Acunetix Premium Release Notes

v.Security - 15 May 2026

Copy Link Copy Link

Added vulnerability detection for CVE-2026-42945.

Security checks

Added vulnerability detection for nginx:
- High: CVE-2026-42945

v.Security - 21 Apr 2026

Copy Link Copy Link

New security checks and improved technology detection.

Security checks

Updated the vulnerability database (VDB) to version 20260421
Added a new security check for Cross-Origin Opener Policy (COOP)
Updated severity ratings for axios versions 1.7.8, 1.7.9, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.9.0, 1.10.0, 1.11.0, 1.12.0, 1.12.1, 1.12.2 from High to Critical
Updated severity ratings for Django versions 4.2.26, 4.2.28, 5.2.8, 5.2.10, 5.2.11, 6.0, 6.0.1, 6.0.2 from High to Critical
Updated severity ratings for MediaWiki versions 1.39.6, 1.39.7, 1.39.8, 1.39.9, 1.39.10, 1.39.11, 1.39.12 from High to Critical
Updated severity ratings for MediaWiki versions 1.39.13, 1.43.0, 1.43.1, 1.43.2, 1.43.3, 1.44.0, 1.45.0 from Medium to Critical
Updated severity ratings for Tomcat versions 9.0.113, 9.0.114 from High to Critical
Updated severity ratings for XWiki Platform versions 17.4.0, 17.4.1, 17.4.2, 17.4.3, 17.5.0, 17.6.0 from High to Critical
Updated severity ratings for XWiki Platform versions 17.4.4, 17.4.5, 17.7.0, 17.8.0 from Medium to Critical
Added vulnerability detection for axios:
- Critical: CVE-2025-62718
Added vulnerability detection for Chamilo:
- Critical: CVE-2026-33698, CVE-2026-33707
- High: CVE-2026-31939, CVE-2026-31940, CVE-2026-32892, CVE-2026-32894, CVE-2026-32930, CVE-2026-32931, CVE-2026-33702, CVE-2026-33704, CVE-2026-33706, CVE-2026-33710
- Medium: CVE-2025-66447, CVE-2026-31941, CVE-2026-32932, CVE-2026-33141, CVE-2026-33705, CVE-2026-33708, CVE-2026-33737
Added vulnerability detection for Django:
- Critical: CVE-2026-4277
- High: CVE-2026-3902, CVE-2026-33034
- Medium: CVE-2026-33033
- Low: CVE-2026-4292
Added vulnerability detection for Dolibarr:
- Critical: CVE-2019-25710
Added vulnerability detection for Grafana:
- Medium: CVE-2026-21724
Added vulnerability detection for LimeSurvey:
- Medium: CVE-2025-63238
Added vulnerability detection for MediaWiki:
- Critical: CVE-2025-67484
- Medium: CVE-2025-67476, CVE-2025-67480
Added vulnerability detection for phpBB:
- High: CVE-2025-70810
- Medium: CVE-2025-70811
Added vulnerability detection for Python:
- Low: CVE-2026-4519
Added vulnerability detection for Roundcube:
- High: CVE-2026-35537
Added vulnerability detection for SharePoint:
- Medium: CVE-2026-32201
Added vulnerability detection for SQLite:
- High: CVE-2025-70873
Added vulnerability detection for Tomcat:
- Critical: CVE-2026-29145
- High: CVE-2026-24880, CVE-2026-29129, CVE-2026-29146, CVE-2026-34483, CVE-2026-34486, CVE-2026-34487
- Medium: CVE-2026-25854, CVE-2026-32990, CVE-2026-34500
Added vulnerability detection for XWiki Platform:
- Critical: CVE-2026-33229

v.Security - 16 Apr 2026

Copy Link Copy Link

New security checks and improved technology detection.

