Skip to main content

Invicti Platform Security checks and Runtime SCA findings

RSS feed

Track new security checks, vulnerability detection capabilities, and Runtime SCA findings introduced in each Invicti Platform on-demand release. Updates include enhanced detection methods, CVE coverage, and improvements to vulnerability identification.

2026

Security checks, vulnerability database updates, and Runtime SCA enhancements released in 2026.

Release 21012026

Release date: 21 January 2026
Version: 25.12.7

Security checks

Release 13012026

Release date: 13 January 2026
Version: 25.12.6

Security checks

Release 07012026

Release date: 7 January 2026
Version: 25.12.5

Security checks

  • Updated the Vulnerability Database (VDB) to version 20260106
  • Added 15 new versions for 18 technologies and 7 new CVEs
  • Updated severity ratings for MongoDB versions 4.2.18, 4.3.0-4.3.3, 4.4.29, 5.0.30-5.0.31, 6.0.23-6.0.26, 8.0.13-8.0.15, 8.2.0-8.2.1 from Medium to High
  • Updated severity rating for Podcast Generator version 3.2.9 from Medium to Critical
  • Updated severity ratings for Python versions 3.10.10-3.10.19, 3.11-3.11.14, 3.12-3.12.5 from High to Critical
  • Updated severity rating for Python version 3.12.6 from Medium to Critical
  • Added vulnerability detection for CrushFTP:
  • Added vulnerability detection for MongoDB:
  • Added vulnerability detection for Podcast Generator:
  • Added vulnerability detection for Python:
  • Added vulnerability detection for Roundcube:
  • Added vulnerability detection for phpMyFAQ:

2025

Security checks, vulnerability database updates, and Runtime SCA enhancements released in 2025.

Release 30122025

Release date: 30 December 2025
Version: 25.12.4

Security checks

Improvements

  • Updated vulnerability classifications to align with OWASP Top 10 2025 categories
  • Updated OWASP Top 10 scan profile to align with OWASP Top 10 2025 categories

Release 17122025

Release date: 17 December 2025
Version: 25.12.3

Security checks

Improvements

  • Improved detection of DOM XSS vulnerabilities
  • Updated the alert text of the most detected vulnerabilities

Resolved issues

  • Improved detection of "Sensitive pages could be cached" vulnerabilities
  • Improved detection of "Open Redirect" vulnerabilities

Release 09122025

Release date: 9 December 2025
Version: 25.12.2

Security checks

  • Updated the Vulnerability Database (VDB) to version 20251209

Release 05122025

Release date: 5 December 2025
Version: 25.12.1

Security checks

Release 03122025

Release date: 3 December 2025
Version: 25.11.3

Security checks

Improvements

  • Improved password detection when leaked in responses
  • Improved detection of DOM XSS vulnerabilities

Resolved issues

  • Improved detection of chatbots

Release 25112025

Release date: 25 November 2025
Version: 25.11.2

Security checks

  • Added detection for the Fortinet FortiWeb authentication bypass vulnerability (CVE-2025-64446)
  • Added detection for the Citrix NetScaler memory leak and reflected XSS vulnerability (CVE-2025-12101)
  • Improved detection of SQL injection attempts in prepared statements used with NodeJS and MySQL
  • Added detection for the Oracle Identity Manager authentication bypass leading to RCE (CVE-2025-61757)
  • Updated the Vulnerability Database (VDB) to version 20251125

Resolved issue

  • Fixed an issue in the script that identifies API resources missing required authentication

Release 20112025

Release date: 20 November 2025
Version: 25.11.1

Security checks

  • Added check for Django SQL Injection via _connector parameter - CVE-2025-64459
  • Updated the Vulnerability Database (VDB) to version 20251118

Improvement

  • Updated High Risk profile to include Blind XSS vulnerability checks

Release 05112025

Release date: 5 November 2025

Security checks

  • Improved Local Path Traversal detection in J2EE environments to cover CVE-2025-55752
  • Added detection for Magento authentication bypass (SessionReaper) - CVE-2025-54236
  • Updated the Vulnerability Database (VDB) to version 20251104

Improvements

  • Improved detection of sensitive information and personally identifiable information (PII)

Resolved issues

  • Resolved an issue where XSS findings in JSON responses didn't display attack details
  • Fixed the issue where sensitive data was not highlighted in the response for Sensitive Data Exposure vulnerabilities
  • Resolved classification of standard XSS vulnerabilities that depend on how legacy browsers handle encoding

Release 31102025

Release date: 31 October 2025

Security checks

  • Updated AEM (Adobe Experience Manager) checks to include seven newly reported vulnerabilities from the Hopgoblin toolkit (CVE-2025-54251, CVE-2025-54249, CVE-2025-54252, CVE-2025-54250, CVE-2025-54247, CVE-2025-54248, CVE-2025-54246)
  • Updated the Vulnerability Database (VDB) to version 20251006
  • Updated the Vulnerability Database (VDB) to version 20251021
  • Added detection for the Oracle E-Business Suite remote code execution vulnerability (CVE-2025-61882)
  • Added a new information discovery capability to detect sensitive or personally identifiable (PII) data during scans

Improvements

  • Increased the severity level of TLS 1.1 usage from “Info” to “Low”
  • Added new informational XSS finding types for cases where exploitation depends on the encoding behavior of legacy browsers

Resolved issues

  • Removed duplicate CVE findings