out a practical, start-to-finish recon flow - from passive OSINT to active probing - with copy-paste commands, tool picks, and workflow tips to turn noise into findings.
👉 Read now: https://netlas.io/blog/best_recon_tools_for_bug_bounty/
Still brute-forcing in the dark? Bring a map.
In our new article, we lay out a practical, start-to-finish recon flow - from passive OSINT to active probing - with copy-paste commands, tool picks, and workflow tips to turn noise into findings.
👉 Read now: https://netlas.io/blog/best_recon_tools_for_bug_bounty/
netlas.io
Bug Bounty 101: Top 10 Reconnaissance Tools - Netlas Blog
Essential bug bounty recon tools for asset discovery, OSINT, automation, and vulnerability research. Boost your security testing workflow.
🔥4👍3👾2
CVE-2025-5821: Authentication Bypass in Case Theme for WordPress, 9.8 rating 🔥
The vulnerability allows an unauthenticated user to gain access to any account on the site, including the administrator account. Already exploited in the wild!
Search at Netlas.io:
👉 Link: https://nt.ls/Pcezp
👉 Dork: http.body:"plugins/case-theme-user"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/case-theme-user/case-theme-user-103-authentication-bypass-via-social-login
The vulnerability allows an unauthenticated user to gain access to any account on the site, including the administrator account. Already exploited in the wild!
Search at Netlas.io:
👉 Link: https://nt.ls/Pcezp
👉 Dork: http.body:"plugins/case-theme-user"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/case-theme-user/case-theme-user-103-authentication-bypass-via-social-login
👾3
CVE-2025-59340: Sandbox Bypass in jinjava, 9.8 rating 🔥
A JavaType-Based Deserialization vulnerability has been discovered in the Jinjava engine used in HubSpot's CMS, allowing an attacker to escape the sandbox and access local server files.
Search at Netlas.io:
👉 Link: https://nt.ls/3atEg
👉 Dork: tag.name:"hubspot"
Vendor's advisory: https://github.com/HubSpot/jinjava/security/advisories/GHSA-m49c-g9wr-hv6v
A JavaType-Based Deserialization vulnerability has been discovered in the Jinjava engine used in HubSpot's CMS, allowing an attacker to escape the sandbox and access local server files.
Search at Netlas.io:
👉 Link: https://nt.ls/3atEg
👉 Dork: tag.name:"hubspot"
Vendor's advisory: https://github.com/HubSpot/jinjava/security/advisories/GHSA-m49c-g9wr-hv6v
🔥2👾1