new tests
July 28, 2025
Now testing for the following vulnerabilities
New tests built and released by Alfred, our AI Security Researcher:
Haven't met Alfred yet? You can read more about how we're using AI to discover, source, and build tests for CVEs here.
- CVE-2021-25015: MYCRED PLUGIN XSS [6.1 / Medium]
New tests released based on submissions by our Detectify Crowdsource hackers:
- CVE-2025-53770: Microsoft Sharepoint RCE [9.8 / Critical]
- CVE-2025-40630: IceWarp Open Redirect [6.1 / Medium]
- CVE-2025-27505: GeoServer REST API Index Exposure [5.3 / Medium]
- CVE-2025-3415: Grafana DingDing API Keys Exposure [5.3 / Medium]
- CVE-2024-57241: DedeCMS Open Redirect [6.1 / Medium]
- CVE-2024-51977: Brother Printer Exposure [5.3 / Medium]
- CVE-2024-29198: Geoserver SSRF [7.5 / High]
- CVE-2024-26291: Avid NEXIS LFI [7.5 / High]
- CVE-2023-47218: QNAP OS Command Injection [6.5 / Medium]
- CVE-2022-24990: TerraMaster TOS Information Disclosure [7.5 / High]
- CVE-2021-40978: MkDocs Path Traversal [7.5 / High]
- Alibaba Cloud Bucket Exposure [5.3 / Medium]
- Avigilon Dashboard Exposure [5.3 / Medium]
- Brother Printer Status Panel Exposed [0.0 / Information]
- Casdoor Local File Inclusion [7.5 / High]
- Composr Installer Exposure [9.4 / Critical]
- FRITZ! Unauthenticated Device Takeover [7.3 / High]
- FreeScout Installer Exposure [9.4 / Critical]
- Froxlor Installer Exposure [9.4 / Critical]
- GLPI Installer Exposure [9.4 / Critical]
- Moxa ioLogik Web Server Exposure [5.3 / Medium]
- Perch Installer Exposure [9.4 / Critical]
- Pritunl Installer Exposure [9.4 / Critical]
- RustDesk Web Console Default Administrative Credentials [9.9 / Critical]
- Semaphore UI Default Credentials [6.5 / Medium]
- Twonky Server Exposure [5.3 / Medium]
- CVE-2025-58258: SugarCRM SSRF [8.3 / High]
- CVE-2025-25257: Fortinet FortiWeb Fabric Connector SQL Injection [9.8 / Critical]
Improved finding information:
- HiSilicon DVR Path Traversal [7.5 / High]
Thanks for your feedback