new tests
March 14, 2025
Now testing for the following vulnerabilities
New tests built and released by Alfred, our AI Security Researcher:
Haven't met Alfred yet? You can read more about how we're using AI to discover, source, and build tests for CVEs here.
- CVE-2023-32315: Openfire Administration Console Authentication Bypass [9.8 / Critical]
- CVE-2022-2487: Wavlink WN535K2/WN535K3 OS Command Injection [9.8 / Critical]
- CVE-2021-45232: Apache APISIX Dashboard <2.10.1 API Unauthorized Access [9.8 / Critical]
- CVE-2021-21972: VMware vSphere Client (HTML5) RCE [9.8 / Critical]
- CVE-2021-20090: Buffalo WSR-2533DHPL2 Path Traversal [9.8 / Critical]
- CVE-2020-28188: TerraMaster TOS RCE [9.8 / Critical]
- CVE-2020-15920: Mida eFramework <= 2.9.0 RCE [9.8 / Critical]
- CVE-2019-3929: Barco WePresent file_transfer.cgi RCE [9.8 / Critical]
- CVE-2018-1273: Spring Data Commons RCE [9.8 / Critical]
- CVE-2017-1000353: Jenkins Unauthenticated Java Deserialization RCE [9.8 / Critical]
- CVE-2017-17562: Embedthis GoAhead < 3.6.5 RCE [8.1 / High]
- CVE-2017-5521: NETGEAR Routers Authentication Bypass [9.8 / Critical]
- CVE-2016-6277: NETGEAR Router RCE [8.8 / High]
- CVE-2015-2794: DotNetNuke 07.04.00 Authentication Bypass [9.8 / Critical]
- CVE-2014-6287: HTTP File Server <2.3c RCE [9.8 / Critical]
- CVE-2013-7091: Zimbra Collaboration Server Path Traversal [5.3 / Medium]
- CVE-2012-4958: NFR Agent FSFUI Record Arbitrary Path Traversal [7.5 / High]
- CVE-2007-3010: Alcatel-Lucent OmniPCX RCE [9.8 / Critical]
- CVE-2022-35405: Zoho ManageEngine Password Manager Pro XML-RPC Java Deserialization RCE [9.8 / Critical]
- CVE-2021-27561: Yealink DM 3.6.0.20 RCE [9.8 / Critical]
- CVE-2016-6601: WebNMS Framework Server Path Traversal [7.5 / High]
- CVE-2025-24752: WordPress Plugin "Elementor Website Builder / More Than Just a Page Builder" (elementor) < 3.15 DOM Based XSS [6.5 / Medium]
- CVE-2024-54767: FRITZ!Box Configuration Exposure [7.5 / High]
- CVE-2024-52763: Ganglia-Web XSS [5.4 / Medium]
- CVE-2024-52762: Ganglia-Web XSS [5.4 / Medium]
- Ektron CMS SearchService XXE [8.1 / High]
- Enghouse Trio Enterprise Command Injection [9.8 / Critical]
- Lighttpd Server Config Exposure [5.3 / Medium]
- Optimizely (previously episerver) API Reflected XSS [5.3 / Medium]
New tests released by Detectify staff:
- CVE-2024-50967: DATAGERRY Improper Access Control [7.5 / High]
- CVE-2024-6842: AnythingLLM - Information Disclosure [7.5 / High]
- HTML-Comment SQL Query Exposure [0.0 / Information]
- N8N Public Registration [9.1 / Critical]
Improved tests to reduce false negatives:
- Express Stack Trace [4.4 / Medium]
Happy Pi Day!
Thanks for your feedback