v10.1.7
What's Changed
🔥 Release Highlights 🔥
- [CVE-2025-32101] UNA CMS 14.0.0-RC - PHP Object Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2025-31489] MinIO - Signature Validation for Unsigned-Trailer Uploads (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
- [CVE-2025-31131] Yeswiki < 4.5.2 - Unauth Path Traversal (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
- [CVE-2025-24799] GLPI < 10.0.17 - Pre-Auth SQLi (@ritikchaddha) [critical] 🔥
- [CVE-2025-24514] Ingress-Nginx Controller - Configuration Injection
auth-urlAnnotation (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥 - [CVE-2025-3248] Langflow AI - Unauth Remote Code Execution (@nvn1729) [critical] 🔥
- [CVE-2025-2294] Kubio AI Page Builder <= 2.5.1 - Local File Inclusion (@s4e-io) [critical] 🔥
- [CVE-2025-1098] Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations (@UNC1739) [high] 🔥
- [CVE-2025-1097] Ingress-Nginx Controller - Configuration Injection via Unsanitized
auth-tls-match-cnAnnotation (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥 - [CVE-2024-56325] Apache Pinot < 1.3.0 - Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2024-55591] Fortinet Authentication Bypass (@rootxharsh, @iamnoooob, @pdresearch) [critical] 🔥
- [CVE-2024-7314] AJ-Report < 1.4.1 - Remote Code Execution (@ritikchaddha) [critical] 🔥
- [CVE-2023-22047] Oracle Peoplesoft - Unauth File Read (@tuo4n8) [high] 🔥
False Negatives
- Improved detection in
halo-tism-sqli.yaml(PR #11892).
False Positives
- Reduced false positives in
hashicorp-consul-unauth.yaml(Issues #11852, #11881) - Corrected misdetection in
headless-open-redirect.yamlwith specific redirect target (Issue #11885)
Enhancements
- Applied
waitdialoghandling to improve detection indom-xss.yaml(PR #11921). - Updated detection logic in
CVE-2025-1974.yamlfor Ingress-Nginx RCE (PR #11917). - Updated
smb-shares.yamlto refine share enumeration (PR #11880). - Improved login detection in
emqx-default-login.yaml(PR #11865). - Refined credential detection in
apache-hertzbeat-default-login.yaml(PR #11850).
Bug Fixes
- Fixed metadata resolution issue in
ldap-metadata.yaml(PR #11922).
Template Updates
New Templates Added: 64 | CVEs Added: 28 | First-time contributions: 6
- [CVE-2025-32101] UNA CMS 14.0.0-RC - PHP Object Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2025-31489] MinIO - Incomplete Signature Validation for Unsigned-Trailer Uploads (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
- [CVE-2025-31131] Yeswiki < 4.5.2 - Unauth Path Traversal (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
- [CVE-2025-31125] Vite Development Server - Path Traversal (@martian, @ritikchaddha, @v2htw) [medium] 🔥
- [CVE-2025-30567] WordPress WP01 - Path Traversal (@s4e-io) [high]
- [CVE-2025-29085] Vipshop Saturn Console <= 3.5.1 - SQLi via ClusterKey Component (@iamnoooob, @rootxharsh, @pdresearch) [critical]
- [CVE-2025-24799] GLPI < 10.0.17 - Pre-Auth SQLi (@ritikchaddha) [critical] 🔥
- [CVE-2025-24514] Ingress-Nginx Controller - Configuration Injection via Unsanitized
auth-urlAnnotation (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥 - [CVE-2025-3248] Langflow AI - Unauth Remote Code Execution (@nvn1729) [critical] 🔥
- [CVE-2025-2748] Kentico Xperience CMS - Unauth Stored XSS (@iamnoooob, @rootxharsh, @pdresearch) [medium] 🔥
- [CVE-2025-2563] User Registration & Membership <= 4.1.1 - Unauth Privilege Escalation (@iamnoooob, @rootxharsh, @pdresearch) [critical]
- [CVE-2025-2294] Kubio AI Page Builder <= 2.5.1 - Local File Inclusion (@s4e-io) [critical] 🔥
- [CVE-2025-2264] Sante PACS Server.exe - Path Traversal Information Disclosure (@dhiyaneshdk) [high]
- [CVE-2025-2075] Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation (@iamnoooob, @rootxharsh, @pdresearch) [high]
- [CVE-2025-1098] Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations (@UNC1739) [high] 🔥
- [CVE-2025-1097] Ingress-Nginx Controller - Configuration Injection via Unsanitized
auth-tls-match-cnAnnotation (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥 - [CVE-2024-56325] Apache Pinot < 1.3.0 - Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2024-55591] Fortinet Authentication Bypass (@rootxharsh, @iamnoooob, @pdresearch) [critical] 🔥
- [CVE-2024-13126] WordPress Download Manager < 3.3.07 - Unauth Data Exposure (@ritikchaddha) [medium]
