π How to Find Unprotected Databases β Chapter 2
A Netlas beginnerβs guide β now republished on our blog (moved from Medium). Reviewed and updated.
π 5 min read
π https://netlas.io/blog/how_to_find_unprotected_databases_chapter_2/
A Netlas beginnerβs guide β now republished on our blog (moved from Medium). Reviewed and updated.
π 5 min read
π https://netlas.io/blog/how_to_find_unprotected_databases_chapter_2/
netlas.io
How to find unprotected databases with Netlas.io: Chapter 2 - Netlas Blog
Continue to study the importance of database security using the examples of Netlas searches. This time youβll even see hacked databases!
π5β€3
CVE-2026-4112 and other: SQL injection and TOTP vulnerabilities in SonicWall SMA 1000 Series, up to 7.2 rating βοΈ
The most severe vulnerability (SQL injection) allows remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.
Search at Netlas.io:
π Link: https://nt.ls/mzseI
π Dork: http.favicon.hash_sha256:6bb6f64adaa6a7ed4da10a2fe4edf4cb4d9914aa742c7ad607ca4ca678dcd3f1 OR certificate.subject_dn:"HTTPS Management Certificate for SonicWALL (self-signed)"
Vendor's advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003
The most severe vulnerability (SQL injection) allows remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.
Search at Netlas.io:
π Link: https://nt.ls/mzseI
π Dork: http.favicon.hash_sha256:6bb6f64adaa6a7ed4da10a2fe4edf4cb4d9914aa742c7ad607ca4ca678dcd3f1 OR certificate.subject_dn:"HTTPS Management Certificate for SonicWALL (self-signed)"
Vendor's advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003
β€4π₯4
CVE-2026-5173, CVE-2026-1092, CVE-2025-12664 and other: Vulnerabilities in GitLab CE and EE, up to 8.5 rating π₯
Several vulnerabilities in GitLab could compromise code integrity and allow an unauthenticated user to cause denial of service.
Search at Netlas.io:
π Link: https://nt.ls/QGxUF
π Dork: http.title:"GitLab" OR http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef
Vendor's advisory: https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/
Several vulnerabilities in GitLab could compromise code integrity and allow an unauthenticated user to cause denial of service.
Search at Netlas.io:
π Link: https://nt.ls/QGxUF
π Dork: http.title:"GitLab" OR http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef
Vendor's advisory: https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/
β€2π2π₯2
CVE-2026-40175: Unrestricted Cloud Metadata Exfiltration in Axios, 10.0 rating π±
A critical security vulnerability in Axios allows prototype pollution in any third-party dependency to be escalated into RCE or Full Cloud Compromise. PoC is now available!
Search at Netlas.io:
π Link: https://nt.ls/i7rT8
π Dork: tag.name:"axios"
Read more:
https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx
A critical security vulnerability in Axios allows prototype pollution in any third-party dependency to be escalated into RCE or Full Cloud Compromise. PoC is now available!
Search at Netlas.io:
π Link: https://nt.ls/i7rT8
π Dork: tag.name:"axios"
Read more:
https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx
π₯5β€3
CVE-2026-32201: Microsoft SharePoint Server Spoofing Vulnerability, 6.5 rating βοΈ
Improper input validation in Microsoft SharePoint Server allows an unauthorized attacker to perform spoofing over a network and view sensitive internal data or make unauthorized changes. This vulnerability is already being actively exploited in the wild!
Search at Netlas.io:
π Link: https://nt.ls/DjQpd
π Dork: http.headers.microsoftsharepointteamservices:*
π Dork (MS subdomains filtered): http.headers.microsoftsharepointteamservices:* !host:*.sharepoint.com
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201
Improper input validation in Microsoft SharePoint Server allows an unauthorized attacker to perform spoofing over a network and view sensitive internal data or make unauthorized changes. This vulnerability is already being actively exploited in the wild!
