Security release notes

RSS feed

Track new security checks, vulnerability detection capabilities, and Runtime SCA findings introduced in each Invicti Enterprise and Invicti Standard release. Updates include enhanced detection methods, CVE coverage, and improvements to vulnerability identification.

2026

Security checks, vulnerability database updates, and Runtime SCA enhancements released in 2026.

Release 20260514

Release date: 14 May 2026

Security checks

Updated the vulnerability database (VDB) to version 20260514
Updated severity ratings for nginx versions 1.22.0, 1.22.1, 1.23.3, 1.23.4, 1.24.0, 1.25.0, 1.25.1, 1.25.2, 1.25.3, 1.25.4, 1.25.5, 1.26.0, 1.26.1, 1.26.2, 1.27.0, 1.27.1, 1.27.2, 1.27.3, 1.29.1, 1.29.2, 1.29.3, 1.29.4, 1.29.5, 1.29.6, 1.29.7, 1.29.8, 1.30.0 from Medium to High
Updated severity ratings for Python versions 3.13.11, 3.14.1, 3.14.2 from Low to High
Added vulnerability detection for axios:
- Critical: CVE-2026-42264
Added vulnerability detection for Dolibarr:
- High: CVE-2025-67486
Added vulnerability detection for e107:
- High: CVE-2022-50907, CVE-2022-50916, CVE-2022-50939
- Medium: CVE-2022-50905, CVE-2022-50906
Added vulnerability detection for nginx:
- High: CVE-2026-42945
Added vulnerability detection for Python:
- High: CVE-2026-3087

Release 20260513

Release date: 13 May 2026

Security checks

Updated the vulnerability database (VDB) to version 20260513
Updated severity ratings for Apache versions 2.4.64, 2.4.65 from High to Critical
Updated severity ratings for PHP versions 8.2.29, 8.3.15, 8.3.16, 8.3.17, 8.3.18, 8.3.20, 8.3.21, 8.3.22, 8.3.23, 8.3.25, 8.3.26, 8.3.27, 8.3.28, 8.4.0, 8.4.1, 8.4.2, 8.4.3, 8.4.4, 8.4.6, 8.4.7, 8.4.8, 8.4.9, 8.4.10, 8.4.12, 8.4.13, 8.4.14, 8.4.15 from High to Critical
Added vulnerability detection for Angular:
- Medium: CVE-2026-41423
Added vulnerability detection for Apache:
- Critical: CVE-2026-28780
- High: CVE-2026-23918, CVE-2026-24072, CVE-2026-29168, CVE-2026-29169, CVE-2026-34059
- Medium: CVE-2026-33006, CVE-2026-33007, CVE-2026-33523, CVE-2026-33857, CVE-2026-34032
Added vulnerability detection for Django:
- Medium: CVE-2026-5766, CVE-2026-6907, CVE-2026-35192
Added vulnerability detection for math.js:
- High: CVE-2026-41139
Added vulnerability detection for MongoDB:
- High: CVE-2026-6914
- Medium: CVE-2026-6915, CVE-2026-8063
Added vulnerability detection for MySQL:
- Medium: CVE-2026-34317, CVE-2026-34318, CVE-2026-34319
Added vulnerability detection for PHP:
- Critical: CVE-2025-14179, CVE-2026-6104, CVE-2026-6722, CVE-2026-7261
- High: CVE-2026-7258, CVE-2026-7262, CVE-2026-7263, CVE-2026-7568
- Medium: CVE-2026-6735, CVE-2026-7259
Added vulnerability detection for SharePoint:
- Medium: CVE-2026-20945
Added vulnerability detection for typo3CMS:
- High: CVE-2026-6553

Release 20260505

Release date: 5 May 2026

Security checks

Updated the vulnerability database (VDB) to version 20260505
Updated severity ratings for Dolibarr versions 17.0.0, 17.0.1, 17.0.2, 17.0.3, 17.0.4, 18.0.0, 18.0.1, 18.0.2, 18.0.3, 18.0.4, 18.0.5, 18.0.6, 18.0.7, 18.0.8, 18.0.9, 19.0.0, 19.0.1, 19.0.2, 19.0.3, 19.0.4, 20.0.0, 20.0.1, 20.0.2, 20.0.3, 20.0.4, 21.0.0, 21.0.1, 21.0.2, 21.0.3, 21.0.4, 22.0.0, 22.0.1, 22.0.2, 22.0.3, 22.0.4 from High to Critical
Updated severity ratings for EspoCRM versions 5.9.0, 5.9.1, 5.9.2, 5.9.3, 5.9.4, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.1.11, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.4.0, 7.4.1, 7.4.2, 7.4.3, 7.4.4, 7.4.5, 7.4.6, 7.5.0, 7.5.1, 7.5.2, 7.5.3, 7.5.4, 7.5.5, 7.5.6, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6 from High to Critical
Updated severity ratings for EspoCRM versions 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.3.5, 8.3.6, 8.4.0, 8.4.1, 8.4.2, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.1.9, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.7, 9.3.0, 9.3.1, 9.3.2, 9.3.3 from Medium to Critical
Updated severity ratings for Java versions 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26 from Medium to High
Updated severity ratings for Jetty versions 9.4.11, 9.4.12, 9.4.13, 9.4.14, 9.4.15, 9.4.16, 9.4.33, 9.4.34, 9.4.35, 9.4.36, 9.4.39, 9.4.40, 9.4.41, 9.4.50, 9.4.51, 9.4.52, 9.4.53, 9.4.54, 9.4.55, 9.4.57, 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 10.0.8, 10.0.9, 10.0.10, 10.0.11, 10.0.12, 10.0.13, 10.0.14, 10.0.15, 10.0.16, 10.0.17, 10.0.18, 10.0.19, 10.0.20, 10.0.21, 10.0.22, 10.0.23, 10.0.24, 10.0.25, 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, 11.0.5, 11.0.6, 11.0.7, 11.0.8, 11.0.9, 11.0.10, 11.0.11, 11.0.12, 11.0.13, 11.0.14, 11.0.15, 11.0.16, 11.0.17, 11.0.18, 11.0.19, 11.0.20, 11.0.21, 11.0.22, 11.0.23, 11.0.24, 11.0.25, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.0.5, 12.0.6, 12.0.7, 12.0.8, 12.0.9, 12.0.10, 12.0.11, 12.0.12, 12.0.13, 12.0.14, 12.0.15, 12.0.16, 12.0.17, 12.0.18, 12.0.19, 12.0.20, 12.0.21, 12.0.22, 12.0.23, 12.0.24, 12.0.25, 12.0.26, 12.0.27, 12.0.28, 12.0.29, 12.0.30, 12.0.31, 12.0.32, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6 from High to Critical
Added vulnerability detection for axios:
- Critical: CVE-2026-42043, CVE-2026-42044
- High: CVE-2026-42033, CVE-2026-42035, CVE-2026-42038, CVE-2026-42039
- Medium: CVE-2026-42034, CVE-2026-42036, CVE-2026-42037, CVE-2026-42041, CVE-2026-42042
- Low: CVE-2026-42040
Added vulnerability detection for DOMPurify:
- Medium: CVE-2026-41240
Added vulnerability detection for Dolibarr:
- Critical: CVE-2026-23500
Added vulnerability detection for EspoCRM:
- Critical: CVE-2026-33656
- High: CVE-2026-33733
Added vulnerability detection for Java:
- High: CVE-2026-22016, CVE-2026-34282
- Medium: CVE-2026-22013
- Low: CVE-2026-22007, CVE-2026-34268
Added vulnerability detection for Jetty:
- Critical: CVE-2026-2332
Added vulnerability detection for math.js:
- High: CVE-2026-40897
Added vulnerability detection for Oracle:
- Low: CVE-2026-34312
Added vulnerability detection for Oracle HTTP Server:
- High: CVE-2026-34291
Added vulnerability detection for Ruby on Rails:
- Medium: CVE-2026-33658
Added vulnerability detection for WebLogic:
- High: CVE-2026-34292, CVE-2026-34305
- Medium: CVE-2026-34315

