LeakIX
LightNews LightNews
banner
leakix.bsky.social
LeakIX
@leakix.bsky.social
77 followers 2 following 35 posts
Maintaining and reporting for LeakIX.

We are NOT affiliated with any ransomware campaign.
http://mastodon.social/@leakix
Posts Replies Media Videos
leakix.bsky.social
🚨 New plugin: React2ShellPlugin (CVE-2025-55182).

React Server Components RCE vulnerability detection - Next.js applications affected by critical remote code execution vulnerabilities.

Results: https://leakix.net/search?page=0&q=%2Bplugin%3AReact2ShellPlugin&scope=leak
picture
December 5, 2025 at 8:49 AM
leakix.bsky.social
🚨 New plugin: EzGED3Plugin (CVE-2025-51539).

EzGED3 pre-authentication arbitrary file read vulnerability detection - may lead to admin takeover.

Results: https://leakix.net/search?q=%2Bplugin%3AEzGED3Plugin&scope=leak
picture
December 5, 2025 at 8:00 AM
leakix.bsky.social
🚨 New plugin: FreePBXPlugin (CVE-2025-57819).

FreePBX unauthenticated SQL injection vulnerability detection - may lead to RCE.

Results: https://leakix.net/search?q=%2Bplugin%3AFreePBXPlugin&scope=leak
picture
December 4, 2025 at 8:00 AM
leakix.bsky.social
🚨 New plugin: TraccarPlugin (CVE-2025-61666).

Traccar local file inclusion vulnerability detection - may expose configuration files.

Results: https://leakix.net/search?q=%2Bplugin%3ATraccarPlugin&scope=leak
picture
December 3, 2025 at 8:00 AM
leakix.bsky.social
🚨 New plugin: KestrelPlugin (CVE-2025-55315).

Kestrel HTTP request smuggling vulnerability detection.

Results: https://leakix.net/search?q=%2Bplugin%3AKestrelPlugin&scope=leak
picture
December 2, 2025 at 8:00 AM
leakix.bsky.social
🚨 New plugin: XWikiPlugin (CVE-2025-24893, CVE-2025-32429, CVE-2025-52472, CVE-2025-55748).

XWiki multiple critical vulnerabilities detection - RCE, SQL/HQL injection, and path traversal.

Results: https://leakix.net/search?q=%2Bplugin%3AXWikiPlugin&scope=leak
picture
December 1, 2025 at 8:00 AM
leakix.bsky.social
🚨 New plugin: FlowiseVersionPlugin.

Flowise vulnerability detection - detects 15+ CVEs including RCE, file upload, and SSRF vulnerabilities.

Results: https://leakix.net/search?q=%2Bplugin%3AFlowiseVersionPlugin&scope=leak
picture
November 27, 2025 at 8:00 AM
leakix.bsky.social
🚨 New plugin: WazuhPlugin (CVE-2025-24016).

Wazuh default credentials and RCE vulnerability detection - RCE possible on multi-node configurations, versions 4.4.0 to 4.9.1 affected.

Results: https://leakix.net/search?q=%2Bplugin%3AWazuhPlugin&scope=leak
picture
November 26, 2025 at 8:00 AM
leakix.bsky.social
🚨 New plugin: ICTBroadcastRcePlugin (CVE-2025-2611).

ICTBroadcast unauthenticated RCE vulnerability detection.

Results: https://leakix.net/search?q=%2Bplugin%3AICTBroadcastRcePlugin&scope=leak
picture
November 25, 2025 at 8:00 AM
leakix.bsky.social
🚨 New plugin: SpipRcePlugin (CVE-2024-8517).

SPIP BigUp plugin pre-authentication RCE vulnerability detection.

Results: https://leakix.net/search?q=%2Bplugin%3ASpipRcePlugin&scope=leak
picture
November 24, 2025 at 8:00 AM
leakix.bsky.social
🚨 New plugin: ViciboxVersionPlugin (CVE-2024-8503, CVE-2024-8504).

VICIdial outdated version detection - unauthenticated SQL injection and authenticated RCE, versions <= 2.14-917a affected.

Results: https://leakix.net/search?q=%2Bplugin%3AViciboxVersionPlugin&scope=leak
picture
November 21, 2025 at 8:00 AM
leakix.bsky.social
🚨 New plugin: NCentralPlugin (CVE-2025-9316, CVE-2025-11700).

N-able N-Central session bypass and XXE vulnerability detection - XXE allows reading critical files.

Results: https://leakix.net/search?q=%2Bplugin%3ANCentralPlugin&scope=leak
picture
November 20, 2025 at 3:01 PM
leakix.bsky.social
🚨 New plugin: MagentoXxePlugin (CVE-2024-34102, CosmicSting).

