Netlas.io
2.21K subscribers
387 photos
3 videos
525 links
Explore the latest in cybersecurity with Netlas.io. Stay ahead with updates on high-profile vulnerabilities, expert tutorials, essential safety tips, and the latest Netlas developments.
Download Telegram
CVE-2026-47367 and other: Improper Input Validation vulnerabilities in Ubiquiti UniFi OS, 9.9 rating 🔥

Several improper input validation and other weaknesses allow low-privileged attacker to execute command injection and possible to compromise network.

Search at Netlas.io:
👉 Link: https://nt.ls/TczjZ
👉 Dork: tag.name:"ubiquiti_unifi"

Vendor's advisory:
https://community.ui.com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a
👍3🔥3👾21
CVE-2026-48062: Arbitrary code execution in CodeIgniter, 9.8 rating 🔥

Uploaded file extension validation bypass in PHP framework CodeIgniter may in some cases lead to arbitrary code execution.

Search at Netlas.io:
👉 Link: https://nt.ls/HPzgw
👉 Dork: tag.name:codeigniter

Vendor's advisory:
https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-2gr4-ppc7-7mhx
🔥4👾21🤣1
CVE-2026-10829: Remote code execution in Moxa NPort, 8.6 rating 🔥

A stack-based buffer overflow in Moxa NPort allows an attacker to corrupt memory by sending crafted input. It could achieve remote code execution with root privileges.

Search at Netlas.io:
👉 Link: https://nt.ls/12mUL
👉 Dork: http.title:"NPort Web Console" OR http.headers.server:"MoxaHttp" OR http.body:"NPort Web Console" OR http.body:"<TITLE>OnCell" OR http.body:"<TITLE>Moxa OnCell"

Vendor's advisory:
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-261910-cve-2026-10828,-cve-2026-10829-use-of-externally-controlled-format-string-and-stack-based-buffer-overflow-v
🔥61👍1👾1
CVE-2026-8713: Arbitrary file deletion in Avada Builder WordPress plugin, 9.1 rating 🔥

New vulnerability in Avada Builder WordPress plugin (formerly Fusion Builder) allows an unauthenticated attacker to delete any file on the server. It can easily lead to remote code execution when the right file is deleted.

Search at Netlas.io:
👉 Link: https://nt.ls/ohFG5
👉 Dork: http.body:"wp-content/plugins/fusion-builder"

Read more:
https://www.wordfence.com/blog/2026/06/critical-unauthenticated-arbitrary-file-deletion-vulnerability-patched-in-avada-builder-wordpress-plugin/
4🔥3👾1
CVE-2026-12046: RCE vulnerability in pgAdmin 4, 9.5 rating 🔥

Two SQL Editor endpoints were missing the login-required decorator and were reachable without authentication in server mode. This exposes an unauthenticated remote code execution path in the pgAdmin process.

Search at Netlas.io:
👉 Link: https://nt.ls/jbYEF
👉 Dork: http.title:"pgAdmin" OR http.headers.set_cookie:"pga4_session=" OR http.favicon.hash_sha256:c3251099ffc5ed057dcbb624adbe79fa5794a0c64684442c1eaf1abc3edf7bde OR http.favicon.hash_sha256:6afa287fc6721817d9931bd8d7a796646ea535596f8bb038ff048666e19cfd17

Read more:
https://github.com/pgadmin-org/pgadmin4/issues/10072
2🔥2👾2👍1
CVE-2026-52813 & CVE-2026-52806 & CVE-2026-52811: Three RCE vulnerabilities in gogs, up to 10.0 rating 🔥

Recently disclosed vulnerabilities in gogs allow an attacker to execute arbitrary code. PoC exist for all three!

Search at Netlas.io:
👉 Link: https://nt.ls/A9o6h
👉 Dork: tag.name:gogs

Read more:
https://github.com/gogs/gogs/security
🔥51👍1👾1
CVE-2026-49869 & CVE-2026-53576: Two RCE vulnerabilities in kestra, 10.0 rating 😱

Recently disclosed vulnerabilities in Kestra allow an unauthenticated remote attacker to execute arbitrary code as root.

Search at Netlas.io:
👉 Link: https://nt.ls/58ToN
👉 Dork: http.title:kestra OR http.favicon.hash_sha256:26119c9b0a6c4e82ae8c2d367e4a7cb56a30c4da664b7185d14f6fbdf50f8ec8

Read more:
https://github.com/kestra-io/kestra/security
🔥31
CVE-2026-48276 and other: A lot of vulnerabilities in Adobe ColdFusion, 6 of them are 10.0 rating 😱

The last Adobe security bulletin disclosed 6 RCE vulnerabilities in Adobe ColdFusion with highest severity and other critical issues such as arbitrary file read and privilege escalation.

Search at Netlas.io:
👉 Link: https://nt.ls/GxXdK
👉 Dork: tag.name:"adobe_coldfusion"

Vendor's advisory:
https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html
4
🚧 Planned Maintenance

Netlas will be unavailable for up to an hour today, starting at 11:30 UTC.

We have to reboot the whole system after maintenance. Thank you for your understanding and patience. We are sorry for any inconvenience this may cause.
🕊3
CVE-2026-57517: Blind SQL Injection in Control Web Panel, 9.8 rating 🔥

SQL Injection flow in Control Web Panel allows remote code execution. PoC is now available!

Search at Netlas.io:
👉 Link: https://nt.ls/biQe7
👉 Dork: http.title:"CWP ADMIN" OR http.favicon.hash_sha256:69cd33a03067a7a00b6a743e52b357cd46ffdfeb1d72beaf44f2ffd9abfc153a OR http.headers.server:cwpsrv

Read more:
https://karmainsecurity.com/KIS-2026-12
🔥42👍1👾1
CVE-2026-12184: Remote DoS in PHP, 8.2 rating 🔥

Failure to setup TLS handshake with a remote server can lead to DoS.

Search at Netlas.io:
👉 Link: https://nt.ls/pjJC5
👉 Dork: tag.name:php

Vendor's advisory:
https://github.com/php/php-src/security/advisories/GHSA-mhmq-mmqj-2v39
🔥32👍2