Netlas.io

Netlas Python SDK & CLI v0.8.2 is now available via pip and brew. This release adds SDK and CLI support for the new Private Scanner Reports feature introduced in Netlas v1.7. Details at docs.netlas.io/changelog/

CVE-2026-21571: OS Command Injection in Atlassian Bamboo Data Center, 9.4 rating 🔥 RCE vulnerability in Atlassian Bamboo Data Center allows an authenticated attacker to execute commands on affected servers. It may cause to full server compromise. 👉 nt.ls/KqPWl

CVE-2026-33557, and CVE-2026-33558: Vulnerabilities in Apache Kafka, up to 9.1 rating 🔥 Two new vulnerabilities in Apache Kafka: the first allows attacker to generate their own JWT from any issuer, the second flow is the sensitive information disclosure, if the NetworkClient component is set to the DEBUG log level. 👉 nt.ls/M6oTa

Netlas v1.7 is out New Private Scanner Reports, Datasets in NDJSON/JSONL, and many more improvements Details at docs.netlas.io/changelog/

CVE-2026-40530, CVE-2026-4036, and others: Vulnerabilities in Synology DSM, up to 8.0 rating 🔥 Several vulnerabilities in Synology DiskStation Manager (DSM) allow remote authenticated attacker to read or write files, conduct denial-of-service attacks, and obtain information, including arbitrary sharing files. 👉 nt.ls/Ap4pz

🤖 Abuse of Telegram Bot API • Learn how attackers use Telegram for C2, telemetry, and data exfiltration • See detailed case studies with real IOCs • Understand stable detection patterns that work beyond hashes and domains netlas.io/blog/abuse_of_…

CVE-2026-32201: Microsoft SharePoint Server Spoofing Vulnerability, 6.5 rating ❗️ Improper input validation in Microsoft SharePoint Server allows an unauthorized attacker to perform spoofing over a network and view sensitive internal data or make unauthorized changes. This vulnerability is already being actively exploited in the wild! 👉 nt.ls/DjQpd

CVE-2026-40175: Unrestricted Cloud Metadata Exfiltration in Axios, 10.0 rating😱 A critical security vulnerability in Axios allows prototype pollution in any third-party dependency to be escalated into RCE or Full Cloud Compromise. PoC is now available! 👉 nt.ls/i7rT8

CVE-2026-5173, CVE-2026-1092, CVE-2025-12664 and other: Vulnerabilities in GitLab CE and EE, up to 8.5 rating 🔥 Several vulnerabilities in GitLab could compromise code integrity and allow an unauthenticated user to cause denial of service. 👉nt.ls/QGxUF

CVE-2026-4112 and other: SQL injection and TOTP vulnerabilities in SonicWall SMA 1000 Series, up to 7.2 rating ❗️ The most severe vulnerability (SQL injection) allows remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator. Search at Netlas.io: 👉 Link: nt.ls/mzseI 👉 Dork: http.favicon.hash_sha256:6bb6f64adaa6a7ed4da10a2fe4edf4cb4d9914aa742c7ad607ca4ca678dcd3f1 OR certificate.subject_dn:"HTTPS Management Certificate for SonicWALL (self-signed)" Vendor's advisory: psirt.global.sonicwall.com/vuln-detail/SN…

🔄 How to Find Unprotected Databases — Chapter 2 A Netlas beginner’s guide — now republished on our blog (moved from Medium). Reviewed and updated. 🕒 5 min read netlas.io/blog/how_to_fi…

CVE-2026-0740: Vulnerability in Ninja Forms WordPress plugin, 9.8 rating 🔥 The vulnerability allows unauthenticated attackers to upload arbitrary files to a vulnerable site and achieve remote code execution. 👉 nt.ls/rkM7h

CVE-2026-3429, CVE-2026-4636 and others in Keycloak Several vulnerabilities in Keycloak allow attackers to bypass MFA, steal access tokens, and access confidential user data. 👉 nt.ls/Ooqi1 (nt.ls/Ooqi1)

⭐️ Ever wondered how professional threat intelligence feeds are actually built? Our partners at RST Cloud pull back the curtain on their approach to threat hunting. #ThreatIntel netlas.io/blog/с2_huntin…

🔄 Netlas and Uncover The article has been updated. All commands were reviewed and tested. 👉🏼 Read the guide: netlas.io/blog/netlas_an…

We’ve revised the Netlas Terms & Conditions and API & Data License Agreement. The updated terms take effect on March 6, 2026. Details: netlas.io/blog/terms_upd…

Netlas v1.6 is out 🔍 Private Scanner now supports “Scan all ports” — non-intrusive scans across 65,536 TCP ports. 🆕 Added CWMP protocol support. ⚠️ Breaking change: updated Discovery API response format for groups. Details at docs.netlas.io/changelog/

CVE-2026-1490: Vulnerability in CleanTalk WordPress plugin, 9.8 rating 🔥 The vulnerability allows attackers to install any plugin on an affected website, which could be the first step in any attack chain. Search at Netlas.io: 👉 Link: nt.ls/wZ4Qu