Release 20260428

Release date: 28 April 2026

Security checks

Updated the vulnerability database (VDB) to version 20260428
Updated severity ratings for CubeCart versions 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.5.0, 6.5.1, 6.5.2, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10 from High to Critical
Updated severity ratings for Dolibarr versions 19.0.2, 19.0.3, 19.0.4, 20.0.0, 20.0.1, 20.0.2 from Medium to High
Updated severity ratings for Grafana versions 12.2.3, 12.3.1 from Medium to High
Updated severity ratings for Jetty versions 9.4.54, 10.0.25, 11.0.25 from Medium to High
Updated severity ratings for OpenSSL versions 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.6.0 from High to Critical
Updated severity rating for Pega version 25.1.0 from Low to Medium
Updated severity ratings for Perl versions 5.9.4, 5.9.5, 5.12.4, 5.12.5, 5.14.4, 5.15.0, 5.15.1, 5.15.2, 5.15.3, 5.15.4, 5.15.5, 5.15.6, 5.15.7, 5.15.8, 5.15.9, 5.16.3, 5.17.0, 5.17.1, 5.17.2, 5.17.3, 5.17.4, 5.17.5, 5.17.6, 5.17.7.0, 5.17.8, 5.17.9, 5.17.10, 5.17.11, 5.18.0, 5.18.1, 5.18.2, 5.18.3, 5.19.0, 5.19.1, 5.19.2, 5.19.3, 5.19.4, 5.19.5, 5.19.6, 5.19.7, 5.19.8, 5.19.9, 5.19.10, 5.19.11, 5.26.3, 5.27.0, 5.27.1, 5.27.2, 5.27.3, 5.27.4, 5.27.5, 5.27.6, 5.27.7, 5.27.8, 5.27.9, 5.27.10, 5.27.11, 5.28.1, 5.28.2, 5.28.3, 5.29.0, 5.29.1, 5.29.2, 5.29.3, 5.29.4, 5.29.5, 5.29.6, 5.29.7, 5.29.8, 5.29.9, 5.29.10, 5.34.2, 5.34.3, 5.36.2, 5.36.3, 5.38.1, 5.38.2, 5.38.3, 5.39.0, 5.39.1, 5.39.2, 5.39.3, 5.39.4, 5.39.5, 5.39.6, 5.39.7, 5.39.8, 5.39.9, 5.39.10, 5.40.0, 5.40.1, 5.41.0, 5.41.1, 5.41.2, 5.41.3, 5.41.4, 5.41.5, 5.41.6, 5.41.7, 5.41.8, 5.41.9, 5.41.10 from High to Critical
Added vulnerability detection for axios:
- Medium: CVE-2026-39865, CVE-2026-40175
Added vulnerability detection for Chamilo:
- High: CVE-2026-34160, CVE-2026-34602, CVE-2026-35196, CVE-2026-40291
- Medium: CVE-2026-34161, CVE-2026-34370
Added vulnerability detection for CubeCart:
- Critical: CVE-2026-34018
- High: CVE-2026-21719
- Low: CVE-2026-35496
Added vulnerability detection for Dolibarr:
- High: CVE-2026-22666, CVE-2026-31018, CVE-2026-31019
Added vulnerability detection for EspoCRM:
- Medium: CVE-2026-33534, CVE-2026-33657, CVE-2026-33740
- Low: CVE-2026-33659
Added vulnerability detection for Grafana:
- High: CVE-2026-21721
- Medium: CVE-2025-12141
- Low: CVE-2026-21727
Added vulnerability detection for Java:
- Low: CVE-2026-22008
Added vulnerability detection for Jetty:
- High: CVE-2026-5795
Added vulnerability detection for OpenSSL:
- Critical: CVE-2026-28386, CVE-2026-31789
- High: CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31790
Added vulnerability detection for Pega:
- Medium: CVE-2026-1564, CVE-2026-1711
Added vulnerability detection for Perl:
- Critical: CVE-2026-4176
Added vulnerability detection for qdPM:
- High: CVE-2018-25208
Added vulnerability detection for Serendipity:
- High: CVE-2026-39971
- Medium: CVE-2026-39963
Added vulnerability detection for XWiki Platform:
- High: CVE-2026-40104
- Medium: CVE-2026-40105

