Acunetix Premium Release Notes

v.Security - 03 Feb 2026

Copy Link Copy Link

Enhanced API security testing with JWT bypass detection, authorization checks, and new CVE coverage for Java, MySQL, Oracle, osTicket, and more.

Security checks

– Updated the vulnerability database (VDB) to version 20260203

– Added comprehensive JWT authentication bypass detection

– High: JWT Signature Bypass via None Algorithm

– High: JWT Signature is not Verified

– High: JWT Signature Bypass via kid SQL injection

– High: JWT Signature Bypass via kid Path Traversal

– High: JWT Signature Bypass via unvalidated jwk parameter

– High: Unvalidated JWT jku parameter

– High: Unvalidated JWT x5u parameter

– High: JWT Signature Bypass via unvalidated jku parameter

– High: JWT Signature Bypass via unvalidated x5u parameter

– High: JWT Signature Bypass via unvalidated x5c parameter

– Added authorization vulnerability detection

– High: Horizontal Broken Function Level Authorization (BFLA)

– High: Unauthenticated Access to Sensitive Functions

– High: Horizontal IDOR/BOLA (Broken Object Level Authorization)

– High: Vertical Broken Function Level Authorization (BFLA)

– High: Vertical IDOR/BOLA (Broken Object Level Authorization)

– Added sensitive information exposure detection

– High: API Sensitive Info(PII) accessible without authentication

– Medium: Resource Accessible Without Required Authentication

– Added API inventory management checks

– Medium: API Authentication Bypass Using a Test/Staging Host Header

– Added microservice security checks

– High: Microservice Directory Traversal

– Added vulnerability detection for Java:

– Medium: CVE-2026-21925

– High: CVE-2026-21932

– Medium: CVE-2026-21933

– High: CVE-2026-21945

– Added vulnerability detection for Jetty:

– High: CVE-2025-5115

– Added vulnerability detection for Joomla:

– Medium: CVE-2025-63082

– Medium: CVE-2025-63083

– Removed vulnerability detection for LiferayPortal:

– CVE-2023-33944

– Added vulnerability detection for LimeSurvey:

– Medium: CVE-2020-36993

– High: CVE-2024-39063

– Critical: CVE-2025-41375

– Medium: CVE-2025-41376

– Added vulnerability detection for MySQL:

– Medium: CVE-2026-21964

– Added vulnerability detection for Oracle:

– High: CVE-2026-21939

– Added vulnerability detection for Oracle HTTP Server:

– Critical: CVE-2026-21962

– Added vulnerability detection for osTicket:

– High: CVE-2026-22200

– Added vulnerability detection for phpMyFAQ:

– Medium: CVE-2026-24420

– Medium: CVE-2026-24421

– High: CVE-2026-24422

– Updated severity for Oracle 23.8 from Medium to High

– Updated severity for osTicket 1.17, 1.17.1, 1.17.3, 1.17.4, 1.17.5, 1.17.6, 1.18 from Medium to High

– Added Zimbra Collaboration Suite (ZCS) Local File Inclusion check CVE-2025-68645

v.Security - 29 Jan 2026

Copy Link Copy Link

Updates to the vulnerability database, improved XSS detection, and detection of new vulnerabilities for e107.

Security checks

Updated the vulnerability database (VDB) to version 20260127
Improved XSS detection
Added vulnerability detection for e107:
- High: CVE-2022-50939
- Medium: CVE-2022-50905

Resolved issue

Fixed notifications

v.Security - 20 Jan 2026

Copy Link Copy Link

Security checks Updated the vulnerability database (VDB) to version 20260120 Updated severity rating for Craft CMS version 3.9.15 from Medium to Critical Updated severity ratings for Craft CMS versions 4.4.16, 4.4.16.1, 4.4.17, 4.5.0, 4.14.9, 4.14.10, 4.14.11, 4.14.11.1, 4.14.12, 4.14.13, 4.14.14, 4.14.15, 4.15.0, 4.15.0.1, 4.15.0.2, 4.15.1,...

