| Version | Change log |
| Acunetix Web Vulnerability Scanner 25.12.12 Mar 12, 2026 |
Security checks Updated the vulnerability database (VDB) to version 20260310 Improved technology detection Updated severity ratings for Chamilo versions 1.10.0, 1.10.2, 1.10.4, 1.10.6, 1.10.8, 1.11.26, 1.8.6.1, 1.8.8.3, 1.9.0, 1.9.10, 1.9.10.2, 1.9.10.4, 1.9.6, 1.9.6.1, 1.9.8, 1.9.8.1, 1.9.8.2 from High to Critical Updated severity rating for Chamilo version 1.11.24 from Medium to Critical Updated severity ratings for Craft CMS versions 4.15.6.2, 4.16.17, 4.16.18, 4.16.19, 4.4.14, 4.5.6.1, 5.6.16, 5.7.1.1, 5.8.21, 5.8.22, 5.8.23 from High to Critical Updated severity ratings for DotCMS versions 22.03, 22.03.2, 22.03.4, 22.03.5, 22.03.6, 22.03.7, 22.03.8, 22.03.9, 22.03.10, 22.03.11, 22.03.12, 22.03.13, 22.03.14, 22.03.15, 23.01.1, 23.01.2, 23.01.3, 23.01.4, 23.01.5, 23.01.6, 23.01.7, 23.01.8, 23.01.9, 23.01.10, 23.01.11, 23.01.12, 23.01.13, 23.01.14, 23.01.15, 23.01.16, 23.01.17, 23.10.24.0 from Medium to Critical Updated severity ratings for EspoCRM versions 2.6.0, 2.7.0, 2.7.1, 2.7.2, 2.8.0, 2.8.1, 2.9.0, 2.9.1, 2.9.2, 3.0.0, 3.0.1, 3.1.0, 3.1.1, 3.2.0, 3.2.1, 3.2.2, 3.3.0, 3.4.0, 3.4.1, 3.4.2, 3.5.0, 3.5.1, 3.5.2, 3.6.0, 3.6.1, 3.6.2, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.8.0, 3.9.0, 3.9.1, 3.9.2, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.5.0, 4.5.1, 4.6.0, 4.7.0, 4.7.1, 4.7.2, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 5.5.6, 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.8, 5.6.9, 5.6.10, 5.6.11, 5.6.12, 5.6.13, 5.6.14, 5.7.0, 5.7.1, 5.7.2, 5.7.3, 5.7.4, 5.7.5, 5.7.6, 5.7.7, 5.7.8, 5.7.9, 5.7.10, 5.7.11, 5.8.0, 5.8.1, 5.8.2, 5.8.3, 5.8.4, 5.8.5 from High to Critical Updated severity r |
| Acunetix Web Vulnerability Scanner 25.12.11 Mar 4, 2026 |
Security checks: Updated the vulnerability database (VDB) to version 20260303 Added security check for CWP Remote Code Execution CVE-2025-48703 Improved detection of MongoDB vulnerabilities Updated severity ratings for CaddyWebServer versions 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.10.7, 0.10.8, 0.10.9, 0.10.10, 0.10.11, 0.10.12, 0.10.13, 0.10.14, 0.11.0, 0.11.1, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 2.0.0, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.3, 2.3.0, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4 from High to Critical Updated severity rating for Grafana version 10.4.0 from Low to Medium Updated severity rating for Markdownit version 14.1.0 from Medium to High Updated severity ratings for Moodle versions 4.2.10, 4.2.11 from Medium to High Updated severity ratings for Piwigo versions 14.0.0, 14.1.0, 14.2.0, 14.3.0, 14.4.0 from Medium to High Added vulnerability detection for Angular: Medium: CVE-2026-22610, CVE-2026-27970 Added vulnerability detection for CKEditor: Medium: CVE-2021-21254, CVE-2024-45613, CVE-2025-61261 Added vulnerability detection for CaddyWebServer: Critical: CVE-2026-27586, CVE-2026-27587, CVE-2026-27588, CVE-2026-27590 Medium: CVE-2026-27585, CVE-2026-27589 Added vulnerability detection for CakePHP: Medium: CVE-2026-23643 Added vulnerability detection for Chamilo: Medium: CVE-2026-1106 Added vulnerability detection for Craft CMS: Medium: CVE-2026-27126, CVE-2026-27127, CVE-2026-27128 Added vulnerability detection for Dolibarr: High: CVE-2019-25450, CVE-2019-25452 Medium: CVE-2021-47779 Added vulnerability detection for Grafana: Medium: CVE-2025-41117, CVE-2026-21722 Low: CVE-2026-21725 Added vulnerability detection for Markdownit: High: CVE-2026-2327 Added vulnerability detection for MongoDb: High: CVE-2026-1847, CVE-2026-1848, CVE-2026-1849, CVE-2026-1850 Medium: CVE-2026-25609, CVE-2026-25610, CVE-2026-25613 Added vulnerability detection for Moodle: High: CVE |
