1 Release published by 1 person

• v9.9.1

  published Jul 10, 2024

38 Pull requests merged by 11 people

• Create CVE-2023-44012.yaml

  #10220 merged Jul 11, 2024

• Create snoop-servlet-exposure.yaml

  #10178 merged Jul 11, 2024

• Add 'error.ghost.org' to ghost.io takeover

  #10260 merged Jul 11, 2024

• Create CVE-2022-45269.yaml

  #10257 merged Jul 11, 2024

• Fix FP CVE-2023-35161.yaml

  #10252 merged Jul 11, 2024

• Rename CNVD-2021-64035.yaml to CNVD-2021-64035.yaml

  #10251 merged Jul 11, 2024

• Update waf-detect.yaml

  #10247 merged Jul 10, 2024

• add CVE-2023-4220

  #10236 merged Jul 10, 2024

• Next.js Cache Poisoning using RSC

  #10245 merged Jul 10, 2024

• Next.js Cache Poisoning using X-Middleware-Prefetch

  #10244 merged Jul 10, 2024

• add enjoyrmis sqli

  #10239 merged Jul 10, 2024

• JS pre-condition - update

  #10248 merged Jul 10, 2024

• Update http takeover templates to show misconfigured cname

  #10224 merged Jul 10, 2024

• add CVE-2024-6188

  #10227 merged Jul 10, 2024

• add edusoho-lfi

  #10235 merged Jul 10, 2024

• Update jwk-json-leak.yaml

  #10240 merged Jul 10, 2024

• Create jwk-json-leak.yaml

  #10237 merged Jul 10, 2024

• add CVE-2024-5084

  #10210 merged Jul 10, 2024

• add h3c campus arbitrary file upload

  #10228 merged Jul 10, 2024

• add hj-hcm-lfi

  #10229 merged Jul 10, 2024

• add hj-hcm-sqli

  #10230 merged Jul 10, 2024

• add hj time based sqli

  #10231 merged Jul 10, 2024

• add pingsheng sqli

  #10232 merged Jul 10, 2024

• Create apache-cloudstack-detect.yaml

  #10234 merged Jul 10, 2024

• add CVE-2024-4836

  #10180 merged Jul 9, 2024

• Create CNVD-2021-64035.yaml

  #10219 merged Jul 9, 2024

• Create CVE-2024-37032.yaml

  #10218 merged Jul 9, 2024

• add CVE-2024-25852

  #10206 merged Jul 9, 2024

• Create laragon-phpinfo.yaml

  #10194 merged Jul 9, 2024

• Fixed Tomcat detection

  #10212 merged Jul 9, 2024

• Create CVE-2023-47117.yaml

  #10221 merged Jul 8, 2024

• Create label-studio-signup.yaml

  #10222 merged Jul 8, 2024

• Create label-studio-panel.yaml

  #10223 merged Jul 8, 2024

• Create CVE-2023-35159.yaml

  #10200 merged Jul 8, 2024

• Create CVE-2023-35161.yaml

  #10202 merged Jul 8, 2024

• Update springboot-configprops.yaml

  #10213 merged Jul 8, 2024

• Create CVE-2024-36991.yaml (Splunk Enterprise - Local File Inclusion)

  #10215 merged Jul 8, 2024

• Create CVE-2024-33610.yaml

  #10217 merged Jul 8, 2024

14 Pull requests opened by 8 people

• Add nuclei template for CVE-2024-6043

  #10216 opened Jul 6, 2024

• Active Directory Certificate Services blind detection

  #10246 opened Jul 10, 2024

• Use `cname` dsl instead of resolve helper

  #10249 opened Jul 10, 2024

• Create servicenow-title-injection.yaml

  #10253 opened Jul 11, 2024

• Create servicenow-ssti.yaml

  #10254 opened Jul 11, 2024

• Create servicenow-filesystem-bypass.yaml

  #10255 opened Jul 11, 2024

• Using different URL as we don't know who evil.com is controlled by

  #10256 opened Jul 11, 2024

• add CVE-2023-2309

  #10262 opened Jul 11, 2024

• Added template for db-username-password-disclosure

  #10263 opened Jul 11, 2024

• add CVE-2024-1512

  #10264 opened Jul 11, 2024

• Better filtering of old IE-only http scripts

  #10265 opened Jul 11, 2024

• Add more matchers/extractors to the "Gradle Enterprise Build Cache Node" login panel detection template.

  #10266 opened Jul 11, 2024

• add CVE-2024-2330

  #10267 opened Jul 11, 2024

• Add detection of Gradle Develocity Build Cache Node login panel instances.

  #10268 opened Jul 11, 2024

6 Issues closed by 3 people

• Many False Positives due to CVE-2023-35161 template

  #10261 closed Jul 11, 2024

• CVE-2022-45269

  #10242 closed Jul 11, 2024

• JSON Web Key (JWK) File Finder.

  #10207 closed Jul 10, 2024

• CNVD-2021-64035 Leadsec VPN Arbitrary File Read

  #10211 closed Jul 9, 2024

• Ollama Remote Code Execution Vulnerability

  #10132 closed Jul 9, 2024

• CVE-2023-45542.yaml

  #10127 closed Jul 8, 2024

3 Issues opened by 3 people

• CVE-2024-3742

  #10259 opened Jul 11, 2024

• regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)

  #10241 opened Jul 10, 2024

• SSRPM - ARBITRARY PASSWORD RESET ON DEFAULT CLIENT WEB INTERFACE INSTALLATION

  #10214 opened Jul 5, 2024

6 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• BlueKeep - Remote Code Execution (RDP Vulnerability) - CVE-2019-0708

  #9740 commented on Jul 10, 2024 • 0 new comments

• Added CVE-2022-41040

  #8595 commented on Jul 9, 2024 • 0 new comments

• Added CVE-2024-1207 template

  #9404 commented on Jul 9, 2024 • 0 new comments

• Added apache-streampipes-detect.yaml and CVE-2024-29868.yaml + moved …

  #10131 commented on Jul 10, 2024 • 0 new comments

• Create CVE-2024-38526.yaml

  #10153 commented on Jul 9, 2024 • 0 new comments

• Create duplicati-exposure.yaml

  #10193 commented on Jul 8, 2024 • 0 new comments