Security checks

Updated the vulnerability database (VDB) to version 20260414.
Added detection for exposed installers to reduce information disclosure risk and improve coverage.
Improved JSON parsing and aligned vulnerability tags for more accurate and reliable scan results.
Added detection for Nginx UI information disclosure (CVE-2026-27944).
Added detection for Citrix NetScaler memory overread (CVE-2026-3055).
Updated severity ratings for Joomla versions 3.10.14, 3.10.15, 3.10.16, 3.10.17, 3.10.18, 3.10.19, 3.10.20, 4.4.13, 5.2.6, 5.3.0, 5.3.1 from Medium to High
Updated severity ratings for Lodash versions 4.17.12, 4.17.13, 4.17.14, 4.17.15, 4.17.16, 4.17.17, 4.17.18, 4.17.19, 4.17.20 from High to Critical
Updated severity ratings for Piwigo versions 2.9.2, 2.9.3, 2.9.4, 2.10.0, 2.10.1, 2.10.2, 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.5.0, 12.0.0, 12.1.0, 12.2.0, 12.3.0, 13.1.0, 13.2.0, 13.3.0, 13.4.0, 13.5.0, 13.7.0, 14.0.0, 14.1.0, 14.2.0, 14.3.0, 14.4.0, 14.5.0, 15.6.0 from High to Critical
Updated severity ratings for Piwigo versions 13.8.0, 15.0.0, 15.1.0, 15.2.0, 15.3.0, 15.4.0, 15.5.0 from Medium to Critical
Updated severity ratings for phpMyFAQ versions 4.0.16, 4.0.17, 4.0.18 from Medium to High
Added vulnerability detection for Jboss EAP:
- Critical: CVE-2026-28367
- High: CVE-2026-3260
Added vulnerability detection for Joomla:
- High: CVE-2026-21629, CVE-2026-21630, CVE-2026-23898, CVE-2026-23899
- Medium: CVE-2026-21631, CVE-2026-21632
Added vulnerability detection for Lodash:
- Critical: CVE-2026-4800
- Medium: CVE-2026-2950
Added vulnerability detection for MediaWiki:
- Medium: CVE-2025-67475, CVE-2025-67477, CVE-2025-67481, CVE-2025-67483
Added vulnerability detection for MongoDb:
- High: CVE-2026-4148
- Medium: CVE-2026-4147
Added vulnerability detection for Piwigo:
- Critical: CVE-2026-27634
- High: CVE-2026-27833, CVE-2026-27834, CVE-2026-27885
Added vulnerability detection for Roundcube:
- High: CVE-2026-35545
- Medium: CVE-2026-35539, CVE-2026-35540, CVE-2026-35541, CVE-2026-35542, CVE-2026-35543, CVE-2026-35544
- Low: CVE-2026-35538
Added vulnerability detection for TornadoWebServer:
- Medium: CVE-2026-35536
Added vulnerability detection for osTicket:
- Medium: CVE-2026-26895
Added vulnerability detection for phpBB:
- High: CVE-2019-25685
Added vulnerability detection for phpMyFAQ:
- High: CVE-2026-34728
- Medium: CVE-2026-32629, CVE-2026-34729
Added vulnerability detection for qdPM:
- High: CVE-2019-25669
Added vulnerability detection for wordpresspluginbackupmigration:
- Medium: CVE-2023-0958, CVE-2023-3977

v.Security - 02 Apr 2026

Copy Link Copy Link

New security checks and improved technology detection.

Security checks

Updated the vulnerability database (VDB) to version 20260331
Updated severity ratings for Ruby on Rails versions 5.2.4.3, 5.2.4.4, 5.2.4.5, 5.2.4.6, 5.2.5, 5.2.6, 5.2.6.2, 6.0.3.1, 6.0.3.2, 6.0.3.3, 6.0.3.4, 6.0.3.5, 6.0.3.6, 6.0.3.7, 6.0.4, 6.0.4.1, 6.0.4.2, 6.0.4.3, 6.0.4.4, 6.0.4.6, 6.0.6.1 from High to Critical
Updated severity rating for Ruby on Rails version 7.0.8.4 from Medium to Critical
Added vulnerability detection for Craft CMS:
- High: CVE-2026-33157
- Medium: CVE-2026-33158, CVE-2026-33159, CVE-2026-33160, CVE-2026-33161, CVE-2026-33162
Added vulnerability detection for MediaWiki:
- Medium: CVE-2025-11261, CVE-2025-61641, CVE-2025-61642, CVE-2025-61643, CVE-2025-61646
Added vulnerability detection for OpenCart:
- High: CVE-2024-58341
Added vulnerability detection for Ruby on Rails:
- Critical: CVE-2026-33195, CVE-2026-33202
- High: CVE-2026-33174, CVE-2026-33176
- Medium: CVE-2026-33169, CVE-2026-33170, CVE-2026-33173

Improvement

Added optional variable for OOB server settings

v.Security - 24 Mar 2026

Copy Link Copy Link

New security checks and improved technology detection.