Release 20260421

Release date: 21 April 2026

Security checks

Updated the vulnerability database (VDB) to version 20260421
Updated severity ratings for axios versions 1.7.8, 1.7.9, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.9.0, 1.10.0, 1.11.0, 1.12.0, 1.12.1, 1.12.2 from High to Critical
Updated severity ratings for Django versions 4.2.26, 4.2.28, 5.2.8, 5.2.10, 5.2.11, 6.0, 6.0.1, 6.0.2 from High to Critical
Updated severity ratings for MediaWiki versions 1.39.6, 1.39.7, 1.39.8, 1.39.9, 1.39.10, 1.39.11, 1.39.12 from High to Critical
Updated severity ratings for MediaWiki versions 1.39.13, 1.43.0, 1.43.1, 1.43.2, 1.43.3, 1.44.0, 1.45.0 from Medium to Critical
Updated severity ratings for Tomcat versions 9.0.113, 9.0.114 from High to Critical
Updated severity ratings for XWiki Platform versions 17.4.0, 17.4.1, 17.4.2, 17.4.3, 17.5.0, 17.6.0 from High to Critical
Updated severity ratings for XWiki Platform versions 17.4.4, 17.4.5, 17.7.0, 17.8.0 from Medium to Critical
Added vulnerability detection for axios:
- Critical: CVE-2025-62718
Added vulnerability detection for Chamilo:
- Critical: CVE-2026-33698, CVE-2026-33707
- High: CVE-2026-31939, CVE-2026-31940, CVE-2026-32892, CVE-2026-32894, CVE-2026-32930, CVE-2026-32931, CVE-2026-33702, CVE-2026-33704, CVE-2026-33706, CVE-2026-33710
- Medium: CVE-2025-66447, CVE-2026-31941, CVE-2026-32932, CVE-2026-33141, CVE-2026-33705, CVE-2026-33708, CVE-2026-33737
Added vulnerability detection for Django:
- Critical: CVE-2026-4277
- High: CVE-2026-3902, CVE-2026-33034
- Medium: CVE-2026-33033
- Low: CVE-2026-4292
Added vulnerability detection for Dolibarr:
- Critical: CVE-2019-25710
Added vulnerability detection for Grafana:
- Medium: CVE-2026-21724
Added vulnerability detection for LimeSurvey:
- Medium: CVE-2025-63238
Added vulnerability detection for MediaWiki:
- Critical: CVE-2025-67484
- Medium: CVE-2025-67476, CVE-2025-67480
Added vulnerability detection for phpBB:
- High: CVE-2025-70810
- Medium: CVE-2025-70811
Added vulnerability detection for Python:
- Low: CVE-2026-4519
Added vulnerability detection for Roundcube:
- High: CVE-2026-35537
Added vulnerability detection for SharePoint:
- Medium: CVE-2026-32201
Added vulnerability detection for SQLite:
- High: CVE-2025-70873
Added vulnerability detection for Tomcat:
- Critical: CVE-2026-29145
- High: CVE-2026-24880, CVE-2026-29129, CVE-2026-29146, CVE-2026-34483, CVE-2026-34486, CVE-2026-34487
- Medium: CVE-2026-25854, CVE-2026-32990, CVE-2026-34500
Added vulnerability detection for XWiki Platform:
- Critical: CVE-2026-33229

Release 20260414

Release date: 14 April 2026

Security checks

Updated the vulnerability database (VDB) to version 20260414
Updated severity ratings for Joomla versions 3.10.14, 3.10.15, 3.10.16, 3.10.17, 3.10.18, 3.10.19, 3.10.20, 4.4.13, 5.2.6, 5.3.0, 5.3.1 from Medium to High
Updated severity ratings for Lodash versions 4.17.12, 4.17.13, 4.17.14, 4.17.15, 4.17.16, 4.17.17, 4.17.18, 4.17.19, 4.17.20 from High to Critical
Updated severity ratings for Piwigo versions 2.9.2, 2.9.3, 2.9.4, 2.10.0, 2.10.1, 2.10.2, 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.5.0, 12.0.0, 12.1.0, 12.2.0, 12.3.0, 13.1.0, 13.2.0, 13.3.0, 13.4.0, 13.5.0, 13.7.0, 14.0.0, 14.1.0, 14.2.0, 14.3.0, 14.4.0, 14.5.0, 15.6.0 from High to Critical
Updated severity ratings for Piwigo versions 13.8.0, 15.0.0, 15.1.0, 15.2.0, 15.3.0, 15.4.0, 15.5.0 from Medium to Critical
Updated severity ratings for phpMyFAQ versions 4.0.16, 4.0.17, 4.0.18 from Medium to High
Added vulnerability detection for Jboss EAP:
- Critical: CVE-2026-28367
- High: CVE-2026-3260
Added vulnerability detection for Joomla:
- High: CVE-2026-21629, CVE-2026-21630, CVE-2026-23898, CVE-2026-23899
- Medium: CVE-2026-21631, CVE-2026-21632
Added vulnerability detection for Lodash:
- Critical: CVE-2026-4800
- Medium: CVE-2026-2950
Added vulnerability detection for MediaWiki:
- Medium: CVE-2025-67475, CVE-2025-67477, CVE-2025-67481, CVE-2025-67483
Added vulnerability detection for MongoDb:
- High: CVE-2026-4148
- Medium: CVE-2026-4147
Added vulnerability detection for Piwigo:
- Critical: CVE-2026-27634
- High: CVE-2026-27833, CVE-2026-27834, CVE-2026-27885
Added vulnerability detection for Roundcube:
- High: CVE-2026-35545
- Medium: CVE-2026-35539, CVE-2026-35540, CVE-2026-35541, CVE-2026-35542, CVE-2026-35543, CVE-2026-35544
- Low: CVE-2026-35538
Added vulnerability detection for TornadoWebServer:
- Medium: CVE-2026-35536
Added vulnerability detection for osTicket:
- Medium: CVE-2026-26895
Added vulnerability detection for phpBB:
- High: CVE-2019-25685
Added vulnerability detection for phpMyFAQ:
- High: CVE-2026-34728
- Medium: CVE-2026-32629, CVE-2026-34729
Added vulnerability detection for qdPM:
- High: CVE-2019-25669
Added vulnerability detection for wordpresspluginbackupmigration:
- Medium: CVE-2023-0958, CVE-2023-3977