Security checks

Updated the vulnerability database (VDB) to version 20260120
Updated severity rating for Craft CMS version 3.9.15 from Medium to Critical
Updated severity ratings for Craft CMS versions 4.4.16, 4.4.16.1, 4.4.17, 4.5.0, 4.14.9, 4.14.10, 4.14.11, 4.14.11.1, 4.14.12, 4.14.13, 4.14.14, 4.14.15, 4.15.0, 4.15.0.1, 4.15.0.2, 4.15.1, 4.15.2, 4.15.3, 4.15.4, 4.15.5, 4.15.6, 4.15.6.1, 5.6.10, 5.6.10.1, 5.6.10.2, 5.6.11, 5.6.12, 5.6.13, 5.6.14, 5.6.15, 5.6.17, 5.7.0, 5.7.1, 5.7.2, 5.7.3, 5.7.4, 5.7.5, 5.7.6, 5.7.7, 5.7.8, 5.7.8.1, 5.7.8.2 from High to Critical
Updated severity rating for Grafana version 12.0.0 from High to Critical
Updated severity ratings for e107 versions 2.1.4, 2.3.2 from Medium to High
Added vulnerability detection for Craft CMS:
- Critical: CVE-2025-68456
- High: CVE-2025-68454, CVE-2025-68455
- Medium: CVE-2025-68436, CVE-2025-68437
Added vulnerability detection for Grafana:
- Critical: CVE-2025-41115
Added vulnerability detection for Python:
- Medium: CVE-2025-13837
Added vulnerability detection for SharePoint:
- High: CVE-2026-20943, CVE-2026-20947, CVE-2026-20948, CVE-2026-20951, CVE-2026-20963
- Medium: CVE-2026-20958, CVE-2026-20959
Added vulnerability detection for e107:
- High: CVE-2022-50907, CVE-2022-50916, CVE-2025-11941
- Medium: CVE-2022-50906, CVE-2025-61505
Added vulnerability detection for typo3CMS:
- High: CVE-2025-59022, CVE-2026-0859
- Medium: CVE-2025-59020, CVE-2025-59021

v.Security - 13 Jan 2026

Copy Link Copy Link

Security update adds CVE-2025-66516 coverage and improved XXE detection accuracy. VDB updated to 20260113 with new vulnerability checks for OpenCart, PHP, WordPress, and phpMyFAQ including multiple high-severity CVEs.

Security checks

Added coverage for the security vulnerability CVE-2025-66516
Improved the accuracy of Invicti security checks by reducing false positives for XXE vulnerabilities on specific REST endpoints
Updated the vulnerability database (VDB) to version 20260113
Added vulnerability detection for OpenCart:
- Medium: CVE-2025-15116
Added vulnerability detection for PHP:
- High: CVE-2025-14177, CVE-2025-14178, CVE-2025-14180
Added vulnerability detection for WordPress:
- High: CVE-2024-31210
Added vulnerability detection for phpMyFAQ:
- High: CVE-2025-62519, CVE-2025-69200
- Medium: CVE-2025-68951

v.Security - 07 Jan 2026

Copy Link Copy Link

VDB 20260106: added 15 versions across 18 technologies and 7 CVEs.

Security checks

Updated the Vulnerability Database (VDB) to version 20260106
Added 15 new versions for 18 technologies and 7 new CVEs
Updated severity ratings for MongoDB versions 4.2.18, 4.3.0-4.3.3, 4.4.29, 5.0.30-5.0.31, 6.0.23-6.0.26, 8.0.13-8.0.15, 8.2.0-8.2.1 from Medium to High
Updated severity rating for Podcast Generator version 3.2.9 from Medium to Critical
Updated severity ratings for Python versions 3.10.10-3.10.19, 3.11-3.11.14, 3.12-3.12.5 from High to Critical
Updated severity rating for Python version 3.12.6 from Medium to Critical
Added vulnerability detection for CrushFTP:
- Medium: CVE-2025-63419
Added vulnerability detection for MongoDB:
- High: CVE-2025-14847
Added vulnerability detection for Podcast Generator:
- Critical: CVE-2023-53899
Added vulnerability detection for Python:
- Critical: CVE-2025-13836
Added vulnerability detection for Roundcube:
- High: CVE-2025-68460
- Medium: CVE-2025-68461
Added vulnerability detection for phpMyFAQ:
- High: CVE-2023-53929

v.Security - 30 Dec 2025

Copy Link Copy Link

VDB 20251230: added 84 versions across 50 technologies and 133 CVEs. Updated vulnerabilities and OWASP Top 10 scan profile to align with OWASP Top 10 2025.

