CVE-2025-42944, -42922, -27500 and other: Multiple vulnerabilities in SAP NetWeaver, 3.1 - 10.0 rating 🔥🔥🔥
In the September patch, SAP reported 21 vulnerabilities, including Path Traversal, Missing Authentication check, Insecure File Operations, and RCE with the highest severity score!
Search at Netlas.io:
👉 Link: https://nt.ls/wFC1w
👉 Dork: http.headers.server:"NetWeaver"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2025.html
In the September patch, SAP reported 21 vulnerabilities, including Path Traversal, Missing Authentication check, Insecure File Operations, and RCE with the highest severity score!
Search at Netlas.io:
👉 Link: https://nt.ls/wFC1w
👉 Dork: http.headers.server:"NetWeaver"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2025.html
👾4❤3
Bug Bounty + Recon Toolkit: Stop Hunting Blind 🧭
Still brute-forcing in the dark? Bring a map.
In our new article, we lay out a practical, start-to-finish recon flow - from passive OSINT to active probing - with copy-paste commands, tool picks, and workflow tips to turn noise into findings.
👉 Read now: https://netlas.io/blog/best_recon_tools_for_bug_bounty/
Still brute-forcing in the dark? Bring a map.
In our new article, we lay out a practical, start-to-finish recon flow - from passive OSINT to active probing - with copy-paste commands, tool picks, and workflow tips to turn noise into findings.
👉 Read now: https://netlas.io/blog/best_recon_tools_for_bug_bounty/
netlas.io
Bug Bounty 101: Top 10 Reconnaissance Tools - Netlas Blog
Essential bug bounty recon tools for asset discovery, OSINT, automation, and vulnerability research. Boost your security testing workflow.
🔥4👍3👾2
CVE-2025-5821: Authentication Bypass in Case Theme for WordPress, 9.8 rating 🔥
The vulnerability allows an unauthenticated user to gain access to any account on the site, including the administrator account. Already exploited in the wild!
Search at Netlas.io:
👉 Link: https://nt.ls/Pcezp
👉 Dork: http.body:"plugins/case-theme-user"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/case-theme-user/case-theme-user-103-authentication-bypass-via-social-login
The vulnerability allows an unauthenticated user to gain access to any account on the site, including the administrator account. Already exploited in the wild!
Search at Netlas.io:
👉 Link: https://nt.ls/Pcezp
👉 Dork: http.body:"plugins/case-theme-user"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/case-theme-user/case-theme-user-103-authentication-bypass-via-social-login
👾3
CVE-2025-59340: Sandbox Bypass in jinjava, 9.8 rating 🔥
A JavaType-Based Deserialization vulnerability has been discovered in the Jinjava engine used in HubSpot's CMS, allowing an attacker to escape the sandbox and access local server files.
Search at Netlas.io:
👉 Link: https://nt.ls/3atEg
👉 Dork: tag.name:"hubspot"
Vendor's advisory: https://github.com/HubSpot/jinjava/security/advisories/GHSA-m49c-g9wr-hv6v
A JavaType-Based Deserialization vulnerability has been discovered in the Jinjava engine used in HubSpot's CMS, allowing an attacker to escape the sandbox and access local server files.
Search at Netlas.io:
👉 Link: https://nt.ls/3atEg
👉 Dork: tag.name:"hubspot"
Vendor's advisory: https://github.com/HubSpot/jinjava/security/advisories/GHSA-m49c-g9wr-hv6v
🔥2👾1
🚧 Planned Maintenance 🚧
The Private Scanner will be unavailable for a period of time❗️
On Sunday, September 21, 2025, at 08:00 UTC ⏰, we will be servicing the Netlas Private Scanner. This may take all day, but our team will do everything possible to complete this task as quickly as possible.
Please remember to save your work before this time.
The Private Scanner will be unavailable for a period of time❗️
On Sunday, September 21, 2025, at 08:00 UTC ⏰, we will be servicing the Netlas Private Scanner. This may take all day, but our team will do everything possible to complete this task as quickly as possible.
Please remember to save your work before this time.
🔥2👾1
🚧 Planned Maintenance 🚧
The Private Scanner will be unavailable for a period of time❗️
We remind you that in some minutes, planned Scanner servicing will begin. It is expected to take a full day, but we will do our best to complete it as quickly as possible.
Please remember to save your work before this time.