Security checks

Updated the vulnerability database (VDB) to version 20260324
Added a new security check of Chrome Logger information disclosure
Updated severity ratings for Craft CMS versions 4.17.0, 4.17.1, 4.17.2, 4.17.3, 5.9.0, 5.9.1, 5.9.2, 5.9.3, 5.9.4, 5.9.5, 5.9.6 from Medium to Critical
Updated severity ratings for LimeSurvey versions 1.72, 1.85, 1.86, 3.19.0, 3.19.1, 3.19.2, 3.19.3, 3.20.0, 3.20.2, 3.21.0, 3.21.1, 3.21.2, 3.21.3, 3.21.4, 3.21.5, 3.21.6, 3.22.0, 3.22.1, 3.22.2, 3.22.3, 3.22.4, 3.22.5, 3.22.6, 3.22.7, 3.22.8, 3.22.9, 3.22.10, 3.22.11, 3.22.12, 3.22.13, 3.22.14, 3.22.15, 3.22.16, 3.22.17, 3.22.18, 3.22.19, 3.22.20, 3.22.21, 3.22.210, 3.22.24, 3.22.25, 3.22.26, 3.22.27, 3.22.28, 3.22.29, 3.23.0, 3.23.1, 3.23.2, 3.23.3, 3.23.4, 3.23.5, 3.23.6, 3.23.7, 3.23.22, 3.23.32, 3.24.0, 3.24.1, 3.24.2, 3.24.3, 3.24.4, 3.24.5, 3.24.6, 3.25.0, 3.25.1, 3.25.2, 3.25.3, 3.25.4, 3.25.5, 3.25.6, 3.25.7, 3.25.8, 3.25.9, 3.25.10, 3.25.11, 3.25.12, 3.25.13, 3.25.14, 3.25.15, 3.25.16, 3.25.17, 3.25.18, 3.25.19, 3.25.20, 3.25.21, 3.25.22, 3.26.0, 3.26.1, 3.26.2, 3.26.3, 3.26.4, 3.26.5, 3.27.0, 3.27.1, 3.27.2, 3.27.3, 3.27.4, 3.27.5, 3.27.6, 3.27.7, 3.27.8, 3.27.9, 3.27.10, 3.27.11, 3.27.12, 3.27.13, 3.27.14, 3.27.16, 3.27.17, 3.27.18, 3.27.19, 3.27.20, 3.27.21, 3.27.22, 3.27.23, 3.27.24, 3.27.25, 3.27.26, 3.27.27, 3.27.28, 3.27.29, 3.27.30, 3.27.31, 3.27.32, 3.27.33, 3.27.34, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.10, 4.1.11, 4.1.12, 4.1.13, 4.1.14, 4.1.15, 4.1.16, 4.1.17, 4.1.18, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 4.3.12, 4.3.13, 4.3.14, 4.3.15, 4.3.16, 4.3.17, 4.3.18, 4.3.19, 4.3.20, 4.3.21, 4.3.22, 4.3.23, 4.3.24, 4.3.25, 4.3.26, 4.3.27, 4.3.28, 4.3.29, 4.3.30, 4.3.31, 4.3.32, 4.3.33, 4.3.34, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.10, 4.4.11, 4.4.12, 4.4.13, 4.4.14, 4.4.15, 4.4.16, 4.5.0, 4.5.1, 4.5.2, 4.6.0, 4.6.1, 4.6.2, 4.6.3, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.1.8, 5.1.9, 5.1.10, 5.1.11, 5.1.12, 5.1.13, 5.1.14, 5.1.15, 5.1.16, 5.1.17, 5.1.18, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.4.4, 6.2.9 from High to Critical
Updated severity ratings for OpenSSL versions 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.6.0 from Critical to High
Added vulnerability detection for CKEditor:

– Medium: CVE-2026-28343
Added vulnerability detection for Chamilo:

– Critical: CVE-2026-28430

– High: CVE-2026-30875, CVE-2026-30881

– Medium: CVE-2026-30876, CVE-2026-30882
Added vulnerability detection for Craft CMS:

– Critical: CVE-2026-32267

– High: CVE-2026-31857, CVE-2026-31858, CVE-2026-32263, CVE-2026-32264

– Medium: CVE-2026-31859, CVE-2026-32262, CVE-2026-33051
Added vulnerability detection for Jenkins:

– High: [CVE-2026-33001, CVE-2026-33002
Added vulnerability detection for LimeSurvey:

– Critical: CVE-2025-56422

– High: CVE-2025-56421
Added vulnerability detection for MediaWiki:

– Medium: CVE-2025-61636, CVE-2025-61637, CVE-2025-61638, CVE-2025-61639, CVE-2025-61640

– Low: CVE-2025-61634
Added vulnerability detection for NextJsReactFramework:

– High: CVE-2026-27979, CVE-2026-27980

– Medium: CVE-2026-27977, CVE-2026-27978, CVE-2026-29057
Added vulnerability detection for TornadoWebServer:

– High: CVE-2026-31958

Improvements

Better detection of Backup folders and files
Better detection of Shiro deserialization RCE
Fixed Prompt Injection testing in some edge cases

v.Security - 11 Mar 2026

Copy Link Copy Link

New security checks and improved technology detection.