Search at Netlas.io:
π Link: https://nt.ls/DjQpd
π Dork: http.headers.microsoftsharepointteamservices:*
π Dork (MS subdomains filtered): http.headers.microsoftsharepointteamservices:* !host:*.sharepoint.com
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201
π5π₯4β€3
π€ Abuse of Telegram Bot API
Exploring how attackers misuse Telegram bots in real-world campaigns.
β’ Learn how attackers use Telegram for C2, telemetry, and data exfiltration
β’ See detailed case studies with real IOCs
β’ Understand stable detection patterns that work beyond hashes and domains
β±οΈ 15 min read
ππΌ Read the post:
https://netlas.io/blog/abuse_of_telegram_bot_api/
Exploring how attackers misuse Telegram bots in real-world campaigns.
β’ Learn how attackers use Telegram for C2, telemetry, and data exfiltration
β’ See detailed case studies with real IOCs
β’ Understand stable detection patterns that work beyond hashes and domains
β±οΈ 15 min read
ππΌ Read the post:
https://netlas.io/blog/abuse_of_telegram_bot_api/
netlas.io
Telegram Bot API Abuse - Netlas Blog
How threat actors abuse Telegram Bot API for phishing, telemetry, and malware delivery. Hunting techniques and case studies.
β€5π₯5
CVE-2026-40530, CVE-2026-4036, and others: Vulnerabilities in Synology DSM, up to 8.0 rating π₯
Several vulnerabilities in Synology DiskStation Manager (DSM) allow remote authenticated attacker to read or write files, conduct denial-of-service attacks, and obtain information, including arbitrary sharing files.
Search at Netlas.io:
π Link: https://nt.ls/Ap4pz
π Dork: http.favicon.hash_sha256:b8f4bb2e2ba81cb86875fb89db4571278d6e23fd888313d0f4152b1adbc8bd08
Vendor's advisory: https://www.synology.com/en-us/security/advisory/Synology_SA_26_06
Several vulnerabilities in Synology DiskStation Manager (DSM) allow remote authenticated attacker to read or write files, conduct denial-of-service attacks, and obtain information, including arbitrary sharing files.
Search at Netlas.io:
π Link: https://nt.ls/Ap4pz
π Dork: http.favicon.hash_sha256:b8f4bb2e2ba81cb86875fb89db4571278d6e23fd888313d0f4152b1adbc8bd08
Vendor's advisory: https://www.synology.com/en-us/security/advisory/Synology_SA_26_06
π₯5β€3π2
Netlas v1.7 is out
π Private Scanner Reports β summarized scan results for quick review and comparison.
𧩠Datasets now use NDJSON/JSONL format β easier to stream from archives.
π Improved discovery & mapping UI, mobile experience, and host view.
Details at https://docs.netlas.io/changelog/
π Private Scanner Reports β summarized scan results for quick review and comparison.
𧩠Datasets now use NDJSON/JSONL format β easier to stream from archives.
π Improved discovery & mapping UI, mobile experience, and host view.
Details at https://docs.netlas.io/changelog/
docs.netlas.io
Changelog - Netlas Docs
Explore the latest updates, enhancements, and fixes on the Netlas platform. Stay informed with our Changelog for all product and feature developments.
π₯4β€2
CVE-2026-33557, and CVE-2026-33558: Vulnerabilities in Apache Kafka, up to 9.1 rating π₯
Two new vulnerabilities in Apache Kafka: the first allows attacker to generate their own JWT from any issuer, the second flow is the sensitive information disclosure, if the NetworkClient component is set to the DEBUG log level.
Search at Netlas.io:
π Link: https://nt.ls/M6oTa
π Dork: http.title:βkafkaβ OR http.title:βApache Kafkaβ OR http.body:βkafkaβ OR http.body:βApache Kafkaβ
Read more: https://kafka.apache.org/community/cve-list/
Two new vulnerabilities in Apache Kafka: the first allows attacker to generate their own JWT from any issuer, the second flow is the sensitive information disclosure, if the NetworkClient component is set to the DEBUG log level.
