Invicti Release Notes – Security releases https://docs.invicti.com/ie-is/security-releases Track new security checks, vulnerability detection capabilities, and Runtime SCA findings added to Invicti Enterprise and Invicti Standard with each release. Tue, 07 Apr 2026 12:00:00 GMT https://validator.w3.org/feed/docs/rss2.html en Copyright © 2026 Invicti <![CDATA[Release v20260331]]> https://docs.invicti.com/ie-is/security-releases#release-v20260331 https://docs.invicti.com/ie-is/security-releases#20260331 Tue, 07 Apr 2026 12:00:00 GMT Security checks

Security checks

]]> <![CDATA[Release v20260324]]> https://docs.invicti.com/ie-is/security-releases#release-v20260324 https://docs.invicti.com/ie-is/security-releases#20260324 Tue, 24 Mar 2026 12:00:00 GMT Security checks
  • Updated the vulnerability database (VDB) to version 20260324
  • Updated severity ratings for Craft CMS versions 4.17.0, 4.17.1, 4.17.2, 4.17.3, 5.9.0, 5.9.1, 5.9.2, 5.9.3, 5.9.4, 5.9.5, 5.9.6 from Medium to Critical
  • Updated severity ratings for LimeSurvey versions 1.72, 1.85, 1.86, 3.19.0, 3.19.1, 3.19.2, 3.19.3, 3.20.0, 3.20.2, 3.21.0, 3.21.1, 3.21.2, 3.21.3, 3.21.4, 3.21.5, 3.21.6, 3.22.0, 3.22.1, 3.22.2, 3.22.3, 3.22.4, 3.22.5, 3.22.6, 3.22.7, 3.22.8, 3.22.9, 3.22.10, 3.22.11, 3.22.12, 3.22.13, 3.22.14, 3.22.15, 3.22.16, 3.22.17, 3.22.18, 3.22.19, 3.22.20, 3.22.21, 3.22.210, 3.22.24, 3.22.25, 3.22.26, 3.22.27, 3.22.28, 3.22.29, 3.23.0, 3.23.1, 3.23.2, 3.23.3, 3.23.4, 3.23.5, 3.23.6, 3.23.7, 3.23.22, 3.23.32, 3.24.0, 3.24.1, 3.24.2, 3.24.3, 3.24.4, 3.24.5, 3.24.6, 3.25.0, 3.25.1, 3.25.2, 3.25.3, 3.25.4, 3.25.5, 3.25.6, 3.25.7, 3.25.8, 3.25.9, 3.25.10, 3.25.11, 3.25.12, 3.25.13, 3.25.14, 3.25.15, 3.25.16, 3.25.17, 3.25.18, 3.25.19, 3.25.20, 3.25.21, 3.25.22, 3.26.0, 3.26.1, 3.26.2, 3.26.3, 3.26.4, 3.26.5, 3.27.0, 3.27.1, 3.27.2, 3.27.3, 3.27.4, 3.27.5, 3.27.6, 3.27.7, 3.27.8, 3.27.9, 3.27.10, 3.27.11, 3.27.12, 3.27.13, 3.27.14, 3.27.16, 3.27.17, 3.27.18, 3.27.19, 3.27.20, 3.27.21, 3.27.22, 3.27.23, 3.27.24, 3.27.25, 3.27.26, 3.27.27, 3.27.28, 3.27.29, 3.27.30, 3.27.31, 3.27.32, 3.27.33, 3.27.34, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.10, 4.1.11, 4.1.12, 4.1.13, 4.1.14, 4.1.15, 4.1.16, 4.1.17, 4.1.18, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 4.3.12, 4.3.13, 4.3.14, 4.3.15, 4.3.16, 4.3.17, 4.3.18, 4.3.19, 4.3.20, 4.3.21, 4.3.22, 4.3.23, 4.3.24, 4.3.25, 4.3.26, 4.3.27, 4.3.28, 4.3.29, 4.3.30, 4.3.31, 4.3.32, 4.3.33, 4.3.34, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.10, 4.4.11, 4.4.12, 4.4.13, 4.4.14, 4.4.15, 4.4.16, 4.5.0, 4.5.1, 4.5.2, 4.6.0, 4.6.1, 4.6.2, 4.6.3, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.1.8, 5.1.9, 5.1.10, 5.1.11, 5.1.12, 5.1.13, 5.1.14, 5.1.15, 5.1.16, 5.1.17, 5.1.18, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.4.4, 6.2.9 from High to Critical
  • Updated severity ratings for OpenSSL versions 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.6.0 from Critical to High
  • Added vulnerability detection for CKEditor:
  • Added vulnerability detection for Chamilo:
  • Added vulnerability detection for Craft CMS:
  • Added vulnerability detection for Jenkins:
  • Added vulnerability detection for LimeSurvey:
  • Added vulnerability detection for MediaWiki:
  • Added vulnerability detection for NextJsReactFramework:
  • Added vulnerability detection for TornadoWebServer:
]]> <![CDATA[Release v20260317]]> https://docs.invicti.com/ie-is/security-releases#release-v20260317 https://docs.invicti.com/ie-is/security-releases#20260317 Tue, 17 Mar 2026 12:00:00 GMT Security checks