Release 20260407

Release date: 7 April 2026

Security checks

Updated the vulnerability database (VDB) to version 20260407
Updated severity ratings for Grafana versions 9.0.0–9.0.9, 9.1.0–9.1.8, 9.2.1–9.2.7, 9.2.10, 9.2.13, 9.2.15, 9.2.17, 9.3.0–9.3.1, 9.3.4, 9.3.6, 9.3.8, 9.3.11, 9.3.13, 9.4.0–9.4.3, 9.4.7, 9.4.9, 9.4.16, 9.4.17, 9.5.0, 9.5.11, 9.5.13, 10.0.0, 10.0.7, 10.0.9, 10.1.0, 10.1.3, 10.1.5, 10.2.0, 10.3.0, 11.0.0, 11.2.0–11.2.10, 11.3.0–11.3.9, 11.4.0–11.4.8, 11.5.0–11.5.10 from High to Critical
Updated severity ratings for Grafana versions 9.3.2, 9.3.14–9.3.16, 9.4.10, 9.4.12–9.4.15, 9.5.1–9.5.3, 9.5.5–9.5.10, 9.5.12, 9.5.14–9.5.21, 10.0.1–10.0.6, 10.0.8, 10.0.10–10.0.13, 10.1.1–10.1.2, 10.1.4, 10.1.6–10.1.10, 10.2.1–10.2.9, 10.3.1–10.3.12, 10.4.0–10.4.17, 10.4.19, 11.0.1–11.0.11, 11.1.0–11.1.13 from Medium to Critical
Updated severity ratings for Grafana versions 12.0.4, 7.5.16, 7.5.17 from Medium to High
Added vulnerability detection for Apache Traffic Server:
- High: CVE-2025-58136, CVE-2025-65114
Added vulnerability detection for Dolibarr:
- Medium: CVE-2026-34036
Added vulnerability detection for Grafana:
- Critical: CVE-2026-27876
- High: CVE-2026-27877, CVE-2026-27880
- Medium: CVE-2026-27879, CVE-2026-28375, CVE-2026-33375
Added vulnerability detection for JBoss EAP:
- Critical: CVE-2026-28368, CVE-2026-28369
- High: CVE-2026-3121
- Medium: CVE-2026-4366
- Low: CVE-2026-4874
Added vulnerability detection for MongoDB:
- High: CVE-2026-4358
- Medium: CVE-2026-5170
Added vulnerability detection for Pega:
- Low: CVE-2025-62184
Added vulnerability detection for PrestaShop:
- Medium: CVE-2026-33673, CVE-2026-33674
Added vulnerability detection for Squid:
- High: CVE-2026-33526
- Medium: CVE-2026-33515
Added vulnerability detection for handlebars.js:
- Critical: CVE-2026-33937
- High: CVE-2026-33938, CVE-2026-33939, CVE-2026-33940, CVE-2026-33941
- Medium: CVE-2026-33916
Added vulnerability detection for phpMyFAQ:
- Medium: CVE-2026-34974

Release 20260331

Release date: 31 March 2026

Security checks

Updated the vulnerability database (VDB) to version 20260331
Updated severity ratings for Ruby on Rails versions 5.2.4.3, 5.2.4.4, 5.2.4.5, 5.2.4.6, 5.2.5, 5.2.6, 5.2.6.2, 6.0.3.1, 6.0.3.2, 6.0.3.3, 6.0.3.4, 6.0.3.5, 6.0.3.6, 6.0.3.7, 6.0.4, 6.0.4.1, 6.0.4.2, 6.0.4.3, 6.0.4.4, 6.0.4.6, 6.0.6.1 from High to Critical
Updated severity rating for Ruby on Rails version 7.0.8.4 from Medium to Critical
Added vulnerability detection for Craft CMS:
- High: CVE-2026-33157
- Medium: CVE-2026-33158, CVE-2026-33159, CVE-2026-33160, CVE-2026-33161, CVE-2026-33162
Added vulnerability detection for MediaWiki:
- Medium: CVE-2025-11261, CVE-2025-61641, CVE-2025-61642, CVE-2025-61643, CVE-2025-61646
Added vulnerability detection for OpenCart:
- High: CVE-2024-58341
Added vulnerability detection for Ruby on Rails:
- Critical: CVE-2026-33195, CVE-2026-33202
- High: CVE-2026-33174, CVE-2026-33176
- Medium: CVE-2026-33169, CVE-2026-33170, CVE-2026-33173