The Private Scanner will be unavailable for a period of time❗️
We remind you that in some minutes, planned Scanner servicing will begin. It is expected to take a full day, but we will do our best to complete it as quickly as possible.
Please remember to save your work before this time.
🕊1
CVE-2025-9079: Path Traversal in Mattermost, 8.0 rating❗️
A vulnerability in some versions of Mattermost allows attackers to execute arbitrary code via a malicious plugin.
Search at Netlas.io:
👉 Link: https://nt.ls/gCXcr
👉 Dork: http.noscript:"mattermost"
Vendor's advisories: https://mattermost.com/security-updates/
A vulnerability in some versions of Mattermost allows attackers to execute arbitrary code via a malicious plugin.
Search at Netlas.io:
👉 Link: https://nt.ls/gCXcr
👉 Dork: http.noscript:"mattermost"
Vendor's advisories: https://mattermost.com/security-updates/
👾3❤1
CVE-2025-20352: Buffer Overflaw in Cisco IOS XE, 7.7 rating❗️
A vulnerability in the SNMP component allows an attacker to perform a DoS or execute code as the root user. It's already being exploited!
Search at Netlas.io:
👉 Link: https://nt.ls/NQLA2
👉 Dork: certificate.issuer_dn:"IOS-Self-Signed-Certificate"
Vendor's advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte
A vulnerability in the SNMP component allows an attacker to perform a DoS or execute code as the root user. It's already being exploited!
Search at Netlas.io:
👉 Link: https://nt.ls/NQLA2
👉 Dork: certificate.issuer_dn:"IOS-Self-Signed-Certificate"
Vendor's advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte
👾4
CVE-2025-20363: Buffer Overflow (again) in Cisco IOS (again), 9.0 rating 🔥
Another vulnerability has been discovered in Cisco products, including IOS. This time, an attacker can execute code without having high privileges!
Search at Netlas.io:
👉 Link: https://nt.ls/NQLA2
👉 Dork: certificate.issuer_dn:"IOS-Self-Signed-Certificate"
Vendor's advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O
Another vulnerability has been discovered in Cisco products, including IOS. This time, an attacker can execute code without having high privileges!
Search at Netlas.io:
👉 Link: https://nt.ls/NQLA2
👉 Dork: certificate.issuer_dn:"IOS-Self-Signed-Certificate"
Vendor's advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O
👾4
CVE-2025-20371 and other: Multiple vulnerabilities in Splunk, 4.6 - 7.5 rating❗️
In a recent advisory, Splunk reported six vulnerabilities, including DoS, XXE, XSS, and Blind SSRF.
Search at Netlas.io:
👉 Link: https://nt.ls/H2fIr
👉 Dork: http.headers.set_cookie:"splunkweb_uid"
Vendor's advisory: https://advisory.splunk.com//advisories/SVD-2025-1006
In a recent advisory, Splunk reported six vulnerabilities, including DoS, XXE, XSS, and Blind SSRF.
Search at Netlas.io:
👉 Link: https://nt.ls/H2fIr
👉 Dork: http.headers.set_cookie:"splunkweb_uid"
Vendor's advisory: https://advisory.splunk.com//advisories/SVD-2025-1006
👍3👾2
CVE-2021-43798: The reborn Path Traversal in Grafana, 7,5 rating❗️
Researchers at GreyNoise have discovered a large-scale malware campaign that exploits a relatively old vulnerability. It allows attackers to access local files on a server, thereby compromising privacy.
Search at Netlas.io:
👉 Link: https://nt.ls/5RrJ3
👉 Dork: http.favicon.hash_sha256:80a7f87a79169cf0ac1ed3250d7c509368190a97bc7182cd4705deb8f8c70174 AND http.noscript:"Grafana"
Read more: https://www.greynoise.io/blog/coordinated-grafana-exploitation-attempts
Researchers at GreyNoise have discovered a large-scale malware campaign that exploits a relatively old vulnerability. It allows attackers to access local files on a server, thereby compromising privacy.
Search at Netlas.io:
👉 Link: https://nt.ls/5RrJ3
👉 Dork: http.favicon.hash_sha256:80a7f87a79169cf0ac1ed3250d7c509368190a97bc7182cd4705deb8f8c70174 AND http.noscript:"Grafana"
Read more: https://www.greynoise.io/blog/coordinated-grafana-exploitation-attempts
🔥2👾2
📌 Post-Quantum Now: from AES & RSA to ML-KEM Hybrids
A crisp, practical guide to navigating the quantum shift: how today’s crypto stack really works, what breaks with quantum, what survives (hello, AES-256), and how to roll in ML-KEM/Dilithium without breaking prod.
