new tests
May 23, 2025
Now testing for the following vulnerabilities
New tests built and released by Alfred, our AI Security Researcher:
Haven't met Alfred yet? You can read more about how we're using AI to discover, source, and build tests for CVEs here.
- CVE-2021-46422: Telesquare RCE [9.8 / Critical]
- CVE-2021-22502: OpenText Operations Bridge RCE [9.8 / Critical]
- CVE-2014-2962: Belkin N150 Router Directory Traversal [7.5 / High]
New tests released based on submissions by our Detectify Crowdsource hackers:
- CVE-2025-28228: Electrolink Credentials Disclosure [7.5 / High]
- CVE-2025-4123: Grafana Open Redirect "(Potential XSS and SSRF)" [7.6 / High]
- CVE-2024-6235: Citrix Information Disclosure / Authentication Bypass [8.8 / High]
- Alfresco Open Redirect [3.6 / Low]
- Cloudflare CDN-CGI Gadgets Semi-Open Redirect [0.0 / Information]
- Emby Installer Exposure [8.2 / High]
- Gerrit Code Review Account Enumeration [5.3 / Medium]
- Jellyfin Public Users Endpoint Exposure [4.5 / Medium]
- cPanel Backup Exclusion Configuration ("cpbackup-exclude.conf") Exposure [5.1 / Medium]
Improved tests to reduce false negatives:
- WordPress wp-links-opml Version Disclosure [0.0 / Information]
- Plesk Open Redirect [7.2 / High]
Tests now running in both Application Scanning and Surface Monitoring, previously only in Application Scanning:
- CVE-2017-17762: Episerver XXE [7.2 / High]
Thanks for your feedback