Release 20260324

Release date: 24 March 2026

Security checks

Updated the vulnerability database (VDB) to version 20260324
Updated severity ratings for Craft CMS versions 4.17.0, 4.17.1, 4.17.2, 4.17.3, 5.9.0, 5.9.1, 5.9.2, 5.9.3, 5.9.4, 5.9.5, 5.9.6 from Medium to Critical
Updated severity ratings for LimeSurvey versions 1.72, 1.85, 1.86, 3.19.0, 3.19.1, 3.19.2, 3.19.3, 3.20.0, 3.20.2, 3.21.0, 3.21.1, 3.21.2, 3.21.3, 3.21.4, 3.21.5, 3.21.6, 3.22.0, 3.22.1, 3.22.2, 3.22.3, 3.22.4, 3.22.5, 3.22.6, 3.22.7, 3.22.8, 3.22.9, 3.22.10, 3.22.11, 3.22.12, 3.22.13, 3.22.14, 3.22.15, 3.22.16, 3.22.17, 3.22.18, 3.22.19, 3.22.20, 3.22.21, 3.22.210, 3.22.24, 3.22.25, 3.22.26, 3.22.27, 3.22.28, 3.22.29, 3.23.0, 3.23.1, 3.23.2, 3.23.3, 3.23.4, 3.23.5, 3.23.6, 3.23.7, 3.23.22, 3.23.32, 3.24.0, 3.24.1, 3.24.2, 3.24.3, 3.24.4, 3.24.5, 3.24.6, 3.25.0, 3.25.1, 3.25.2, 3.25.3, 3.25.4, 3.25.5, 3.25.6, 3.25.7, 3.25.8, 3.25.9, 3.25.10, 3.25.11, 3.25.12, 3.25.13, 3.25.14, 3.25.15, 3.25.16, 3.25.17, 3.25.18, 3.25.19, 3.25.20, 3.25.21, 3.25.22, 3.26.0, 3.26.1, 3.26.2, 3.26.3, 3.26.4, 3.26.5, 3.27.0, 3.27.1, 3.27.2, 3.27.3, 3.27.4, 3.27.5, 3.27.6, 3.27.7, 3.27.8, 3.27.9, 3.27.10, 3.27.11, 3.27.12, 3.27.13, 3.27.14, 3.27.16, 3.27.17, 3.27.18, 3.27.19, 3.27.20, 3.27.21, 3.27.22, 3.27.23, 3.27.24, 3.27.25, 3.27.26, 3.27.27, 3.27.28, 3.27.29, 3.27.30, 3.27.31, 3.27.32, 3.27.33, 3.27.34, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.10, 4.1.11, 4.1.12, 4.1.13, 4.1.14, 4.1.15, 4.1.16, 4.1.17, 4.1.18, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 4.3.12, 4.3.13, 4.3.14, 4.3.15, 4.3.16, 4.3.17, 4.3.18, 4.3.19, 4.3.20, 4.3.21, 4.3.22, 4.3.23, 4.3.24, 4.3.25, 4.3.26, 4.3.27, 4.3.28, 4.3.29, 4.3.30, 4.3.31, 4.3.32, 4.3.33, 4.3.34, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.10, 4.4.11, 4.4.12, 4.4.13, 4.4.14, 4.4.15, 4.4.16, 4.5.0, 4.5.1, 4.5.2, 4.6.0, 4.6.1, 4.6.2, 4.6.3, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.1.8, 5.1.9, 5.1.10, 5.1.11, 5.1.12, 5.1.13, 5.1.14, 5.1.15, 5.1.16, 5.1.17, 5.1.18, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.4.4, 6.2.9 from High to Critical
Updated severity ratings for OpenSSL versions 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.6.0 from Critical to High
Added vulnerability detection for CKEditor:
- Medium: CVE-2026-28343
Added vulnerability detection for Chamilo:
- Critical: CVE-2026-28430
- High: CVE-2026-30875, CVE-2026-30881
- Medium: CVE-2026-30876, CVE-2026-30882
Added vulnerability detection for Craft CMS:
- Critical: CVE-2026-32267
- High: CVE-2026-31857, CVE-2026-31858, CVE-2026-32263, CVE-2026-32264
- Medium: CVE-2026-31859, CVE-2026-32262, CVE-2026-33051
Added vulnerability detection for Jenkins:
- High: CVE-2026-33001, CVE-2026-33002
Added vulnerability detection for LimeSurvey:
- Critical: CVE-2025-56422
- High: CVE-2025-56421
Added vulnerability detection for MediaWiki:
- Medium: CVE-2025-61636, CVE-2025-61637, CVE-2025-61638, CVE-2025-61639, CVE-2025-61640
- Low: CVE-2025-61634
Added vulnerability detection for NextJsReactFramework:
- High: CVE-2026-27979, CVE-2026-27980
- Medium: CVE-2026-27977, CVE-2026-27978, CVE-2026-29057
Added vulnerability detection for TornadoWebServer:
- High: CVE-2026-31958

Release 20260317

Release date: 17 March 2026

Security checks

Updated the vulnerability database (VDB) to version 20260317
Updated severity ratings for SharePoint versions 16.0.10417.20003, 16.0.18526.20172, 16.0.18526.20286, 16.0.18526.20396, 16.0.18526.20424, 16.0.18526.20508, 16.0.18526.20518, 16.0.19127.20100, 16.0.19127.20262, 16.0.19127.20338, 16.0.19127.20378, 16.0.19127.20442 from High to Critical
Updated severity ratings for Tomcat versions 9.0.109, 10.1.45, 10.1.46, 11.0.11 from Medium to Critical
Updated severity ratings for UndertowWebServer versions 2.0.30, 2.0.31, 2.0.32, 2.0.33, 2.0.34, 2.0.35, 2.0.36, 2.0.39, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.9, 2.2.10, 2.2.11, 2.2.12, 2.2.13, 2.2.14, 2.2.15, 2.2.16, 2.2.17, 2.2.18, 2.2.19 from High to Critical
Added vulnerability detection for CaddyWebServer:
- High: CVE-2026-30851, CVE-2026-30852
Added vulnerability detection for Chamilo:
- Critical: CVE-2025-55208, CVE-2025-55289, CVE-2025-59542, CVE-2025-59543
- High: CVE-2025-59541, CVE-2026-29041
- Medium: CVE-2025-59540, CVE-2025-59544
Added vulnerability detection for Craft CMS:
- Medium: CVE-2026-29113
Added vulnerability detection for Envoy:
- High: CVE-2026-26308, CVE-2026-26310, CVE-2026-26330
- Medium: CVE-2026-26309, CVE-2026-26311
Added vulnerability detection for Jboss EAP:
- Critical: CVE-2025-12543
- High: CVE-2026-3009
Added vulnerability detection for OpenCart:
- Medium: CVE-2026-3714
Added vulnerability detection for SharePoint:
- Critical: CVE-2026-26105
- High: CVE-2026-26106, CVE-2026-26113, CVE-2026-26114
Added vulnerability detection for Tomcat:
- Critical: CVE-2025-66614
- High: CVE-2026-24734
- Low: CVE-2026-24733
Added vulnerability detection for UndertowWebServer:
- Critical: CVE-2025-12543