]]> <![CDATA[Release v20260310]]> https://docs.invicti.com/ie-is/security-releases#release-v20260310 https://docs.invicti.com/ie-is/security-releases#20260310 Tue, 10 Mar 2026 12:00:00 GMT Security checks
  • Updated the vulnerability database (VDB) to version 20260310
  • Updated severity ratings for Chamilo versions 1.10.0, 1.10.2, 1.10.4, 1.10.6, 1.10.8, 1.11.26, 1.8.6.1, 1.8.8.3, 1.9.0, 1.9.10, 1.9.10.2, 1.9.10.4, 1.9.6, 1.9.6.1, 1.9.8, 1.9.8.1, 1.9.8.2 from High to Critical
  • Updated severity rating for Chamilo version 1.11.24 from Medium to Critical
  • Updated severity ratings for Craft CMS versions 4.15.6.2, 4.16.17, 4.16.18, 4.16.19, 4.4.14, 4.5.6.1, 5.6.16, 5.7.1.1, 5.8.21, 5.8.22, 5.8.23 from High to Critical
  • Updated severity ratings for DotCMS versions 22.03, 22.03.2, 22.03.4, 22.03.5, 22.03.6, 22.03.7, 22.03.8, 22.03.9, 22.03.10, 22.03.11, 22.03.12, 22.03.13, 22.03.14, 22.03.15, 23.01.1, 23.01.2, 23.01.3, 23.01.4, 23.01.5, 23.01.6, 23.01.7, 23.01.8, 23.01.9, 23.01.10, 23.01.11, 23.01.12, 23.01.13, 23.01.14, 23.01.15, 23.01.16, 23.01.17, 23.10.24.0 from Medium to Critical
  • Updated severity ratings for EspoCRM versions 2.6.0, 2.7.0, 2.7.1, 2.7.2, 2.8.0, 2.8.1, 2.9.0, 2.9.1, 2.9.2, 3.0.0, 3.0.1, 3.1.0, 3.1.1, 3.2.0, 3.2.1, 3.2.2, 3.3.0, 3.4.0, 3.4.1, 3.4.2, 3.5.0, 3.5.1, 3.5.2, 3.6.0, 3.6.1, 3.6.2, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.8.0, 3.9.0, 3.9.1, 3.9.2, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.5.0, 4.5.1, 4.6.0, 4.7.0, 4.7.1, 4.7.2, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 5.5.6, 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.8, 5.6.9, 5.6.10, 5.6.11, 5.6.12, 5.6.13, 5.6.14, 5.7.0, 5.7.1, 5.7.2, 5.7.3, 5.7.4, 5.7.5, 5.7.6, 5.7.7, 5.7.8, 5.7.9, 5.7.10, 5.7.11, 5.8.0, 5.8.1, 5.8.2, 5.8.3, 5.8.4, 5.8.5 from High to Critical
  • Updated severity ratings for osCommerce versions 1.0.6.0, 1.0.7.0, 1.0.7.1, 1.0.7.2, 1.0.7.3, 1.0.7.4, 1.0.7.5, 1.0.7.6, 1.0.7.7, 1.0.7.8, 1.0.7.9, 1.1, 1.11, 1.12, 1.13, 2.3, 2.3.1, 2.3.2, 2.3.3, 2.3.3.1, 2.3.3.2, 2.3.3.3, 2.3.3.4, 2.3.4 from Medium to High
  • Added vulnerability detection for Chamilo:
  • Added vulnerability detection for Craft CMS:
  • Added vulnerability detection for DOMPurify:
  • Added vulnerability detection for Django:
  • Added vulnerability detection for DotCMS:
  • Added vulnerability detection for EspoCRM:
  • Added vulnerability detection for Jetty:
  • Added vulnerability detection for MediaWiki:
  • Added vulnerability detection for Moodle:
  • Added vulnerability detection for Underscore.js:
  • Added vulnerability detection for Werkzeug:
  • Added vulnerability detection for XWikiplatform:
  • Added vulnerability detection for osCommerce:
  • Added vulnerability detection for phpMyFAQ:
]]> <![CDATA[Release v20260303]]> https://docs.invicti.com/ie-is/security-releases#release-v20260303 https://docs.invicti.com/ie-is/security-releases#20260303 Tue, 03 Mar 2026 12:00:00 GMT Security checks
]]> <![CDATA[Release v20260224]]> https://docs.invicti.com/ie-is/security-releases#release-v20260224 https://docs.invicti.com/ie-is/security-releases#20260224 Tue, 24 Feb 2026 12:00:00 GMT Security checks
]]> <![CDATA[Release v20260219]]> https://docs.invicti.com/ie-is/security-releases#release-v20260219 https://docs.invicti.com/ie-is/security-releases#20260219 Thu, 19 Feb 2026 12:00:00 GMT Security checks
]]> <![CDATA[Release v20260203]]> https://docs.invicti.com/ie-is/security-releases#release-v20260203 https://docs.invicti.com/ie-is/security-releases#20260203 Tue, 03 Feb 2026 12:00:00 GMT Version: 25.12.9