Magento XXE injection vulnerability detection - may expose sensitive files, RCE possible in some cases.

Results: https://leakix.net/search?q=%2Bplugin%3AMagentoXxePlugin&scope=leak
picture
November 20, 2025 at 8:00 AM
leakix.bsky.social
🚨 Plugin update: PaloAltoPlugin (CVE-2024-3400, CVE-2025-0133).

PaloAlto PAN-OS XSS vulnerability detection added - GlobalProtect portal affected.

Results: https://leakix.net/search?q=%2Bplugin%3APaloAltoPlugin&scope=leak
picture
November 19, 2025 at 8:00 AM
leakix.bsky.social
🚨 New plugin: GeoserverRcePlugin (CVE-2024-36401).

GeoServer RCE vulnerability detection via GetPropertyValue in WFS requests.

Results: https://leakix.net/search?q=%2Bplugin%3AGeoserverRcePlugin&scope=leak
picture
November 18, 2025 at 8:00 AM
leakix.bsky.social
🚨 New plugin: SwaggerUIPlugin.

Swagger API documentation public exposure detection - may expose API endpoints, parameters, and data structures.

Results: https://leakix.net/search?q=%2Bplugin%3ASwaggerUIPlugin&scope=leak
picture
November 17, 2025 at 8:00 AM
leakix.bsky.social
🚨 New plugin: PrometheusPlugin.

Prometheus server public exposure detection - may expose metrics, configuration, and infrastructure information.

Results: https://leakix.net/search?q=%2Bplugin%3APrometheusPlugin&scope=leak
picture
November 14, 2025 at 8:00 AM
leakix.bsky.social
🚨 New plugin: GraphQLIntrospectionPlugin.

GraphQL introspection enabled detection - may expose sensitive schema information and database structures.

Results: https://leakix.net/search?q=%2Bplugin%3AGraphQLIntrospectionPlugin&scope=leak
picture
November 13, 2025 at 8:00 AM
leakix.bsky.social
🚨 New plugin: WatchGuardFireboxPlugin (CVE-2025-59396).

WatchGuard Firebox default credentials allow administrative SSH access. CVE rejected by NVD: "Not a security vulnerability".

Results: https://leakix.net/search?q=%2Bplugin%3AWatchGuardFireboxPlugin&scope=leak
picture
November 12, 2025 at 3:41 PM
leakix.bsky.social
🚨 New plugin: GladinetPlugin (CVE-2025-11371, CVE-2025-30406, CVE-2025-12480).

Gladinet CentreStack/Triofox LFI, RCE, and auth bypass vulnerability detection.

Results: https://leakix.net/search?q=%2Bplugin%3AGladinetPlugin&scope=leak
picture
November 12, 2025 at 3:09 PM
leakix.bsky.social
🚨 New plugin: GLPIVersionPlugin.

GLPI vulnerability detection - detects 50+ CVEs including unauthenticated SQL injection, session hijacking, and account takeover.

Results: https://leakix.net/search?q=%2Bplugin%3AGLPIVersionPlugin&scope=leak
picture
November 12, 2025 at 8:00 AM
leakix.bsky.social
🚨 New plugin: MonstaFtpVersionPlugin (CVE-2025-34299).

MonstaFTP RCE vulnerability detection - versions < 2.11.3 affected.

Results: https://leakix.net/search?scope=leak&q=%2Bplugin%3AMonstaFtpVersionPlugin
picture
November 7, 2025 at 3:03 PM
leakix.bsky.social
🚨 New plugin: SessionReaperPlugin (CVE-2025-54236) added.

Multiple Adobe Commerce / Magento instances exposed. Patch ASAP.

Details: https://slcyber.io/assetnote-security-research-center/why-nested-deserialization-is-still-harmful-magento-rce-cve-2025-54236/

Query: +plugin:SessionReaperPlugin
picture
October 22, 2025 at 11:50 AM
leakix.bsky.social
🚨 New plugin for Oracle E-Business Suite's CVE-2025-61882 is up.

First huge plugin by Chocapikk 🥳

LeakIX now has OOB scanning capability!

The check based on actual vulnerability evaluation ( as opposed to Last-Modified fingerprinting that can be unreliable ).
picture picture
October 8, 2025 at 10:21 AM
leakix.bsky.social
🚨 New plugin for ViteJS's CVE-2025-30208 is up.

It's dev, nothing wrong can happen right?

Have fun.

Source: https://x.com/phithon_xg/status/1905351732500250711
image
April 11, 2025 at 3:26 PM