Security checks

Updated the Vulnerability Database (VDB) to version 20251230
Added 84 new versions for 50 technologies and 133 new CVEs
Improved severity ratings for Dotclear version 2.29 from Medium to High
Improved severity ratings for Jenkins versions 2.426.3, 2.452.4, 2.462.1-2.462.3, 2.471-2.492, 2.492.1-2.492.3, 2.493-2.501, 2.504 from Medium to High
Improved severity ratings for Liferay DXP versions 2024.q1.14-2024.q1.18 from High to Critical
Improved severity ratings for Liferay DXP versions 2024.q3.0, 2024.q4.7, 2025.q1.0-2025.q1.14, 2025.q2.0 from Medium to Critical
Improved severity ratings for Liferay Portal version 7.4.3.132 from Medium to Critical
Improved severity ratings for Next.js React Framework versions 15.2.6-15.2.7, 15.3.6-15.3.7, 15.4.8-15.4.9 from Critical to High
Improved severity ratings for Next.js React Framework version 15.6.0 from High to Critical
Improved severity ratings for React versions 19.0.1-19.0.2, 19.1.2-19.1.3 from Critical to High
Improved severity ratings for Roundcube versions 1.5.6, 1.6.5-1.6.6 from Medium to High
Improved severity ratings for Ruby version 1.9.0 from Critical to High

Added vulnerability detection for Coppermine:
- CVE-2023-53868 (High)
Added vulnerability detection for Dotclear:
- CVE-2023-53952 (High)
- CVE-2024-58281 (High)
Added vulnerability detection for Jenkins:
- CVE-2025-67635 (High)
- CVE-2025-67636 (Medium)
- CVE-2025-67637 (Medium)
- CVE-2025-67638 (Medium)
- CVE-2025-67639 (Low)
Added vulnerability detection for Liferay DXP:
- CVE-2025-43773 (Critical)
- CVE-2025-43790 (High)
- CVE-2025-43793 (High)
- CVE-2025-43796 (High)
- CVE-2025-43816 (High)
- CVE-2025-4581 (High)
- CVE-2025-43771, CVE-2025-43775, CVE-2025-43776, CVE-2025-43779, CVE-2025-43781, CVE-2025-43782, CVE-2025-43783, CVE-2025-43784, CVE-2025-43785, CVE-2025-43786, CVE-2025-43787, CVE-2025-43788, CVE-2025-43789, CVE-2025-43791, CVE-2025-43792, CVE-2025-43794, CVE-2025-43795, CVE-2025-43797, CVE-2025-43798, CVE-2025-43799, CVE-2025-43800, CVE-2025-43803, CVE-2025-43805, CVE-2025-43807, CVE-2025-43808, CVE-2025-43809, CVE-2025-43819, CVE-2025-43821, CVE-2025-43822, CVE-2025-43823, CVE-2025-43824, CVE-2025-43825, CVE-2025-43826, CVE-2025-43827, CVE-2025-43829, CVE-2025-4388, CVE-2025-4576, CVE-2025-4599, CVE-2025-4604, CVE-2025-4655, CVE-2025-62243, CVE-2025-62244 (Medium)
Added vulnerability detection for Liferay Portal:
- CVE-2025-43773 (Critical)
- CVE-2025-43790 (High)
- CVE-2025-43793 (High)
- CVE-2025-43796 (High)
- CVE-2025-43816 (High)
- CVE-2025-4581 (High)
- CVE-2025-43771, CVE-2025-43775, CVE-2025-43776, CVE-2025-43779, CVE-2025-43781, CVE-2025-43782, CVE-2025-43783, CVE-2025-43784, CVE-2025-43785, CVE-2025-43786, CVE-2025-43787, CVE-2025-43788, CVE-2025-43789, CVE-2025-43791, CVE-2025-43792, CVE-2025-43794, CVE-2025-43795, CVE-2025-43797, CVE-2025-43799, CVE-2025-43800, CVE-2025-43803, CVE-2025-43805, CVE-2025-43807, CVE-2025-43808, CVE-2025-43809, CVE-2025-43819, CVE-2025-43821, CVE-2025-43822, CVE-2025-43823, CVE-2025-43824, CVE-2025-43825, CVE-2025-43826, CVE-2025-43827, CVE-2025-43829, CVE-2025-4388, CVE-2025-4576, CVE-2025-4599, CVE-2025-4604, CVE-2025-4655, CVE-2025-62243, CVE-2025-62244 (Medium)
Added vulnerability detection for Markdown-it:
- CVE-2025-7969 (Medium)
Added vulnerability detection for Masa CMS:
- CVE-2025-66492 (Medium)
Added vulnerability detection for MyBB:
- CVE-2023-53979 (High)
- CVE-2023-53976, CVE-2023-53977, CVE-2023-53978 (Medium)
Added vulnerability detection for Podcast Generator:
- CVE-2023-53918, CVE-2023-53919, CVE-2023-53920 (Medium)
Added vulnerability detection for ProjectSend:
- CVE-2023-53980 (Critical)
- CVE-2023-53905 (High)
- CVE-2023-53930 (High)
- CVE-2023-53906 (Medium)
Added vulnerability detection for Python:
- CVE-2025-12084 (Medium)
Added vulnerability detection for ReviveAdserver:
- CVE-2023-53931 (Medium)
Added vulnerability detection for Roundcube:
- CVE-2025-49113 (High)
- CVE-2024-57004 (Medium)
Added vulnerability detection for Rukovoditel:
- CVE-2023-53913 (High)
- CVE-2023-53897, CVE-2023-53898 (Medium)
Added vulnerability detection for Serendipity:
- CVE-2023-53933 (High)
- CVE-2024-58282 (High)
- CVE-2023-53932 (Medium)
Added vulnerability detection for Tornado Web Server:
- CVE-2025-47287 (High)
- CVE-2025-67725 (High)
- CVE-2025-67726 (High)
- CVE-2025-67724 (Medium)
Added vulnerability detection for XWiki platform:
- CVE-2025-66473 (High)
Added vulnerability detection for ZenPhoto:
- CVE-2023-53915, CVE-2023-53916 (Medium)