Security checks

Updated the vulnerability database (VDB) to version 20260310
Improved technology detection
Updated severity ratings for Chamilo versions 1.10.0, 1.10.2, 1.10.4, 1.10.6, 1.10.8, 1.11.26, 1.8.6.1, 1.8.8.3, 1.9.0, 1.9.10, 1.9.10.2, 1.9.10.4, 1.9.6, 1.9.6.1, 1.9.8, 1.9.8.1, 1.9.8.2 from High to Critical
Updated severity rating for Chamilo version 1.11.24 from Medium to Critical
Updated severity ratings for Craft CMS versions 4.15.6.2, 4.16.17, 4.16.18, 4.16.19, 4.4.14, 4.5.6.1, 5.6.16, 5.7.1.1, 5.8.21, 5.8.22, 5.8.23 from High to Critical
Updated severity ratings for DotCMS versions 22.03, 22.03.2, 22.03.4, 22.03.5, 22.03.6, 22.03.7, 22.03.8, 22.03.9, 22.03.10, 22.03.11, 22.03.12, 22.03.13, 22.03.14, 22.03.15, 23.01.1, 23.01.2, 23.01.3, 23.01.4, 23.01.5, 23.01.6, 23.01.7, 23.01.8, 23.01.9, 23.01.10, 23.01.11, 23.01.12, 23.01.13, 23.01.14, 23.01.15, 23.01.16, 23.01.17, 23.10.24.0 from Medium to Critical
Updated severity ratings for EspoCRM versions 2.6.0, 2.7.0, 2.7.1, 2.7.2, 2.8.0, 2.8.1, 2.9.0, 2.9.1, 2.9.2, 3.0.0, 3.0.1, 3.1.0, 3.1.1, 3.2.0, 3.2.1, 3.2.2, 3.3.0, 3.4.0, 3.4.1, 3.4.2, 3.5.0, 3.5.1, 3.5.2, 3.6.0, 3.6.1, 3.6.2, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.8.0, 3.9.0, 3.9.1, 3.9.2, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.5.0, 4.5.1, 4.6.0, 4.7.0, 4.7.1, 4.7.2, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 5.5.6, 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.8, 5.6.9, 5.6.10, 5.6.11, 5.6.12, 5.6.13, 5.6.14, 5.7.0, 5.7.1, 5.7.2, 5.7.3, 5.7.4, 5.7.5, 5.7.6, 5.7.7, 5.7.8, 5.7.9, 5.7.10, 5.7.11, 5.8.0, 5.8.1, 5.8.2, 5.8.3, 5.8.4, 5.8.5 from High to Critical
Updated severity ratings for osCommerce versions 1.0.6.0, 1.0.7.0, 1.0.7.1, 1.0.7.2, 1.0.7.3, 1.0.7.4, 1.0.7.5, 1.0.7.6, 1.0.7.7, 1.0.7.8, 1.0.7.9, 1.1, 1.11, 1.12, 1.13, 2.3, 2.3.1, 2.3.2, 2.3.3, 2.3.3.1, 2.3.3.2, 2.3.3.3, 2.3.3.4, 2.3.4 from Medium to High
Added vulnerability detection for Chamilo:
- Critical: CVE-2025-50187, CVE-2025-50190, CVE-2025-50192, CVE-2025-50199, CVE-2025-52998
- High: CVE-2024-47886, CVE-2025-50188, CVE-2025-50189, CVE-2025-50191, CVE-2025-50193, CVE-2025-50194, CVE-2025-50195, CVE-2025-50196, CVE-2025-50197, CVE-2025-52469, CVE-2025-52482
- Medium: CVE-2024-50337, CVE-2025-50186, CVE-2025-50198, CVE-2025-52468, CVE-2025-52470, CVE-2025-52475, CVE-2025-52476, CVE-2025-52563, CVE-2025-52564
Added vulnerability detection for Craft CMS:
- Critical: CVE-2026-28697, CVE-2026-28783
- High: CVE-2026-28695, CVE-2026-28696, CVE-2026-28784
- Medium: CVE-2026-27129, CVE-2026-28781, CVE-2026-28782, CVE-2026-29069
Added vulnerability detection for DOMPurify:
- Medium: CVE-2025-15599, CVE-2026-0540
Added vulnerability detection for Django:
- High: CVE-2026-25673
- Low: CVE-2026-25674
Added vulnerability detection for DotCMS:
- Critical: CVE-2025-11165
Added vulnerability detection for EspoCRM:
- Critical: CVE-2020-37094
Added vulnerability detection for Jetty:
- High: CVE-2026-1605
- Medium: CVE-2025-11143
Added vulnerability detection for MediaWiki:
- Medium: CVE-2025-61645
Added vulnerability detection for Moodle:
- High: CVE-2025-67847
Added vulnerability detection for Underscore.js:
- High: CVE-2026-27601
Added vulnerability detection for Werkzeug:
- Medium: CVE-2026-27199
Added vulnerability detection for XWikiplatform:
- High: CVE-2025-55749
Added vulnerability detection for osCommerce:
- High: CVE-2019-25495, CVE-2019-25496, CVE-2019-25497
Added vulnerability detection for phpMyFAQ:
- High: CVE-2026-27836

