Attack Surface Management Discovery Engine release v2025.05.19
This Attack Surface Management Discovery Engine release includes:
Vulnerability Checks
- Added Advantive Veracore - SQL Injection (CVE-2025-25181)
- Added Apache Tomcat - Remote Code Execution (CVE-2025-24813)
- Added Next.js - Authentication Bypass (CVE-2025-29927)
- Added Kubernetes Ingress NGINX Controller - Remote Code Execution (CVE-2025-1974) (IngressNightmare)
- Added Vite - Arbitrary File Read (CVE-2025-30208)
- Added CrushFTP - Authentication Bypass (CVE-2025-2825)
- Added Fortinet FortiOS - Authentication Bypass (CVE-2024-55591)
- Added Oracle Peoplesoft - Arbitrary File Read (CVE-2023-22047)
- Added Apache CloudStack - Default Credentials
- Added Apache APISIX - Default Credentials
- Added Citrix Netscaler - Authentication Bypass (CVE-2024-6235)
- Added Apache DolphinScheduler - Default Credentials
- Added SAP NetWeaver - Remote Code Execution (CVE-2025-31324)
- Added SAP NetWeaver - Indicator of Compromise (CVE-2025-31324)
- Added Atlassian Jira - Authentication Bypass (CVE-2022-0540)
- Added Roxy-WI - Remote Code Execution (CVE-2022-31126)
- Added Roxy-WI - Remote Code Execution (CVE-2022-31137)
- Added Gradio - Arbitrary File Read (CVE-2023-51449)
Technology Fingerprints
- Added Advantive Veracode technology fingerprint
- Added Vite.js technology fingerprint
- Added Oracle PeopleSoft technology fingerprint
- Added Roxy-Wi technology fingerprint
- Added Gradio Instances technology fingerprint
- Enhanced Pan-OS fingerprints