Improvements

Updated vulnerability classifications to align with OWASP Top 10 2025 categories
Updated OWASP Top 10 scan profile to align with OWASP Top 10 2025 categories

v25.12.3 - Security - 15 Dec 2025

Copy Link Copy Link

VDB 20251215: Added 179 versions across 37 technologies and 118 CVEs. Critical updates for Liferay and SharePoint. Enhanced DOM XSS and Open Redirect detection.

Security checks

Updated the Vulnerability Database (VDB) to version 20251215
Added 179 new versions for 37 technologies and 118 new CVEs
Improved severity ratings for Apache 2.4.64 from Medium to High
Improved severity ratings for Liferay DXP versions 2023.q3.0, 2023.q4.6-10, 2024.q1.1-5, 7.0-7.2 from Medium/High to High/Critical
Improved severity ratings for Liferay Portal versions 6.2, 7.0.0, 7.0.6, 7.2.0-7.2.1, 7.3.0-7.3.2, 7.4.3.10-7.4.3.119 from Medium/High to Critical
Improved severity ratings for MongoDB versions 7.0.20-7.0.25, 8.0.9-8.0.12, 8.1.0 from Medium to High
Improved severity ratings for Next.js React Framework versions 14.2.25-14.2.29 from Medium to High
Added vulnerability detection for Angular:
- CVE-2025-61261 (Medium)
Added vulnerability detection for Apache:
- CVE-2025-55753 (High)
- CVE-2025-58098 (High)
- CVE-2025-59775 (High)
- CVE-2025-65082 (Medium)
- CVE-2025-66200 (Medium)
Added vulnerability detection for Django:
- CVE-2025-13372 (Medium)
- CVE-2025-64460 (High)
Added vulnerability detection for Liferay DXP:
- CVE-2025-3586 (High)
- CVE-2025-3594 (Critical)
- CVE-2025-43766 (Critical)
- CVE-2025-43768 (High)
- CVE-2025-43801 (High)
- CVE-2025-43813 (High)
- CVE-2025-43746, CVE-2025-43747, CVE-2025-43754, CVE-2025-43755, CVE-2025-43756, CVE-2025-43757, CVE-2025-43761, CVE-2025-43762, CVE-2025-43763, CVE-2025-43764, CVE-2025-43765, CVE-2025-43767, CVE-2025-43769, CVE-2025-43770, CVE-2025-43777, CVE-2025-43778, CVE-2025-43802, CVE-2025-43806, CVE-2025-43810, CVE-2025-43811, CVE-2025-43812, CVE-2025-43814, CVE-2025-43815, CVE-2025-43817, CVE-2025-43818, CVE-2025-43820, CVE-2025-43830, CVE-2025-62237, CVE-2025-62238, CVE-2025-62239, CVE-2025-62240, CVE-2025-62245, CVE-2025-62246, CVE-2025-62247, CVE-2025-62248, CVE-2025-62249, CVE-2025-62250, CVE-2025-62251, CVE-2025-62252, CVE-2025-62253, CVE-2025-62255, CVE-2025-62259 (Medium)
Added vulnerability detection for Liferay Portal:
- CVE-2025-3586 (High)
- CVE-2025-3594 (Critical)
- CVE-2025-43766 (Critical)
- CVE-2025-43768 (High)
