@leakix

552 Followers
32 Following
185 Posts

Maintaining and reporting for LeakIX.

We are NOT affiliated with any ransomware campaign.

Websitehttps://leakix.net
leakixMar 9

LeakIX is now available as a Metasploit module. Search, host lookups, subdomains, and leaks directly from msfconsole.

https://github.com/rapid7/metasploit-framework/pull/21002

leakixJan 2

🚨 Plugin update: ZimbraPlugin (CVE-2025-68645).

Zimbra Collaboration Suite 10.0 and 10.1 affected by unauthenticated LFI vulnerability.

Results: https://leakix.net/search?q=%2Btags%3Acve-2025-68645&scope=leak

leakixJan 2

🚨 New plugin: SmarterMailPlugin (CVE-2025-52691).

SmarterMail versions prior to Build 9413 affected by critical remote code execution vulnerability via arbitrary file upload.

Results: https://leakix.net/search?q=%2Bplugin%3ASmarterMailPlugin&scope=leak

leakixDec 30

🚨 New plugin: MongoBleedPlugin (CVE-2025-14847).

MongoDB Memory Leak vulnerability detection.

Results: https://leakix.net/search?page=0&q=%2Bplugin%3AMongoBleedPlugin&scope=leak

leakixDec 26

🚨 New plugin: N8nPlugin (CVE-2025-68613, CVE-2025-65964, CVE-2025-62726).

n8n Workflow Automation multiple vulnerabilities detection.

Results: https://leakix.net/search?q=%2Bplugin%3AN8nPlugin&scope=leak

leakixDec 12

🚨 New plugin: GeoserverXxePlugin (CVE-2025-58360).

GeoServer XXE vulnerability detection - XML External Entity injection in WMS GetMap operation, added to CISA KEV catalog.

Results: https://leakix.net/search?q=%2Bplugin%3AGeoserverXxePlugin&scope=leak

leakixDec 9

🚨 Plugin update: React2ShellPlugin (CVE-2025-55182).

Backdoor detection added - 16k+ Next.js servers detected with in-memory webshells allowing remote code execution.

Results: https://leakix.net/search?scope=leak&q=%2Bplugin%3AReact2ShellPlugin+%2Bdataset.infected%3Atrue

leakixDec 5

🚨 New plugin: React2ShellPlugin (CVE-2025-55182).

React Server Components RCE vulnerability detection - Next.js applications affected by critical remote code execution vulnerabilities.

Results: https://leakix.net/search?page=0&q=%2Bplugin%3AReact2ShellPlugin&scope=leak

leakixDec 5

🚨 New plugin: EzGED3Plugin (CVE-2025-51539).

EzGED3 pre-authentication arbitrary file read vulnerability detection - may lead to admin takeover.

Results: https://leakix.net/search?q=%2Bplugin%3AEzGED3Plugin&scope=leak

leakixDec 4

🚨 New plugin: FreePBXPlugin (CVE-2025-57819).

FreePBX unauthenticated SQL injection vulnerability detection - may lead to RCE.

Results: https://leakix.net/search?q=%2Bplugin%3AFreePBXPlugin&scope=leak