new tests
May 16, 2025
Now testing for the following vulnerabilities
New tests built and released by Alfred, our AI Security Researcher:
Haven't met Alfred yet? You can read more about how we're using AI to discover, source, and build tests for CVEs here.
- CVE-2021-1498: Cisco HyperFlex HX Data Platform RCE [9.8 / Critical]
- CVE-2020-9376: D-LINK DIR-610 Information Disclosure [7.5 / High]
New tests released based on submissions by our Detectify Crowdsource hackers:
- CVE-2025-31161: Crush FTP Authentication Bypass [9.8 / Critical]
- CVE-2025-31137: React Router URL Manipulation [7.2 / High]
- CVE-2025-4428: Ivanti Endpoint Manager Mobile RCE [7.2 / High]
- CVE-2025-3472: WordPress Plugin "Ocean Extra" (ocean-extra) Arbitrary Shortcode Execution [9.8 / Critical]
- CVE-2024-51739: Combodo iTop User Enumeration [5.3 / Medium]
- CVE-2024-32870: Combodo iTop Information Disclosure [5.8 / Medium]
- CVE-2022-28508: MantisBT Reflected XSS [6.1 / Medium]
- Content-Security-Policy Bypass via Akamai [3.8 / Low]
- Visual Studio Code Debug Configuration ("launch.json") Exposure [3.7 / Low]
- Ntfy Interface Exposure [5.3 / Medium]
- Symfony Debug Token Exposure [4.4 / Medium]
Improved tests to reduce false negatives:
- Geoserver Default Credentials [7.3 / High]
Improved finding information:
- EMQX Admin API Default Credentials [7.5 / High]
Thanks for your feedback