| Acunetix Web Vulnerability Scanner 25.12.9 Feb 3, 2026 |
Security checks: Updated the vulnerability database (VDB) to version 20260203 Added comprehensive JWT authentication bypass detection: High: JWT Signature Bypass via None Algorithm High: JWT Signature is not Verified High: JWT Signature Bypass via kid SQL injection High: JWT Signature Bypass via kid Path Traversal High: JWT Signature Bypass via unvalidated jwk parameter High: Unvalidated JWT jku parameter High: Unvalidated JWT x5u parameter High: JWT Signature Bypass via unvalidated jku parameter High: JWT Signature Bypass via unvalidated x5u parameter High: JWT Signature Bypass via unvalidated x5c parameter Added authorization vulnerability detection: High: Horizontal Broken Function Level Authorization (BFLA) High: Unauthenticated Access to Sensitive Functions High: Horizontal IDOR/BOLA (Broken Object Level Authorization) High: Vertical Broken Function Level Authorization (BFLA) High: Vertical IDOR/BOLA (Broken Object Level Authorization) Added sensitive information exposure detection: High: API Sensitive Info(PII) accessible without authentication Medium: Resource Accessible Without Required Authentication Added API inventory management checks: Medium: API Authentication Bypass Using a Test/Staging Host Header Added microservice security checks: High: Microservice Directory Traversal Added vulnerability detection for Java: Medium: CVE-2026-21925 High: CVE-2026-21932 Medium: CVE-2026-21933 High: CVE-2026-21945 Added vulnerability detection for Jetty: High: CVE-2025-5115 Added vulnerability detection for Joomla: Medium: CVE-2025-63082 Medium: CVE-2025-63083 Removed vulnerability detection for LiferayPortal: CVE-2023-33944 Added vulnerability detection for LimeSurvey: Medium: CVE-2020-36993 High: CVE-2024-39063 Critical: CVE-2025-41375 Medium: CVE-2025-41376 Added vulnerability detection for MySQL: Medium: CVE-2026-21964 Added vulnerability detection for Oracle: High: CVE-2026-21939 Added vulnerability detection for Oracle HTTP Server: Critical: CVE-2026-21962 Added |
| Acunetix Web Vulnerability Scanner 25.12.8 Jan 29, 2026 |
Security checks: Updated the vulnerability database (VDB) to version 20260127 Improved XSS detection Added vulnerability detection for e107: High: CVE-2022-50939 Medium: CVE-2022-50905 Resolved issue: Fixed notifications |
| Acunetix Web Vulnerability Scanner 25.12.7 Jan 22, 2026 |
Security checks: Updated the vulnerability database (VDB) to version 20260127 Updated severity rating for Craft CMS version 3.9.15 from Medium to Critical Updated severity ratings for Craft CMS versions 4.4.16, 4.4.16.1, 4.4.17, 4.5.0, 4.14.9, 4.14.10, 4.14.11, 4.14.11.1, 4.14.12, 4.14.13, 4.14.14, 4.14.15, 4.15.0, 4.15.0.1, 4.15.0.2, 4.15.1, 4.15.2, 4.15.3, 4.15.4, 4.15.5, 4.15.6, 4.15.6.1, 5.6.10, 5.6.10.1, 5.6.10.2, 5.6.11, 5.6.12, 5.6.13, 5.6.14, 5.6.15, 5.6.17, 5.7.0, 5.7.1, 5.7.2, 5.7.3, 5.7.4, 5.7.5, 5.7.6, 5.7.7, 5.7.8, 5.7.8.1, 5.7.8.2 from High to Critical Updated severity rating for Grafana version 12.0.0 from High to Critical Updated severity ratings for e107 versions 2.1.4, 2.3.2 from Medium to High Added vulnerability detection for Craft CMS: Critical: CVE-2025-68456 High: CVE-2025-68454, CVE-2025-68455 Medium: CVE-2025-68436, CVE-2025-68437 Added vulnerability detection for Grafana: Critical: CVE-2025-41115 Added vulnerability detection for Python: Medium: CVE-2025-13837 Added vulnerability detection for SharePoint: High: CVE-2026-20943, CVE-2026-20947, CVE-2026-20948, CVE-2026-20951, CVE-2026-20963 Medium: CVE-2026-20958, CVE-2026-20959 Added vulnerability detection for e107: High: CVE-2022-50907, CVE-2022-50916, CVE-2025-11941 Medium: CVE-2022-50906, CVE-2025-61505 Added vulnerability detection for typo3CMS: High: CVE-2025-59022, CVE-2026-0859 Medium: CVE-2025-59020, CVE-2025-59021 |