Search at Netlas.io:
π Link: https://nt.ls/M6oTa
π Dork: http.title:βkafkaβ OR http.title:βApache Kafkaβ OR http.body:βkafkaβ OR http.body:βApache Kafkaβ
Read more: https://kafka.apache.org/community/cve-list/
π₯4π3β€2
CVE-2026-21571: OS Command Injection in Atlassian Bamboo Data Center, 9.4 rating π₯
RCE vulnerability in Atlassian Bamboo Data Center allows an authenticated attacker to execute commands on affected servers. It may cause to full server compromise.
Search at Netlas.io:
π https://nt.ls/KqPWl
Vendor's advisory: https://jira.atlassian.com/browse/BAM-26364
RCE vulnerability in Atlassian Bamboo Data Center allows an authenticated attacker to execute commands on affected servers. It may cause to full server compromise.
Search at Netlas.io:
π https://nt.ls/KqPWl
Vendor's advisory: https://jira.atlassian.com/browse/BAM-26364
π₯5π3π3
Netlas Python SDK & CLI v0.8.2 is now available via
This release adds SDK and CLI support for the new Private Scanner Reports feature introduced in Netlas v1.7.
Details at https://docs.netlas.io/changelog/
pip and brew.This release adds SDK and CLI support for the new Private Scanner Reports feature introduced in Netlas v1.7.
Details at https://docs.netlas.io/changelog/
docs.netlas.io
Changelog - Netlas Docs
Explore the latest updates, enhancements, and fixes on the Netlas platform. Stay informed with our Changelog for all product and feature developments.
π₯8
π§ Planned Maintenance
Netlas will be unavailable for up to two hours on the weekend of April 26, 2026, starting at 08:00 UTC.
We will be reconfiguring our network. We expect the downtime to be no longer than two hours and will work to complete it as quickly as possible.
Thank you for your understanding and patience. We are sorry for any inconvenience this may cause.
Netlas will be unavailable for up to two hours on the weekend of April 26, 2026, starting at 08:00 UTC.
We will be reconfiguring our network. We expect the downtime to be no longer than two hours and will work to complete it as quickly as possible.
Thank you for your understanding and patience. We are sorry for any inconvenience this may cause.
π’2β€1π1π₯°1
CVE-2026-3844: Unrestricted Arbitrary File Upload in Breeze WordPress plugin, 9.8 rating π₯
Unrestricted Arbitrary File Upload in Breeze WordPress plugin allows an unauthenticated attacker to upload web shell and execute it remotely. This vulnerability is already being actively exploited in the wild!
Search at Netlas.io:
π https://nt.ls/61VeQ
π Dork: http.body:"plugins/breeze"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/breeze/breeze-cache-244-unauthenticated-arbitrary-file-upload-via-fetch-gravatar-from-remote
Unrestricted Arbitrary File Upload in Breeze WordPress plugin allows an unauthenticated attacker to upload web shell and execute it remotely. This vulnerability is already being actively exploited in the wild!
Search at Netlas.io:
π https://nt.ls/61VeQ
π Dork: http.body:"plugins/breeze"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/breeze/breeze-cache-244-unauthenticated-arbitrary-file-upload-via-fetch-gravatar-from-remote
π₯4π2β€1
CVE-2026-42231 and CVE-2026-42232: Two Prototype Pollution vulnerabilities in n8n, 9.4 & 10.0 rating π₯π₯
Two recently disclosed Prototype Pollution vulnerabilities in n8n allow an authenticated attacker to execute arbitrary code on the server.
Search at Netlas.io:
π https://nt.ls/beZWa
π Dork: http.title:"n8n.io - Workflow Automation"
Read more: https://github.com/n8n-io/n8n/security
Two recently disclosed Prototype Pollution vulnerabilities in n8n allow an authenticated attacker to execute arbitrary code on the server.