Highlights you’ll get in 10 minutes:
1️⃣ A little tour of the “digital trust” stack — AES modes, nonce pitfalls (GCM vs SIV), and why key-derivation details matter.
2️⃣ Quantum threat & HNDL explained: keep symmetric strong (AES-256), plan to replace public-key (RSA/ECDSA/curves).
3️⃣ What NIST is standardizing now: ML-KEM (Kyber) for key establishment and ML-DSA (Dilithium) for signatures — with libraries you can use today (liboqs/pyoqs).
4️⃣ Hands-on hybrid recipe: X25519 + ML-KEM, trannoscript-bound HKDF, and a minimal Python snippet to derive a shared session key.
5️⃣ Migration roadmap you can copy-paste: Shadow Mode → Hybrid Mode → Audit & Logging → Policy flags → Crypto agility best practices.
If you’re a security engineer, architect, or CISO planning 2025 rollouts, this is your field guide to ship PQC with confidence — not someday, but now.
👉 Read the full post: https://netlas.io/blog/post_quantum_cryptography/
A crisp, practical guide to navigating the quantum shift: how today’s crypto stack really works, what breaks with quantum, what survives (hello, AES-256), and how to roll in ML-KEM/Dilithium without breaking prod.
Highlights you’ll get in 10 minutes:
1️⃣ A little tour of the “digital trust” stack — AES modes, nonce pitfalls (GCM vs SIV), and why key-derivation details matter.
2️⃣ Quantum threat & HNDL explained: keep symmetric strong (AES-256), plan to replace public-key (RSA/ECDSA/curves).
3️⃣ What NIST is standardizing now: ML-KEM (Kyber) for key establishment and ML-DSA (Dilithium) for signatures — with libraries you can use today (liboqs/pyoqs).
4️⃣ Hands-on hybrid recipe: X25519 + ML-KEM, trannoscript-bound HKDF, and a minimal Python snippet to derive a shared session key.
5️⃣ Migration roadmap you can copy-paste: Shadow Mode → Hybrid Mode → Audit & Logging → Policy flags → Crypto agility best practices.
If you’re a security engineer, architect, or CISO planning 2025 rollouts, this is your field guide to ship PQC with confidence — not someday, but now.
👉 Read the full post: https://netlas.io/blog/post_quantum_cryptography/
netlas.io
Post-Quantum Now: From AES & RSA to ML-KEM Hybrids - Netlas Blog
A Practical Guide to Post-Quantum Cryptography: Algorithms, Migration Roadmap, Risks, and Metrics
👍8👾4❤3
CVE-2025-49844, -46817, -46818, -46819: Multiple vulnerabilities in Redis, 6.0 - 10.0 rating 🔥🔥🔥
Four recently disclosed vulnerabilities in Redis include Use After Free, Code Injection, and Integer Overflow. All versions that support the Lua language are vulnerable.
Search at Netlas.io:
👉 Link: https://nt.ls/gZwyS
👉 Dork: redis.memory_info.used_memory_lua:>0
Vendor's advisory: https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q
Four recently disclosed vulnerabilities in Redis include Use After Free, Code Injection, and Integer Overflow. All versions that support the Lua language are vulnerable.
Search at Netlas.io:
👉 Link: https://nt.ls/gZwyS
👉 Dork: redis.memory_info.used_memory_lua:>0
Vendor's advisory: https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q
🔥4👾3
CVE-2025-25017, -25018, and other: Multiple vulnerabilities in Kibana, 5.3 - 8.7 rating❗️
In their latest updates, Elastic disclosed several XSS vulnerabilities targeting Kibana.
Search at Netlas.io:
👉 Link: https://nt.ls/0Jsfv
👉 Dork: http.unknown_headers.key:"kbn_name"
Vendor's advisories: https://discuss.elastic.co/c/announcements/security-announcements/31
In their latest updates, Elastic disclosed several XSS vulnerabilities targeting Kibana.