v.Security - 04 Mar 2026

Copy Link Copy Link

New security checks and improved vulnerability detection.

Security checks

Updated the vulnerability database (VDB) to version 20260303
Added security check for CWP Remote Code Execution CVE-2025-48703
Improved detection of MongoDB vulnerabilities
Updated severity ratings for CaddyWebServer versions 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.10.7, 0.10.8, 0.10.9, 0.10.10, 0.10.11, 0.10.12, 0.10.13, 0.10.14, 0.11.0, 0.11.1, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 2.0.0, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.3, 2.3.0, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4 from High to Critical
Updated severity rating for Grafana version 10.4.0 from Low to Medium
Updated severity rating for Markdownit version 14.1.0 from Medium to High
Updated severity ratings for Moodle versions 4.2.10, 4.2.11 from Medium to High
Updated severity ratings for Piwigo versions 14.0.0, 14.1.0, 14.2.0, 14.3.0, 14.4.0 from Medium to High
Added vulnerability detection for Angular:
- Medium: CVE-2026-22610, CVE-2026-27970
Added vulnerability detection for CKEditor:
- Medium: CVE-2021-21254, CVE-2024-45613, CVE-2025-61261
Added vulnerability detection for CaddyWebServer:
- Critical: CVE-2026-27586, CVE-2026-27587, CVE-2026-27588, CVE-2026-27590
- Medium: CVE-2026-27585, CVE-2026-27589
Added vulnerability detection for CakePHP:
- Medium: CVE-2026-23643
Added vulnerability detection for Chamilo:
- Medium: CVE-2026-1106
Added vulnerability detection for Craft CMS:
- Medium: CVE-2026-27126, CVE-2026-27127, CVE-2026-27128
Added vulnerability detection for Dolibarr:
- High: CVE-2019-25450, CVE-2019-25452
- Medium: CVE-2021-47779
Added vulnerability detection for Grafana:
- Medium: CVE-2025-41117, CVE-2026-21722
- Low: CVE-2026-21725
Added vulnerability detection for Markdownit:
- High: CVE-2026-2327
Added vulnerability detection for MongoDb:
- High: CVE-2026-1847, CVE-2026-1848, CVE-2026-1849, CVE-2026-1850
- Medium: CVE-2026-25609, CVE-2026-25610, CVE-2026-25613
Added vulnerability detection for Moodle:
- High: CVE-2026-26045, CVE-2026-26046
- Medium: CVE-2026-26047
Added vulnerability detection for NextJsReactFramework:
- High: CVE-2025-59472
Added vulnerability detection for Piwigo:
- High: CVE-2024-48928
- Medium: CVE-2025-62512

v.Security - 25 Feb 2026

Copy Link Copy Link

Enhanced vulnerability detection and improved .htaccess file detection for more accurate security ratings.