Release 20260310

Release date: 10 March 2026

Security checks

Updated the vulnerability database (VDB) to version 20260310
Updated severity ratings for Chamilo versions 1.10.0, 1.10.2, 1.10.4, 1.10.6, 1.10.8, 1.11.26, 1.8.6.1, 1.8.8.3, 1.9.0, 1.9.10, 1.9.10.2, 1.9.10.4, 1.9.6, 1.9.6.1, 1.9.8, 1.9.8.1, 1.9.8.2 from High to Critical
Updated severity rating for Chamilo version 1.11.24 from Medium to Critical
Updated severity ratings for Craft CMS versions 4.15.6.2, 4.16.17, 4.16.18, 4.16.19, 4.4.14, 4.5.6.1, 5.6.16, 5.7.1.1, 5.8.21, 5.8.22, 5.8.23 from High to Critical
Updated severity ratings for DotCMS versions 22.03, 22.03.2, 22.03.4, 22.03.5, 22.03.6, 22.03.7, 22.03.8, 22.03.9, 22.03.10, 22.03.11, 22.03.12, 22.03.13, 22.03.14, 22.03.15, 23.01.1, 23.01.2, 23.01.3, 23.01.4, 23.01.5, 23.01.6, 23.01.7, 23.01.8, 23.01.9, 23.01.10, 23.01.11, 23.01.12, 23.01.13, 23.01.14, 23.01.15, 23.01.16, 23.01.17, 23.10.24.0 from Medium to Critical
Updated severity ratings for EspoCRM versions 2.6.0, 2.7.0, 2.7.1, 2.7.2, 2.8.0, 2.8.1, 2.9.0, 2.9.1, 2.9.2, 3.0.0, 3.0.1, 3.1.0, 3.1.1, 3.2.0, 3.2.1, 3.2.2, 3.3.0, 3.4.0, 3.4.1, 3.4.2, 3.5.0, 3.5.1, 3.5.2, 3.6.0, 3.6.1, 3.6.2, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.8.0, 3.9.0, 3.9.1, 3.9.2, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.5.0, 4.5.1, 4.6.0, 4.7.0, 4.7.1, 4.7.2, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 5.5.6, 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.8, 5.6.9, 5.6.10, 5.6.11, 5.6.12, 5.6.13, 5.6.14, 5.7.0, 5.7.1, 5.7.2, 5.7.3, 5.7.4, 5.7.5, 5.7.6, 5.7.7, 5.7.8, 5.7.9, 5.7.10, 5.7.11, 5.8.0, 5.8.1, 5.8.2, 5.8.3, 5.8.4, 5.8.5 from High to Critical
Updated severity ratings for osCommerce versions 1.0.6.0, 1.0.7.0, 1.0.7.1, 1.0.7.2, 1.0.7.3, 1.0.7.4, 1.0.7.5, 1.0.7.6, 1.0.7.7, 1.0.7.8, 1.0.7.9, 1.1, 1.11, 1.12, 1.13, 2.3, 2.3.1, 2.3.2, 2.3.3, 2.3.3.1, 2.3.3.2, 2.3.3.3, 2.3.3.4, 2.3.4 from Medium to High
Added vulnerability detection for Chamilo:
- Critical: CVE-2025-50187, CVE-2025-50190, CVE-2025-50192, CVE-2025-50199, CVE-2025-52998
- High: CVE-2024-47886, CVE-2025-50188, CVE-2025-50189, CVE-2025-50191, CVE-2025-50193, CVE-2025-50194, CVE-2025-50195, CVE-2025-50196, CVE-2025-50197, CVE-2025-52469, CVE-2025-52482
- Medium: CVE-2024-50337, CVE-2025-50186, CVE-2025-50198, CVE-2025-52468, CVE-2025-52470, CVE-2025-52475, CVE-2025-52476, CVE-2025-52563, CVE-2025-52564
Added vulnerability detection for Craft CMS:
- Critical: CVE-2026-28697, CVE-2026-28783
- High: CVE-2026-28695, CVE-2026-28696, CVE-2026-28784
- Medium: CVE-2026-27129, CVE-2026-28781, CVE-2026-28782, CVE-2026-29069
Added vulnerability detection for DOMPurify:
- Medium: CVE-2025-15599, CVE-2026-0540
Added vulnerability detection for Django:
- High: CVE-2026-25673
- Low: CVE-2026-25674
Added vulnerability detection for DotCMS:
- Critical: CVE-2025-11165
Added vulnerability detection for EspoCRM:
- Critical: CVE-2020-37094
Added vulnerability detection for Jetty:
- High: CVE-2026-1605
- Medium: CVE-2025-11143
Added vulnerability detection for MediaWiki:
- Medium: CVE-2025-61645
Added vulnerability detection for Moodle:
- High: CVE-2025-67847
Added vulnerability detection for Underscore.js:
- High: CVE-2026-27601
Added vulnerability detection for Werkzeug:
- Medium: CVE-2026-27199
Added vulnerability detection for XWikiplatform:
- High: CVE-2025-55749
Added vulnerability detection for osCommerce:
- High: CVE-2019-25495, CVE-2019-25496, CVE-2019-25497
Added vulnerability detection for phpMyFAQ:
- High: CVE-2026-27836

Release 20260303

Release date: 3 March 2026

Security checks

Updated the vulnerability database (VDB) to version 20260303
Updated severity ratings for CaddyWebServer versions 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.10.7, 0.10.8, 0.10.9, 0.10.10, 0.10.11, 0.10.12, 0.10.13, 0.10.14, 0.11.0, 0.11.1, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 2.0.0, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.3, 2.3.0, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4 from High to Critical
Updated severity rating for Grafana version 10.4.0 from Low to Medium
Updated severity rating for Markdownit version 14.1.0 from Medium to High
Updated severity ratings for Moodle versions 4.2.10, 4.2.11 from Medium to High
Updated severity ratings for Piwigo versions 14.0.0, 14.1.0, 14.2.0, 14.3.0, 14.4.0 from Medium to High
Added vulnerability detection for Angular:
- Medium: CVE-2026-22610, CVE-2026-27970
Added vulnerability detection for CKEditor:
- Medium: CVE-2021-21254, CVE-2024-45613, CVE-2025-61261
Added vulnerability detection for CaddyWebServer:
- Critical: CVE-2026-27586, CVE-2026-27587, CVE-2026-27588, CVE-2026-27590
- Medium: CVE-2026-27585, CVE-2026-27589
Added vulnerability detection for CakePHP:
- Medium: CVE-2026-23643
Added vulnerability detection for Chamilo:
- Medium: CVE-2026-1106
Added vulnerability detection for Craft CMS:
- Medium: CVE-2026-27126, CVE-2026-27127, CVE-2026-27128
Added vulnerability detection for Dolibarr:
- High: CVE-2019-25450, CVE-2019-25452
- Medium: CVE-2021-47779
Added vulnerability detection for Grafana:
- Medium: CVE-2025-41117, CVE-2026-21722
- Low: CVE-2026-21725
Added vulnerability detection for Markdownit:
- High: CVE-2026-2327
Added vulnerability detection for MongoDb:
- High: CVE-2026-1847, CVE-2026-1848, CVE-2026-1849, CVE-2026-1850
- Medium: CVE-2026-25609, CVE-2026-25610, CVE-2026-25613
Added vulnerability detection for Moodle:
- High: CVE-2026-26045, CVE-2026-26046
- Medium: CVE-2026-26047
Added vulnerability detection for NextJsReactFramework:
- High: CVE-2025-59472
Added vulnerability detection for Piwigo:
- High: CVE-2024-48928
- Medium: CVE-2025-62512

