new tests
April 25, 2025
Now testing for the following vulnerabilities
New tests built and released by Alfred, our AI Security Researcher:
Haven't met Alfred yet? You can read more about how we're using AI to discover, source, and build tests for CVEs here.
- CVE-2022-29303: SolarView Compact RCE [9.8 / Critical]
- CVE-2022-2488: Wavlink "touchlist_sync.cgi" Command Injection [9.8 / Critical]
- CVE-2021-42071: Visual Tools "DVR VX16" RCE [9.8 / Critical]
- CVE-2018-7422: WordPress Plugin "Site Editor" (site-editor) Local File Inclusion [9.1 / Critical]
- CVE-2017-14849: Node.js Directory Traversal [7.5 / High]
New tests released based on submissions by our Detectify Crowdsource hackers:
- CVE-2025-3248: Langflow Remote Code Execution [9.8 / Critical]
- CVE-2024-57050: TP-Link WR840N Auth Bypass [9.8 / Critical]
- CVE-2023-49489: KodExplorer XSS [6.1 / Medium]
- CVE-2023-39026: FileMage Directory Traversal [7.5 / High]
- CVE-2023-31478: GL.iNET SSID Key Disclosure [5.3 / Medium]
- CVE-2022-37122: Carel pCOWeb HVAC BACnet Gateway LFI [7.5 / High]
- CVE-2019-16758: Lexmark Services Monitor Directory Traversal [7.5 / High]
- 3CX PBX setup file exposure [5.3 / Medium]
- Anteon Dashboard Exposure [5.3 / Medium]
- D-Link DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure [5.3 / Medium]
- Dnsmasq Configuration Disclosure [5.3 / Medium]
- Dozzle Interface Exposure [5.3 / Medium]
- Lightstreamer Dashboard Exposure [5.3 / Medium]
- Ruijie EasyGate (EG) RCE [9.8 / Critical]
- Shopify Configuration Exposure [5.3 / Medium]
- Syncthing interface exposure [5.3 / Medium]
- Vaultwarden Admin Dashboard Exposure [9.4 / Critical]
- Vercel Config Exposure [5.3 / Medium]
- Webmin Miniserv Configuration Exposure [5.3 / Medium]
New tests released by Detectify staff:
- CVE-2024-50340: Symfony Profiler Information Disclosure [5.3 / Medium]
- Salesforce Reflected XSS [6.5 / Medium]
Improved tests to reduce false positives:
- CVE-2024-34102: Adobe Commerce & Magento XXE [9.8 / Critical]
- Gzip Archive Exposure [5.6 / Medium]
- Gzip Database Exposure [5.6 / Medium]
Improved tests to reduce false negatives:
- CVE-2020-7980: Satellian Intellian Aptus Web <= 1.24 RCE [9.8 / Critical]
- CVE-2019-12276: GrandNode Path Traversal & Arbitrary File Download [7.5 / High]
- Salesforce Reflected XSS [4.4 / Medium]
Thanks for your feedback