Security checks

Updated the vulnerability database (VDB) to version 20260224
Updated severity ratings for PostgreSQL versions 14.13, 15.8, 16.4, 17.0 from Medium to High
Added security check for WordPress plugin detection
Improved .htaccess detection
Added security check for Laravel Livewire RCE CVE-2025-54068
Added security check for SmartMail Authbypass CVE-2026-23760
Added vulnerability detection for Angular:
- Medium: CVE-2025-66412
Added vulnerability detection for Craft CMS:
- High: CVE-2026-25495, CVE-2026-25497, CVE-2026-25498
- Medium: CVE-2026-25491, CVE-2026-25492, CVE-2026-25493, CVE-2026-25494, CVE-2026-25496
Added vulnerability detection for Grafana:
- High: CVE-2026-21720
Added vulnerability detection for Hiawatha:
- Medium: CVE-2025-57783
- Low: CVE-2025-57784
Added vulnerability detection for Jenkins:
- High: CVE-2026-27099
- Medium: CVE-2026-27100
Added vulnerability detection for Lodash:
- Medium: CVE-2025-13465
Added vulnerability detection for NextJsReactFramework:
- High: CVE-2025-59471
Added vulnerability detection for PostgreSQL:
- High: CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007
- Medium: CVE-2026-2003
Added vulnerability detection for PrestaShop:
- Medium: CVE-2026-25597
Added vulnerability detection for React:
- High: CVE-2026-23864
Added vulnerability detection for Skipper:
- High: CVE-2026-23742, CVE-2026-24470
Added vulnerability detection for XWikiplatform:
- Medium: CVE-2025-66472, CVE-2026-26000
Added vulnerability detection for axios:
- High: CVE-2026-25639
Removed vulnerability detection for bootstrap.js:
- CVE-2024-6531

v.Security - 03 Feb 2026

Copy Link Copy Link

Enhanced API security testing with JWT bypass detection, authorization checks, and new CVE coverage for Java, MySQL, Oracle, osTicket, and more.

Security checks

– Updated the vulnerability database (VDB) to version 20260203

– Added comprehensive JWT authentication bypass detection

– High: JWT Signature Bypass via None Algorithm

– High: JWT Signature is not Verified

– High: JWT Signature Bypass via kid SQL injection

– High: JWT Signature Bypass via kid Path Traversal

– High: JWT Signature Bypass via unvalidated jwk parameter

– High: Unvalidated JWT jku parameter

– High: Unvalidated JWT x5u parameter

– High: JWT Signature Bypass via unvalidated jku parameter

– High: JWT Signature Bypass via unvalidated x5u parameter

– High: JWT Signature Bypass via unvalidated x5c parameter

– Added authorization vulnerability detection

– High: Horizontal Broken Function Level Authorization (BFLA)

– High: Unauthenticated Access to Sensitive Functions

– High: Horizontal IDOR/BOLA (Broken Object Level Authorization)

– High: Vertical Broken Function Level Authorization (BFLA)

– High: Vertical IDOR/BOLA (Broken Object Level Authorization)

– Added sensitive information exposure detection

– High: API Sensitive Info(PII) accessible without authentication

– Medium: Resource Accessible Without Required Authentication

– Added API inventory management checks

– Medium: API Authentication Bypass Using a Test/Staging Host Header

– Added microservice security checks

– High: Microservice Directory Traversal

– Added vulnerability detection for Java:

– Medium: CVE-2026-21925

– High: CVE-2026-21932

– Medium: CVE-2026-21933

– High: CVE-2026-21945

– Added vulnerability detection for Jetty:

– High: CVE-2025-5115

– Added vulnerability detection for Joomla:

– Medium: CVE-2025-63082

– Medium: CVE-2025-63083

– Removed vulnerability detection for LiferayPortal:

– CVE-2023-33944

– Added vulnerability detection for LimeSurvey:

– Medium: CVE-2020-36993

– High: CVE-2024-39063

– Critical: CVE-2025-41375

– Medium: CVE-2025-41376

– Added vulnerability detection for MySQL:

– Medium: CVE-2026-21964

– Added vulnerability detection for Oracle:

– High: CVE-2026-21939

– Added vulnerability detection for Oracle HTTP Server:

– Critical: CVE-2026-21962

– Added vulnerability detection for osTicket:

– High: CVE-2026-22200

– Added vulnerability detection for phpMyFAQ:

– Medium: CVE-2026-24420

– Medium: CVE-2026-24421

– High: CVE-2026-24422

– Updated severity for Oracle 23.8 from Medium to High

– Updated severity for osTicket 1.17, 1.17.1, 1.17.3, 1.17.4, 1.17.5, 1.17.6, 1.18 from Medium to High

– Added Zimbra Collaboration Suite (ZCS) Local File Inclusion check CVE-2025-68645

Acunetix Standard & Premium

Security checks

Security checks

Security checks

Security checks

Improvement

Security checks

Improvements

Security checks

Security checks

Security checks

Security checks