new tests
May 09, 2025
Now testing for the following vulnerabilities
New tests built and released by Alfred, our AI Security Researcher:
Haven't met Alfred yet? You can read more about how we're using AI to discover, source, and build tests for CVEs here.
- CVE-2022-1390: WordPress Plugin "Admin Word Count Column" (admin-word-count-column) Path Traversal [7.5 / High]
- CVE-2020-8515: DrayTek Router Web Management Page RCE [9.8 / Critical]
- CVE-2018-15535: Responsive FileManager Local File Inclusion [7.5 / High]
- CVE-2018-12634: CirCarLife SCADA Information Disclosure [7.5 / High]
New tests released based on submissions by our Detectify Crowdsource hackers:
- CVE-2025-31125: Vite Path Traversal [5.9 / Medium]
- CVE-2025-30208: Vite LFI [7.5 / High]
- CVE-2025-28242: DAEnetIP4 METO Improper Session Management [9.8 / Critical]
- CVE-2024-21641: Flarum Open Redirect [4.7 / Medium]
- CVE-2023-22047: Oracle Peoplesoft LFI [7.5 / High]
- EMQX Admin API Default Credentials [7.5 / High]
- Mailpit Web Panel and Message API Exposure [7.5 / High]
- Ollama Improper Authorization [8.2 / High]
- TP-Link TL-WR740N Directory Traversal [7.5 / High]
- Traccar Configuration Information Disclosure [5.3 / Medium]
- smtp4dev Mail Panel Exposure [7.5 / High]
- "x-amz-meta-s3cmd-attrs"-Header Username Disclosure [3.7 / Low]
Improved tests to reduce false negatives:
- CVE-2025-24514: Ingress-Nginx Controller Configuration Injection via "auth-url" Annotation [8.8 / High]
- CVE-2025-1974: Ingress-Nginx Controller RCE [9.8 / Critical]
- CVE-2025-1097: Ingress-Nginx Controller Configuration Injection via "auth-tls-match-cn" Annotation [8.8 / High]
Thanks for your feedback