🚨 Active Exploitation of Gladinet CentreStack and Triofox Local File Inclusion Flaw (CVE-2025-11371)

I've created a vulnerability detection script here: github.com/rxerium/CVE-...

As reported by Huntress this is an unauthenticated Local File Inclusion flaw in Gladinet CentreStack and Triofox.

🚨 Critical — CVE-2025-10035 (CVSS 10.0): Fortra has disclosed a deserialization flaw in the GoAnywhere MFT License Servlet that can allow remote command-injection.

I've created a #nuclei script to detect vulnerable instances at scale:
github.com/rxerium/CVE-...

Detection for critical SAP Netweaver vulnerability (CVE-2025-42944):
github.com/rxerium/CVE-...

🚨 New zero day added to the CISA KEV under an hour ago and is actively being exploited in the wild - CVE-2025-53690; CVSS 9.0 (Critical)

Check to see if you're vulnerable:
github.com/rxerium/CVE-...

Patches / workarounds are available:
support.sitecore.com/kb?id=kb_art...

I've created a vulnerability script for CVE-2025-8875 and CVE-2025-8876 - both currently being actively exploited in the wild as reported by @cisacyber.

Detection script:
github.com/rxerium/CVE-...

Patches are available:
status.n-able.com/2025/08/13/a...

Catch me at #BSidesVegas or #DEFCON - I’ll be handing out exclusive UK OSINT swag. Come say hi and snag some before its all gone! 👋

Detection script for Micollab SQL injection vulnerability, tagged CVE-2025-52914 (high severity):
github.com/rxerium/CVE-...

www.mitel.com/support/secu...

I’m thrilled to be speaking at DEFCON in Las Vegas this year!

I’ll be sharing insights from my recent contributions to the OWASP Amass project and Project Discovery’s Nuclei, focusing on DNS-based techniques for Product and Service Discovery. More details below:

🚨 new zero day affecting crushFTP instances (CVE-2025-54309) being exploited in the wild:
~291,903 exposed devices running crushFTP (as of 19.07.25) according to @shodanhq:
`http.html:"crushftp"`

Patch now:
www.crushftp.com/crush11wiki/...

I've created a passive detection script to detect instances that are vulnerable to critical RCE tagged as CVE-2025-47812:
github.com/rxerium/CVE-...

Around ~4000 instances exposed to the internet as of 25.07.16
`http.favicon.hash:963565804`

I've created a script to detect CVE-2025-49113 based on versions exposed in the html body:
github.com/rxerium/CVE-...

Use at your own risk.

I've created a Nuclei template to detect this vulnerability looking at server headers:
t.co/FLyLb7I0sJ

i've created 2 detection scripts to check if websites have been seized by the #fbi - the first looks at the html body for common phrases and the other looks at nameservers.

nameserver detection:
github.com/projectdisco...

word matching:
github.com/projectdisco...

#security #CyberSecurity

esxi detection through Shodan: `html:"esxUiApp"`
buff.ly/r6l4pRN

you can use the PowerCLI tool to find versions though this only works locally:
`Get-VMhost | Select-Object Name,Version,Build`

508k instances still possibly vulnerable to CVE-2024-12084

we can't detect versions of rsync over the internet but we can extract protocols from which we can map to versions

vulnerable: <= 3.2.7 - protocol 31
unaffected: < 3.4.0 - protocol 32

https://buff.ly/4hx8udb