Release 20260224

Release date: 24 February 2026

Security checks

Updated the vulnerability database (VDB) to version 20260224
Updated severity ratings for PostgreSQL versions 14.13, 15.8, 16.4, 17.0 from Medium to High
Added vulnerability detection for Angular:
- Medium: CVE-2025-66412
Added vulnerability detection for Craft CMS:
- High: CVE-2026-25495, CVE-2026-25497, CVE-2026-25498
- Medium: CVE-2026-25491, CVE-2026-25492, CVE-2026-25493, CVE-2026-25494, CVE-2026-25496
Added vulnerability detection for Grafana:
- High: CVE-2026-21720
Added vulnerability detection for Hiawatha:
- Medium: CVE-2025-57783
- Low: CVE-2025-57784
Added vulnerability detection for Jenkins:
- High: CVE-2026-27099
- Medium: CVE-2026-27100
Added vulnerability detection for Lodash:
- Medium: CVE-2025-13465
Added vulnerability detection for NextJsReactFramework:
- High: CVE-2025-59471
Added vulnerability detection for PostgreSQL:
- High: CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007
- Medium: CVE-2026-2003
Added vulnerability detection for PrestaShop:
- Medium: CVE-2026-25597
Added vulnerability detection for React:
- High: CVE-2026-23864
Added vulnerability detection for Skipper:
- High: CVE-2026-23742, CVE-2026-24470
Added vulnerability detection for XWikiplatform:
- Medium: CVE-2025-66472, CVE-2026-26000
Added vulnerability detection for axios:
- High: CVE-2026-25639
Removed vulnerability detection for bootstrap.js:
- CVE-2024-6531

Release 20260219

Release date: 19 February 2026

Security checks

Updated the vulnerability database (VDB) to version 20260219
Updated severity ratings for Moodle versions 3.9.24, 3.10.11, 3.11.17, 3.11.18, 4.0.11, 4.0.12, 4.1.16, 4.1.17, 4.1.18, 4.1.19, 4.1.20, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.10, 4.5.2, 4.5.3, 4.5.4, 4.5.5, 4.5.6, 5.0.0, 5.0.1, 5.0.2 from High to Critical
Updated severity ratings for OpenSSL versions 1.0.2zh, 1.0.2zi, 1.1.1w from Medium to High
Updated severity ratings for OpenSSL versions 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.3.0, 3.3.1, 3.5.0 from High to Critical
Updated severity ratings for Roundcube versions 1.5.6, 1.6.5, 1.6.6 from High to Critical
Updated severity ratings for moveittransfer versions 2022.0.0, 2022.0.4, 2022.0.5, 2022.0.6, 2022.0.7, 2022.0.8, 2022.0.9, 2022.1.0, 2022.1.5, 2022.1.6, 2022.1.7, 2022.1.8, 2022.1.9, 2022.1.10 from Medium to High
Added vulnerability detection for Chamilo:
- Medium: CVE-2025-69581
Added vulnerability detection for CrushFTP:
- Medium: CVE-2025-63420
Added vulnerability detection for Django:
- High: CVE-2025-14550, CVE-2026-1285
- Medium: CVE-2025-13473, CVE-2026-1207, CVE-2026-1287, CVE-2026-1312
Added vulnerability detection for Moodle:
- Critical: CVE-2025-67856
- High: CVE-2025-67848, CVE-2025-67851, CVE-2025-67853
- Medium: CVE-2025-67849, CVE-2025-67850, CVE-2025-67852, CVE-2025-67855, CVE-2025-67857
Added vulnerability detection for OpenSSL:
- Critical: CVE-2025-15467
- High: CVE-2025-69419, CVE-2025-69420, CVE-2025-69421
- Medium: CVE-2025-11187, CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2026-22795, CVE-2026-22796
Added vulnerability detection for PodcastGenerator:
- Medium: CVE-2025-70336
Added vulnerability detection for Python:
- Medium: CVE-2025-6075, CVE-2025-12781
Added vulnerability detection for Roundcube:
- Critical: CVE-2024-37385
Added vulnerability detection for SharePoint:
- High: CVE-2026-21260, CVE-2026-21511
Added vulnerability detection for WebERP:
- High: CVE-2020-37082
Added vulnerability detection for Werkzeug:
- Medium: CVE-2026-21860
Added vulnerability detection for XWikiplatform:
- Medium: CVE-2026-24128
Added vulnerability detection for advanced-custom-fields:
- Medium: CVE-2018-20986, CVE-2021-24241, CVE-2023-6701, CVE-2023-40068, CVE-2024-4565, CVE-2024-9529
Added vulnerability detection for moveittransfer:
- High: CVE-2025-11235
Added vulnerability detection for wordpresspluginacf-extended:
- Critical: CVE-2025-14533