Search at Netlas.io:
👉 Link: https://nt.ls/0Jsfv
👉 Dork: http.unknown_headers.key:"kbn_name"
Vendor's advisories: https://discuss.elastic.co/c/announcements/security-announcements/31
👾3👏1
CVE-2025-11340, CVE-2025-10004, and other: Multiple vulnerabilities in GitLab, 4.3 - 7.7 rating❗️
In a recent bulletin, GitLab reported four vulnerabilities, including Missing Authorization, DoS, and Incorrect Authorization.
Search at Netlas.io:
👉 Link: https://nt.ls/vHRRQ
👉 Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/
In a recent bulletin, GitLab reported four vulnerabilities, including Missing Authorization, DoS, and Incorrect Authorization.
Search at Netlas.io:
👉 Link: https://nt.ls/vHRRQ
👉 Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/
❤2👾2
🔍 3 Million Databases Later: Mapping Internet Exposure with Netlas
A data-driven investigation of 3.2 million internet-facing databases — MySQL, MongoDB, PostgreSQL, MSSQL, Oracle, and Elasticsearch — revealing how exposed they really are, which controls fail most often, and where the global weak spots hide.
What you’ll learn in 20 minutes:
🧩 How Netlas scans were used to get millions of database banners and metadata worldwide.
⚙️ The pipeline behind the study — from raw banners to per-service risk scoring and global aggregation.
📊 Who’s most exposed: MySQL leads with 2.53 M instances, MongoDB still leaks metadata, PostgreSQL flunks TLS at scale.
🪜 Practical remediation steps — per-service hardening tips and global trends that shape today’s attack surface.
For security engineers, analysts, and anyone mapping the exposed-data landscape — this is a rare, quantified look at how misconfiguration still fuels risk in 2025, written by a cool researcher in collaboration with Netlas.
👉 Read the full research: https://netlas.io/blog/exposed_databases/
A data-driven investigation of 3.2 million internet-facing databases — MySQL, MongoDB, PostgreSQL, MSSQL, Oracle, and Elasticsearch — revealing how exposed they really are, which controls fail most often, and where the global weak spots hide.
What you’ll learn in 20 minutes:
🧩 How Netlas scans were used to get millions of database banners and metadata worldwide.
⚙️ The pipeline behind the study — from raw banners to per-service risk scoring and global aggregation.
📊 Who’s most exposed: MySQL leads with 2.53 M instances, MongoDB still leaks metadata, PostgreSQL flunks TLS at scale.
🪜 Practical remediation steps — per-service hardening tips and global trends that shape today’s attack surface.
For security engineers, analysts, and anyone mapping the exposed-data landscape — this is a rare, quantified look at how misconfiguration still fuels risk in 2025, written by a cool researcher in collaboration with Netlas.
👉 Read the full research: https://netlas.io/blog/exposed_databases/
netlas.io
I Analysed Over 3 Million Exposed Databases Using Netlas - Netlas Blog
Analysing 3.2M exposed databases with Netlas to reveal global risks, failed controls, and exposure trends across major DB systems
❤4👾4
CVE-2025-42944, -42937, -42910, and other: Multiple vulnerabilities in SAP NetWeaver, 5.3 - 10.0 🔥🔥🔥
In its October bulletin, SAP published a list of 13 new vulnerabilities affecting NetWeaver, NetWeaver AS Java, and other products. These vulnerabilities include Insecure Deserialization, Information Disclosure, etc.
Search at Netlas.io:
👉 Link: https://nt.ls/aBHGg
👉 Dork: http.headers.server:"NetWeaver"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html
In its October bulletin, SAP published a list of 13 new vulnerabilities affecting NetWeaver, NetWeaver AS Java, and other products. These vulnerabilities include Insecure Deserialization, Information Disclosure, etc.
Search at Netlas.io:
👉 Link: https://nt.ls/aBHGg
👉 Dork: http.headers.server:"NetWeaver"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html
🔥2👾2👍1
CVE-2025-20352: Buffer Overflow in Cisco IOS, 7.7 rating❗️
A vulnerability in the SNMP subsystem of Cisco IOS and Cisco IOS XE allows low-privilege attackers to perform DoS and high-privilege attackers to perform RCE.
Search at Netlas.io:
👉 Link: https://nt.ls/TCs49
👉 Dork: snmp.banner:"Cisco IOS"
Vendor's advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte
A vulnerability in the SNMP subsystem of Cisco IOS and Cisco IOS XE allows low-privilege attackers to perform DoS and high-privilege attackers to perform RCE.