- [CVE-2024-10486] Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File (@popcorn94) [medium]
- [CVE-2024-7314] AJ-Report < 1.4.1 - Remote Code Execution (@ritikchaddha) [critical] 🔥
- [CVE-2024-7313] Shield Security Plugin < 20.0.6 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2024-3300] Delmia Apriso - Pre-Authentication Unsafe .NET Object Deserialization (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2023-22047] Oracle Peoplesoft - Unauth File Read (@tuo4n8) [high] 🔥
- [CVE-2023-7246] System Dashboard < 2.8.10 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2023-6421] WordPress Download Manager - File Password Exposure (@ritikchaddha) [medium]
- [CVE-2023-4490] WordPress Job Portal < 2.0.6 - SQLi (@paresh_parmar1, @configtea) [high]
- [CVE-2022-2168] WordPress Download Manager < 3.2.44 - Authenticated Cross-Site Scripting (@ritikchaddha) [medium]
- [android-user-certificates-trust] Android Trusts User Certificates (@Th3l0newolf) [medium]
- [file-disable-directory-listing] Disable Apache2 Directory Listing (@pussycat0x) [medium]
- [file-disable-http-trace-method] Disable Apache2 HTTP TRACE Method (@pussycat0x) [high]
- [file-disable-server-header] Disable Apache2 Server Header (@pussycat0x) [medium]
- [file-disable-server-signature] Disable Apache Server Signature (@pussycat0x) [medium]
- [file-enforce-server-tokens-prod] Enforce Apache2 ServerTokens Prod (@pussycat0x) [medium]
- [iis-directory-browsing] IIS Directory Browsing Detection (@pussycat0x) [high]
- [iis-logging-disabled] IIS Logging Disabled (@pussycat0x) [medium]
- [file-mongodb-audit-log-disabled] MongoDB Audit Logging Disabled (@pussycat0x) [high]
- [file-mongodb-auth-disabled] MongoDB Authentication Disabled (@pussycat0x) [high]
- [file-mongodb-http-interface-enabled] MongoDB HTTP Interface Enabled (@pussycat0x) [high]
- [file-mongodb-ssl-disabled] MongoDB SSL Disabled (@pussycat0x) [high]
- [file-disable-nginx-server-tokens] Disbale Nginx Server Tokens (@pussycat0x) [medium]
- [file-missing-nginx-bof-protection] Missing Nginx Buffer Overflow Protection (@pussycat0x) [medium]
- [file-missing-nginx-xss-protection] Missing Nginx XSS Protection (@pussycat0x) [high]
- [file-missing-nginx-hsts] Missing Nginx HSTS (@pussycat0x) [high]
- [file-missing-nginx-rate-limiting] Missing Nginx Rate Limiting Configuration (@pussycat0x) [medium]
- [adfinity-panel] Adfinity Login Panel - Detect (@righettod) [info]
- [dependency-track-panel] Dependency-Track Login - Panel (@Th3l0newolf) [info]
- [fortiswitch-panel] Fortiswitch Panel - Detect (@rxerium) [info]
- [gladinet-centrestack-panel] CentreStack Login Panel - Detect (@rxerium) [info]
- [tibco-mft-panel] TIBCO Managed File Transfer - Panel (@Th3l0newolf) [info]
- [3cx-config] 3CX Config - File Disclosure (@dhiyaneshdk) [low]
- [cpanel-config] cPanel Configuration - File Disclosure (@dhiyaneshdk) [medium]
- [fastcgi-config] FastCGI Configuration - File Disclosure (@dhiyaneshdk) [medium]
- [geovision-lfi] GeoVision GV-SNVR0811 - Directory Traversal (@dhiyaneshdk) [high]
- [dlink-n300-backup] DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure (@dhiyaneshdk) [high]
- [prometheus-unauth] Prometheus Monitoring System - Unauth (@pussycat0x) [high]
- [couchdb-detect] CouchDB - Detect (@pussycat0x) [info]
- [halo-tism-sqli] Halo ITSM - Pre-Authentication SQLi (@rootxharsh, @iamnoooob, @pdresearch) [critical]
- [httpbin-contenttype-xss] HTTPBin - Cross-Site Scripting (@AyushXtha) [medium]
- [oracle-detect] Oracle - Detection (@pussycat0x) [info]
- [rdp-detect] RDP - Detection (@pussycat0x) [info]
- [ntlm-info] NTLM Information - Detection (@pussycat0x) [info]
- [smb-v1-supported] SMB v1 Supported - Detection (@pussycat0x) [info]
- [ldap-anonymous-login-detect] LDAP Anonymous Login - Detect (@pussycat0x, @S0obi) [medium]
New Contributors
- @Th3l0newolf made their first contribution in #11786
- @AyushXtha made their first contribution in #11782
- @tuo4n8 made their first contribution in #11870
- @PareshParmar made their first contribution in #11874
- @micktaiwan made their first contribution in #11784
- @passkal4 made their first contribution in #11857
Full Changelog: v10.1.6...v10.1.7
Contributors
micktaiwan, nvn1729, and 20 other contributors