Security checks

  • Added comprehensive JWT authentication bypass detection
    • High: JWT Signature Bypass via None Algorithm
    • High: JWT Signature is not Verified
    • High: JWT Signature Bypass via kid SQL injection
    • High: JWT Signature Bypass via kid Path Traversal
    • High: JWT Signature Bypass via unvalidated jwk parameter
    • High: Unvalidated JWT jku parameter
    • High: Unvalidated JWT x5u parameter
    • High: JWT Signature Bypass via unvalidated jku parameter
    • High: JWT Signature Bypass via unvalidated x5u parameter
    • High: JWT Signature Bypass via unvalidated x5c parameter
  • Added authorization vulnerability detection
    • High: Horizontal Broken Function Level Authorization (BFLA)
    • High: Unauthenticated Access to Sensitive Functions
    • High: Horizontal IDOR/BOLA (Broken Object Level Authorization)
    • High: Vertical Broken Function Level Authorization (BFLA)
    • High: Vertical IDOR/BOLA (Broken Object Level Authorization)
  • Added sensitive information exposure detection
    • High: API Sensitive Info(PII) accessible without authentication
    • Medium: Resource Accessible Without Required Authentication
  • Added API inventory management checks
    • Medium: API Authentication Bypass Using a Test/Staging Host Header
  • Added microservice security checks
    • High: Microservice Directory Traversal
  • Added vulnerability detection for Java:
  • Added vulnerability detection for Jetty:
  • Added vulnerability detection for Joomla:
  • Removed vulnerability detection for LiferayPortal:
  • Added vulnerability detection for LimeSurvey:
  • Added vulnerability detection for MySQL:
  • Added vulnerability detection for Oracle:
  • Added vulnerability detection for Oracle HTTP Server:
  • Added vulnerability detection for osTicket:
  • Added vulnerability detection for phpMyFAQ:
  • Updated severity for Oracle 23.8 from Medium to High
  • Updated severity for osTicket 1.17, 1.17.1, 1.17.3, 1.17.4, 1.17.5, 1.17.6, 1.18 from Medium to High
]]> <![CDATA[Release v20260127]]> https://docs.invicti.com/ie-is/security-releases#release-v20260127 https://docs.invicti.com/ie-is/security-releases#20260127 Tue, 27 Jan 2026 12:00:00 GMT Version: 25.12.8

Security checks

  • Updated the vulnerability database (VDB) to version 20260127
  • Added vulnerability detection for e107:
]]> <![CDATA[Release v20260120]]> https://docs.invicti.com/ie-is/security-releases#release-v20260120 https://docs.invicti.com/ie-is/security-releases#20260120 Tue, 20 Jan 2026 12:00:00 GMT Version: 25.12.7

Security checks

]]> <![CDATA[Release v20260112]]> https://docs.invicti.com/ie-is/security-releases#release-v20260112 https://docs.invicti.com/ie-is/security-releases#20260112 Mon, 12 Jan 2026 12:00:00 GMT Version: 25.12.6

Security checks

]]>