Search at Netlas.io:
👉 Link: https://nt.ls/TCs49
👉 Dork: snmp.banner:"Cisco IOS"
Vendor's advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte
👾4👍1
🚨 When Patches Fail — why fixes get bypassed and what to check after an update
Patches often fix a symptom, not the root cause. This analysis walks through real bypass timelines (SharePoint, SAP, NTLM, Grafana), shows how NVD/KEV delays and PoC/IOC flows speed exploitation, and gives compact checks teams should run immediately.
Quick highlights:
🧩 Concrete case studies with timelines and residual CVEs.
⚖️ Why many vendor patches are incomplete — root-cause vs surface fixes.
⏳ How disclosure delays and fast PoC/AI tooling narrow your window.
🛠️ Actionable post-patch checklist: test alternative code paths, validate root issue, chain input tests, and apply virtual patches (WAF/IPS).
🔍 Netlas-based telemetry and simple queries to measure internet exposure.
👉 Read the full analysis → https://netlas.io/blog/when_patches_fail/
Patches often fix a symptom, not the root cause. This analysis walks through real bypass timelines (SharePoint, SAP, NTLM, Grafana), shows how NVD/KEV delays and PoC/IOC flows speed exploitation, and gives compact checks teams should run immediately.
Quick highlights:
🧩 Concrete case studies with timelines and residual CVEs.
⚖️ Why many vendor patches are incomplete — root-cause vs surface fixes.
⏳ How disclosure delays and fast PoC/AI tooling narrow your window.
🛠️ Actionable post-patch checklist: test alternative code paths, validate root issue, chain input tests, and apply virtual patches (WAF/IPS).
🔍 Netlas-based telemetry and simple queries to measure internet exposure.
👉 Read the full analysis → https://netlas.io/blog/when_patches_fail/
netlas.io
When Patches Fail: An Analysis of Patch Bypass and Incomplete Security - Netlas Blog
Patches fix bugs, not always the attack. This article shows how fixes get bypassed — and what quick checks defenders should run after updates.
👍2👾2
CVE-2025-62506: Privilege Escalation in MinIO, 8.1 rating❗️
A privilege escalation vulnerability allows service accounts and STS (Security Token Service) accounts with restricted session policies to bypass their inline policy restrictions when performing "own" account operations, specifically when creating new service accounts for the same user.
Search at Netlas.io:
👉 Link: https://nt.ls/yVIu7
👉 Dork: http.favicon.hash_sha256:7a2d79d4a5801b848bf2d577c6c3d16598d69fd78bc9d2399dcc4ac2497b0759 OR http.headers.server:"MinIO" OR http.meta:"MinIO" OR http.favicon.hash_sha256:052d1670e36345713bd69e405403034f69b3a0adab8fa7d6f178faac4406199a
Vendor's advisory: https://github.com/minio/minio/security/advisories/GHSA-jjjj-jwhf-8rgr
A privilege escalation vulnerability allows service accounts and STS (Security Token Service) accounts with restricted session policies to bypass their inline policy restrictions when performing "own" account operations, specifically when creating new service accounts for the same user.
Search at Netlas.io:
👉 Link: https://nt.ls/yVIu7
👉 Dork: http.favicon.hash_sha256:7a2d79d4a5801b848bf2d577c6c3d16598d69fd78bc9d2399dcc4ac2497b0759 OR http.headers.server:"MinIO" OR http.meta:"MinIO" OR http.favicon.hash_sha256:052d1670e36345713bd69e405403034f69b3a0adab8fa7d6f178faac4406199a
Vendor's advisory: https://github.com/minio/minio/security/advisories/GHSA-jjjj-jwhf-8rgr
👾6
CVE-2025-11702, -10497, -6601 and other: Multiple vulnerabilities in GitLab, 3.8 - 8.5 rating❗️
GitLab published a new advisory disclosing several vulnerabilities, including Improper Access Control, DoS, Incorrect Authorization, and others.
Search at Netlas.io:
👉 Link: https://nt.ls/ECfGM
👉 Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/
GitLab published a new advisory disclosing several vulnerabilities, including Improper Access Control, DoS, Incorrect Authorization, and others.
Search at Netlas.io:
👉 Link: https://nt.ls/ECfGM
👉 Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/
🔥2👾1