Release 20260203

Release date: 3 February 2026
Version: 25.12.9

Security checks

Added comprehensive JWT authentication bypass detection
- High: JWT Signature Bypass via None Algorithm
- High: JWT Signature is not Verified
- High: JWT Signature Bypass via kid SQL injection
- High: JWT Signature Bypass via kid Path Traversal
- High: JWT Signature Bypass via unvalidated jwk parameter
- High: Unvalidated JWT jku parameter
- High: Unvalidated JWT x5u parameter
- High: JWT Signature Bypass via unvalidated jku parameter
- High: JWT Signature Bypass via unvalidated x5u parameter
- High: JWT Signature Bypass via unvalidated x5c parameter
Added authorization vulnerability detection
- High: Horizontal Broken Function Level Authorization (BFLA)
- High: Unauthenticated Access to Sensitive Functions
- High: Horizontal IDOR/BOLA (Broken Object Level Authorization)
- High: Vertical Broken Function Level Authorization (BFLA)
- High: Vertical IDOR/BOLA (Broken Object Level Authorization)
Added sensitive information exposure detection
- High: API Sensitive Info(PII) accessible without authentication
- Medium: Resource Accessible Without Required Authentication
Added API inventory management checks
- Medium: API Authentication Bypass Using a Test/Staging Host Header
Added microservice security checks
- High: Microservice Directory Traversal
Added vulnerability detection for Java:
- Medium: CVE-2026-21925
- High: CVE-2026-21932
- Medium: CVE-2026-21933
- High: CVE-2026-21945
Added vulnerability detection for Jetty:
- High: CVE-2025-5115
Added vulnerability detection for Joomla:
- Medium: CVE-2025-63082
- Medium: CVE-2025-63083
Removed vulnerability detection for LiferayPortal:
- CVE-2023-33944
Added vulnerability detection for LimeSurvey:
- Medium: CVE-2020-36993
- High: CVE-2024-39063
- Critical: CVE-2025-41375
- Medium: CVE-2025-41376
Added vulnerability detection for MySQL:
- Medium: CVE-2026-21964
Added vulnerability detection for Oracle:
- High: CVE-2026-21939
Added vulnerability detection for Oracle HTTP Server:
- Critical: CVE-2026-21962
Added vulnerability detection for osTicket:
- High: CVE-2026-22200
Added vulnerability detection for phpMyFAQ:
- Medium: CVE-2026-24420
- Medium: CVE-2026-24421
- High: CVE-2026-24422
Updated severity for Oracle 23.8 from Medium to High
Updated severity for osTicket 1.17, 1.17.1, 1.17.3, 1.17.4, 1.17.5, 1.17.6, 1.18 from Medium to High

Release 20260127

Release date: 27 January 2026
Version: 25.12.8

Security checks

Updated the vulnerability database (VDB) to version 20260127
Added vulnerability detection for e107:
- High: CVE-2022-50939
- Medium: CVE-2022-50905

Release 20260120

Release date: 20 January 2026
Version: 25.12.7

Security checks

Updated the vulnerability database (VDB) to version 20260120
Updated severity rating for Craft CMS version 3.9.15 from Medium to Critical
Updated severity ratings for Craft CMS versions 4.4.16, 4.4.16.1, 4.4.17, 4.5.0, 4.14.9, 4.14.10, 4.14.11, 4.14.11.1, 4.14.12, 4.14.13, 4.14.14, 4.14.15, 4.15.0, 4.15.0.1, 4.15.0.2, 4.15.1, 4.15.2, 4.15.3, 4.15.4, 4.15.5, 4.15.6, 4.15.6.1, 5.6.10, 5.6.10.1, 5.6.10.2, 5.6.11, 5.6.12, 5.6.13, 5.6.14, 5.6.15, 5.6.17, 5.7.0, 5.7.1, 5.7.2, 5.7.3, 5.7.4, 5.7.5, 5.7.6, 5.7.7, 5.7.8, 5.7.8.1, 5.7.8.2 from High to Critical
Updated severity rating for Grafana version 12.0.0 from High to Critical
Updated severity ratings for e107 versions 2.1.4, 2.3.2 from Medium to High
Added vulnerability detection for Craft CMS:
- Critical: CVE-2025-68456
- High: CVE-2025-68454, CVE-2025-68455
- Medium: CVE-2025-68436, CVE-2025-68437
Added vulnerability detection for Grafana:
- Critical: CVE-2025-41115
Added vulnerability detection for Python:
- Medium: CVE-2025-13837
Added vulnerability detection for SharePoint:
- High: CVE-2026-20943, CVE-2026-20947, CVE-2026-20948, CVE-2026-20951, CVE-2026-20963
- Medium: CVE-2026-20958, CVE-2026-20959
Added vulnerability detection for e107:
- High: CVE-2022-50907, CVE-2022-50916, CVE-2025-11941
- Medium: CVE-2022-50906, CVE-2025-61505
Added vulnerability detection for typo3CMS:
- High: CVE-2025-59022, CVE-2026-0859
- Medium: CVE-2025-59020, CVE-2025-59021

Release 20260112

Release date: 12 January 2026
Version: 25.12.6

Security checks

Added vulnerability detection for OpenCart:
- Medium: CVE-2025-15116
Added vulnerability detection for PHP:
- High: CVE-2025-14177, CVE-2025-14178, CVE-2025-14180
Added vulnerability detection for WordPress:
- High: CVE-2024-31210
Added vulnerability detection for phpMyFAQ:
- High: CVE-2025-62519, CVE-2025-69200
- Medium: CVE-2025-68951

Security release notes

2026​

Release 20260514​

Security checks​

Release 20260513​

Security checks​

Release 20260505​

Security checks​

Release 20260428​

Security checks​

Release 20260421​

Security checks​

Release 20260414​

Security checks​

Release 20260407​

Security checks​

Release 20260331​

Security checks​

Release 20260324​

Security checks​

Release 20260317​

Security checks​

Release 20260310​

Security checks​

Release 20260303​

Security checks​

Release 20260224​

Security checks​

Release 20260219​

Security checks​

Release 20260203​

Security checks​

Release 20260127​

Security checks​

Release 20260120​

Security checks​

Release 20260112​

Security checks​

2026

Release 20260514

Security checks

Release 20260513

Security checks

Release 20260505

Security checks

Release 20260428

Security checks

Release 20260421

Security checks

Release 20260414

Security checks

Release 20260407

Security checks

Release 20260331

Security checks

Release 20260324

Security checks

Release 20260317

Security checks

Release 20260310

Security checks

Release 20260303

Security checks

Release 20260224

Security checks

Release 20260219

Security checks

Release 20260203

Security checks

Release 20260127

Security checks

Release 20260120

Security checks

Release 20260112

Security checks