Now testing for the following vulnerabilities

Back to all posts

new tests

November 21, 2025

Now testing for the following vulnerabilities

New tests built and released by Alfred, our AI Security Researcher:

Haven't met Alfred yet? You can read more about how we're using AI to discover, source, and build tests for CVEs here.

CVE-2008-6453: 6rbScript 3.3 "section.php" Local File Inclusion And Path Traversal
CVE-2025-53771: Microsoft SharePoint Server ToolPane (ToolShell) Authentication Bypass

New tests released based on submissions by our Detectify Crowdsource hackers:

CVE-2024-51568: CyberPanel Command Injection Leading To Remote Code Execution
CVE-2020-2883: Oracle WebLogic Server Remote Code Execution
CVE-2025-55752: Apache Tomcat Relative Path Traversal
CVE-2025-44137: MapTiler Tileserver-php Path Traversal
CVE-2025-52665: UniFi Access Broken Access Control And Remote Code Execution
Hazel Reflected Cross-Site Scripting

New tests released by Detectify staff:

Unifi Key Exposure

Improved security tests:

CVE-2024-53675: HPE Insight Remote Support XML External Entity (XXE) Information Disclosure
CVE-2023-0669: Fortra GoAnywhere MFT Remote Code Execution
CVE-2022-2414: FreeIPA XML External Entity (XXE) Injection
CVE-2014-3704: Drupal Core SQL Injection Remote Code Execution
CVE-2021-40822: GeoServer Server-Side Request Forgery
CVE-2023-40924: SolarView Compact LFI
CVE-2025-24752: WordPress Plugins "Elementor Website Builder / More Than Just a Page Builder" and Essential Addons for Elementor Reflected and DOM-Based Cross-Site Scripting
CVE-2020-3452: Cisco Adaptive Security Appliance (ASA) / Firepower Threat Defense (FTD) Local File Inclusion
CVE-2023-39143: PaperCut <22.1.3 Path Traversal
CVE-2021-22986: F5 Big-IP iControl REST Remote Code Execution
CVE-2017-17762: Episerver Blog Module XML External Entity (XXE)
CVE-2024-2473: WordPress WPS Hide Login "Login URL" Obfuscation Bypass And "Login Page" Disclosure
CVE-2017-5638: Apache Struts2 Remote Code Execution
CVE-2014-7863: ManageEngine OpManager/Applications Manager/IT360 "FailOverServlet"/"FailOverHelperServlet" Arbitrary File Download
CVE-2019-5127: YouPHPTube Encoder 2.3 - Remote Command Injection
CVE-2019-8442: Atlassian Jira Local File Inclusion Information Disclosure
CVE-2019-3396: Atlassian Confluence Server and Data Center Widget Connector Server-Side Template Injection Leading to Remote Code Execution
CVE-2024-51751: Gradio LFI
CVE-2020-28188: TerraMaster TOS Unauthenticated Remote Code Execution
CVE-2024-33610: Sharp Multifunction Printers Improper Authentication And Cookie Exposure
CVE-2023-35159: XWiki ">= 3.4-milestone-1" Cross-Site Scripting
CVE-2024-8181: Flowise Authentication Bypass
CVE-2023-23752: Joomla! API Improper Access Control
CVE-2009-1222: webEdition 6.0.0.4 "WE_LANGUAGE" Local File Inclusion And Path Traversal
CVE-2020-8509: Zoho ManageEngine Desktop Central Unauthenticated PDF Servlet Access
CVE-2021-28854: VICIdial Sensitive Information Disclosure
CVE-2021-45046: Apache Log4j2 Deserialization Of Untrusted Data Remote Code Execution Bypass
CVE-2019-17671: WordPress Core < 5.2.3 Unauthenticated Access To Private And Draft Posts
CVE-2025-24893: XWiki Platform Eval Injection Remote Code Execution
CVE-2016-3087: Apache Struts2 REST Plugin With Dynamic Method Invocation Remote Code Execution
CVE-2021-26723: Jenzabar 9.2x-9.2.2 Cross-Site Scripting
CVE-2017-17671: vBulletin Path Traversal
CVE-2008-0559: Nilson's Blogger 0.11 "comments.php" Local File Inclusion
CVE-2021-20183: Moodle XSS
CVE-2014-6287: Rejetto HTTP File Server (HFS) Remote Code Execution
CVE-2020-1942: Apache NiFi RCE
CVE-2025-61882: Oracle E-Business Suite 12.2.3–12.2.14 Remote Code Execution
CVE-2017-1000028: Oracle GlassFish Server Open Source Edition Path Traversal