- CVE-2025-43801 (High)
- CVE-2025-43813 (High)
- CVE-2025-43746, CVE-2025-43754, CVE-2025-43755, CVE-2025-43756, CVE-2025-43757, CVE-2025-43761, CVE-2025-43762, CVE-2025-43763, CVE-2025-43764, CVE-2025-43765, CVE-2025-43767, CVE-2025-43769, CVE-2025-43770, CVE-2025-43777, CVE-2025-43778, CVE-2025-43802, CVE-2025-43806, CVE-2025-43810, CVE-2025-43811, CVE-2025-43812, CVE-2025-43814, CVE-2025-43815, CVE-2025-43817, CVE-2025-43818, CVE-2025-43820, CVE-2025-43830, CVE-2025-62237, CVE-2025-62238, CVE-2025-62239, CVE-2025-62240, CVE-2025-62245, CVE-2025-62246, CVE-2025-62247, CVE-2025-62248, CVE-2025-62249, CVE-2025-62250, CVE-2025-62251, CVE-2025-62252, CVE-2025-62253, CVE-2025-62255, CVE-2025-62259 (Medium)
- Added vulnerability detection for MongoDB:
  - CVE-2025-13644 (High)
  - CVE-2025-12657 (Medium)
  - CVE-2025-13643 (Medium)
  - CVE-2025-14345 (Medium)
- Added vulnerability detection for Next.js React Framework:
  - CVE-2025-55184 (High)
  - CVE-2025-67779 (High)
  - CVE-2025-55183 (Medium)
- Added vulnerability detection for React:
  - CVE-2025-55184 (High)
  - CVE-2025-67779 (High)
  - CVE-2025-55183 (Medium)
- Added vulnerability detection for SharePoint:
  - CVE-2025-64672 (Critical)
  - CVE-2025-62555 (High)
  - CVE-2025-62558 (High)
  - CVE-2025-62559 (High)
  - CVE-2025-62562 (High)

Improvements

Improved detection of DOM XSS vulnerabilities
Updated the alert text of the most detected vulnerabilities

Resolved issues

Improved detection of “Sensitive pages could be cached” vulnerabilities
Improved detection of “Open Redirect” vulnerabilities

v25.12.2 - Security - 09 Dec 2025

Copy Link Copy Link

Version 25.12.2 enhances security with an updated Vulnerability Database (VDB) version 20251209, ensuring the latest checks and improved detection coverage.

Security check

Updated the Vulnerability Database (VDB) to version 20251209

v25.12.1 - Security - 08 Dec 2025

Copy Link Copy Link

Added security checks for critical RCE vulnerabilities CVE-2025-55182 and CVE-2025-66478 in React Server Components/Next.js.

Security checks

Implement security checks for Next.js/React Server Components RCE:
- CVE-2025-66478
- CVE-2025-55182

Acunetix Standard & Premium

Security checks

Security checks

Resolved issue

Security checks

Security checks

Security checks

Security checks

Improvements

Security checks

Improvements

Resolved issues

Security check

Security checks