Search at Netlas.io:
π https://nt.ls/beZWa
π Dork: http.title:"n8n.io - Workflow Automation"
Read more: https://github.com/n8n-io/n8n/security
β€4π2π₯2
CVE-2026-42208: SQL Injection in LiteLLM, 9.3 rating π₯
Pre-authentication SQL Injection in LiteLLM allows an attacker to read data from the proxy's database and modify it. This vulnerability is already being actively exploited in the wild!
Search at Netlas.io:
π https://nt.ls/4MNkt
π Dork: http.title:LiteLLM OR http.favicon.hash_sha256:26e3e882e76c2dc171b1bda49455641e812b3524f1692729b1fde849b7d52a6f
Read more: https://webflow.sysdig.com/blog/cve-2026-42208-targeted-sql-injection-against-litellms-authentication-path-discovered-36-hours-following-vulnerability-disclosure
Pre-authentication SQL Injection in LiteLLM allows an attacker to read data from the proxy's database and modify it. This vulnerability is already being actively exploited in the wild!
Search at Netlas.io:
π https://nt.ls/4MNkt
π Dork: http.title:LiteLLM OR http.favicon.hash_sha256:26e3e882e76c2dc171b1bda49455641e812b3524f1692729b1fde849b7d52a6f
Read more: https://webflow.sysdig.com/blog/cve-2026-42208-targeted-sql-injection-against-litellms-authentication-path-discovered-36-hours-following-vulnerability-disclosure
β€2π2π₯°2π₯1
This media is not supported in your browser
VIEW IN TELEGRAM
π Introducing the Netlas Docs MCP Server
We believe most of you already use AI agents in your daily work, so we decided to make Netlas easier to use with them.
Meet the Netlas Docs MCP Server β a simple way to give AI assistants direct access to the latest Netlas documentation and reference data.
Now your assistant can:
β’ find exact field names for queries
β’ explain how data is indexed and searched
β’ check API endpoints and formats
β’ pull up-to-date plan and feature details
If you rely on Netlas for research, automation, or bug bounty work, this helps your AI tools stay accurate and up to date.
π Get started: https://docs.netlas.io/knowledge-base/mcp-server/
We believe most of you already use AI agents in your daily work, so we decided to make Netlas easier to use with them.
Meet the Netlas Docs MCP Server β a simple way to give AI assistants direct access to the latest Netlas documentation and reference data.
Now your assistant can:
β’ find exact field names for queries
β’ explain how data is indexed and searched
β’ check API endpoints and formats
β’ pull up-to-date plan and feature details
If you rely on Netlas for research, automation, or bug bounty work, this helps your AI tools stay accurate and up to date.
π Get started: https://docs.netlas.io/knowledge-base/mcp-server/
π₯7β€βπ₯2π2β€1
CVE-2026-0204 and other: Several vulnerabilities in SonicWall SonicOS, up to 8.0 rating π₯
Several vulnerabilities in SonicWall SonicOS allow attacker to bypass access controls, to interact with usually restricted services, or to crash a firewall.
Search at Netlas.io:
π Link: https://nt.ls/H8DoW
π Dork: http.favicon.hash_sha256:6bb6f64adaa6a7ed4da10a2fe4edf4cb4d9914aa742c7ad607ca4ca678dcd3f1 OR certificate.subject_dn:"HTTPS Management Certificate for SonicWALL (self-signed)"
Vendor's advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004
Several vulnerabilities in SonicWall SonicOS allow attacker to bypass access controls, to interact with usually restricted services, or to crash a firewall.
Search at Netlas.io:
π Link: https://nt.ls/H8DoW
π Dork: http.favicon.hash_sha256:6bb6f64adaa6a7ed4da10a2fe4edf4cb4d9914aa742c7ad607ca4ca678dcd3f1 OR certificate.subject_dn:"HTTPS Management Certificate for SonicWALL (self-signed)"
Vendor's advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004
π₯4β€2π2
CVE-2026-23918 and other: Several vulnerabilities in Apache HTTP Server, up to 8.8 rating π₯
Several vulnerabilities in Apache HTTP Server allow attacker to achieve RCE on the server, to bypass authentication, or escalate privileges.