CVE-2013-2248: Apache Struts Open Redirect
CVE-2023-0331: WordPress Plugin "Correos Oficial" (correosoficial) Arbitrary File Read
CVE-2023-41339: Geoserver WMS SSRF
CVE-2023-28121: WordPress Plugin "WooPayments: Integrated WooCommerce Payments" Unauthenticated Admin Creation Leading To Privilege Escalation Via Authentication Bypass
CVE-2022-45917: ILIAS eLearning <7.16 Open Redirect
CVE-2021-27909: Mautic Cross-Site Scripting
CVE-2023-41892: Craft CMS Unauthenticated Remote Code Execution
CVE-2019-9880: WordPress Plugin "WPGraphQL" Unauthenticated GraphQL Query Execution
CVE-2021-26085: Atlassian Confluence Server Local File Inclusion
CVE-2025-61666: Traccar "Windows" 6.1-6.8.1 Local File Inclusion
CVE-2022-33891: Apache Spark Unauthenticated Command Injection Remote Code Execution
CVE-2022-29464: WSO2 Unrestricted File Upload Leading To Remote Code Execution
CVE-2020-27735: Wing FTP Server Cross-Site Scripting
CVE-2024-5421: SEH UTNServer Pro/ProMAX/INU-100 20.1.22 File Exposure
CVE-2019-16057: D-Link DNS-320 Remote Code Execution
CVE-2017-1000353: Jenkins CLI Unauthenticated Java Deserialization Remote Code Execution
CVE-2017-9805: Apache Struts 2 REST Plugin XStream Remote Code Execution
CVE-2024-29973: Zyxel NAS326 Firmware "< V5.21(AAZF.17)C0" Command Injection Leading To Remote Code Execution
CVE-2019-20408: Atlassian Jira SSRF
CVE-2013-4316: Apache Struts RCE
CVE-2013-7091: Zimbra Collaboration Server Local File Inclusion And Path Traversal
CVE-2025-11749: WordPress AI Engine Plugin Unauthenticated Token Exposure Leading To Admin Privilege Escalation
CVE-2010-2032: Caucho Resin Professional 3.1.5 "/resin-admin/digest.php" Cross-Site Scripting
CVE-2021-31602: Hitachi Vantara Pentaho Business Intelligence Server Authentication Bypass
CVE-2019-15043: Grafana API Improper Access Control
CVE-2020-24379: Yaws XXE
CVE-2024-10924: WordPress Really Simple SSL Plugin ("really-simple-ssl") Authentication Bypass Leading To Remote Code Execution
CVE-2020-10374: PRTG Network Monitor RCE
CVE-2024-46938: Sitecore Experience Platform <= 10.4 Arbitrary File Read
CVE-2025-36604: Dell UnityVSA <5.5 Remote Command Injection
CVE-2017-5521: NETGEAR Routers Administrator Password Disclosure And Authentication Bypass
CVE-2022-0188: WordPress "CMP / Coming Soon & Maintenance Plugin by NiteoThemes" (cmp-coming-soon-maintenance) Unauthenticated Arbitrary CSS Update
CVE-2023-22527: Atlassian Confluence SSTI Remote Code Execution
CVE-2024-0235: WordPress Plugin "EventON / Events Calendar" (eventon-lite) Unauthorized Information Disclosure
CVE-2025-57788: Commvault Command-Line Argument Injection And Unauthenticated API Remote Code Execution
CVE-2021-30049: SysAid Technologies 20.3.64 b14 Cross-Site Scripting
CVE-2020-12283: Sourcegraph Open Redirect
CVE-2024-8877: Riello Netman 204 SQL Injection
CVE-2022-29455: WordPress Plugin "Elementor Website Builder" Dynamic Content Handling DOM Cross-Site Scripting
CVE-2024-20439: Cisco Smart Licensing Utility API Hardcoded Admin Credentials
CVE-2022-26134: Atlassian Confluence Data Center 7.18.0 OGNL Template Injection Remote Code Execution
CVE-2023-49489: KodExplorer 4.51 Reflected XSS
CVE-2018-5987: Joomla Pinterest Clone Social Pinboard 2.0 SQL Injection
CVE-2020-8191: Citrix ADC and Citrix Gateway Cross-Site Scripting
CVE-2020-2551: Oracle Fusion Middleware WebLogic Remote Code Execution
CVE-2024-22024: Ivanti Connect Secure and Policy Secure XXE
CVE-2020-8163: Ruby on Rails 5.0.1 Remote Code Execution
CVE-2024-45216: Apache Solr Authentication Bypass

View your vulnerabilities

Thanks for your feedback

What's new at Detectify

The latest product updates, improvements, and new tests.

Now testing for the following vulnerabilities