Search at Netlas.io:
π Link: https://nt.ls/I4fYP
π Dork: tag.name:"apache_http_server"
Vendor's advisory: https://httpd.apache.org/security/vulnerabilities_24.html
Several vulnerabilities in Apache HTTP Server allow attacker to achieve RCE on the server, to bypass authentication, or escalate privileges.
Search at Netlas.io:
π Link: https://nt.ls/I4fYP
π Dork: tag.name:"apache_http_server"
Vendor's advisory: https://httpd.apache.org/security/vulnerabilities_24.html
π₯5β€1π1
CVE-2026-23870: DoS in React Server Components, 7.5 rating π₯
DoS vulnerability in React Server Components allows an attacker to disable the web application by exhausting server resources. This vulnerability requires a specific architectural setup to be exploited.
Search at Netlas.io:
π Link: https://nt.ls/akCFc
π Dork: tag.name:"react"
Vendor's advisory: https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh
DoS vulnerability in React Server Components allows an attacker to disable the web application by exhausting server resources. This vulnerability requires a specific architectural setup to be exploited.
Search at Netlas.io:
π Link: https://nt.ls/akCFc
π Dork: tag.name:"react"
Vendor's advisory: https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh
π₯5π2β€1
CVE-2026-29202 & CVE-2026-29203: Two vulnerabilities in cPanel, 8.8 rating π₯
The first vulnerability in cPanel allows an attacker to execute arbitrary commands directly on the server via Perl injection (CVE-2026-29202). The second one (CVE-2026-29203) leads to denial of service and possible privilege escalation.
Search at Netlas.io:
π Link: https://nt.ls/2en2n
π Dork: http.title:cpanel OR http.headers.set_cookie:"cprelogin" OR http.headers.set_cookie:"cpsession"
Vendor's advisory: https://support.cpanel.net/hc/en-us/articles/40311426610327-Security-CVE-2026-29202-cPanel-WHM-WP2-Security-Update-May-08-2026
https://support.cpanel.net/hc/en-us/articles/40311543760407-Security-CVE-2026-29203-cPanel-WHM-WP2-Security-Update-May-08-2026
The first vulnerability in cPanel allows an attacker to execute arbitrary commands directly on the server via Perl injection (CVE-2026-29202). The second one (CVE-2026-29203) leads to denial of service and possible privilege escalation.
Search at Netlas.io:
π Link: https://nt.ls/2en2n
π Dork: http.title:cpanel OR http.headers.set_cookie:"cprelogin" OR http.headers.set_cookie:"cpsession"
Vendor's advisory: https://support.cpanel.net/hc/en-us/articles/40311426610327-Security-CVE-2026-29202-cPanel-WHM-WP2-Security-Update-May-08-2026
https://support.cpanel.net/hc/en-us/articles/40311543760407-Security-CVE-2026-29203-cPanel-WHM-WP2-Security-Update-May-08-2026
π₯5β€1π1
CVE-2026-43640: Missing authentication in JetBrains TeamCity, 8.2 rating π₯
Vulnerability in JetBrains TeamCity allows an authenticated user to expose server API to unauthorized access.
Search at Netlas.io:
π Link: https://nt.ls/7tWNf
π Dork: http.headers.set_cookie:TCSESSIONID OR http.title:"teamcity" OR http.unknown_headers.key:"teamcity_node_id" OR http.meta:"teamcity"
Read more:
https://www.jetbrains.com/privacy-security/issues-fixed/
Vulnerability in JetBrains TeamCity allows an authenticated user to expose server API to unauthorized access.
Search at Netlas.io:
π Link: https://nt.ls/7tWNf
π Dork: http.headers.set_cookie:TCSESSIONID OR http.title:"teamcity" OR http.unknown_headers.key:"teamcity_node_id" OR http.meta:"teamcity"
Read more:
https://www.jetbrains.com/privacy-security/issues-fixed/
π₯3β€1π1