| Acunetix Web Vulnerability Scanner 25.12.6 Jan 14, 2026 |
Security checks: Added coverage for the security vulnerability CVE-2025-66516 Improved the accuracy of our security checks by reducing false positives for XXE vulnerabilities on specific REST endpoints Updated our vulnerability database (VDB) to version 20260113 Vulnerability Changes: OpenCart – added vulnerabilities: CVE-2025-15116 (Medium) PHP – added vulnerabilities: CVE-2025-14177 (High), CVE-2025-14178 (High), CVE-2025-14180 (High) WordPress – added vulnerabilities: CVE-2024-31210 (High) phpMyFAQ – added vulnerabilities: CVE-2025-62519 (High), CVE-2025-68951 (Medium), CVE-2025-69200 (High) |
| Acunetix Web Vulnerability Scanner 25.12.5 Jan 7, 2026 |
Security checks: Updated the Vulnerability Database (VDB) to version 20260106 Added 15 new versions for 18 technologies and 7 new CVEs Updated severity ratings for MongoDB versions 4.2.18, 4.3.0-4.3.3, 4.4.29, 5.0.30-5.0.31, 6.0.23-6.0.26, 8.0.13-8.0.15, 8.2.0-8.2.1 from Medium to High Updated severity rating for Podcast Generator version 3.2.9 from Medium to Critical Updated severity ratings for Python versions 3.10.10-3.10.19, 3.11-3.11.14, 3.12-3.12.5 from High to Critical Updated severity rating for Python version 3.12.6 from Medium to Critical Added vulnerability detection for CrushFTP: Medium: CVE-2025-63419 Added vulnerability detection for MongoDB: High: CVE-2025-14847 Added vulnerability detection for Podcast Generator: Critical: CVE-2023-53899 Added vulnerability detection for Python: Critical: CVE-2025-13836 Added vulnerability detection for Roundcube: High: CVE-2025-68460 Medium: CVE-2025-68461 Added vulnerability detection for phpMyFAQ: High: CVE-2023-53929 |
| Acunetix Web Vulnerability Scanner 25.12.4 Dec 31, 2025 |
Security checks: Updated the Vulnerability Database (VDB) to version 20251230 Added 84 new versions for 50 technologies and 133 new CVEs Improved severity ratings for Dotclear version 2.29 from Medium to High Improved severity ratings for Jenkins versions 2.426.3, 2.452.4, 2.462.1-2.462.3, 2.471-2.492, 2.492.1-2.492.3, 2.493-2.501, 2.504 from Medium to High Improved severity ratings for Liferay DXP versions 2024.q1.14-2024.q1.18 from High to Critical Improved severity ratings for Liferay DXP versions 2024.q3.0, 2024.q4.7, 2025.q1.0-2025.q1.14, 2025.q2.0 from Medium to Critical Improved severity ratings for Liferay Portal version 7.4.3.132 from Medium to Critical Improved severity ratings for Next.js React Framework versions 15.2.6-15.2.7, 15.3.6-15.3.7, 15.4.8-15.4.9 from Critical to High Improved severity ratings for Next.js React Framework version 15.6.0 from High to Critical Improved severity ratings for React versions 19.0.1-19.0.2, 19.1.2-19.1.3 from Critical to High Improved severity ratings for Roundcube versions 1.5.6, 1.6.5-1.6.6 from Medium to High Improved severity ratings for Ruby version 1.9.0 from Critical to High Added vulnerability detection for Coppermine: CVE-2023-53868 (High) Added vulnerability detection for Dotclear: CVE-2023-53952 (High) CVE-2024-58281 (High) Added vulnerability detection for Jenkins: CVE-2025-67635 (High): CVE-2025-67636 (Medium) CVE-2025-67637 (Medium) CVE-2025-67638 (Medium) CVE-2025-67639 (Low) Added vulnerability detection for Liferay DXP: CVE-2025-43773 (Critical) CVE-2025-43790 (High) CVE-2025-43793 (High) CVE-2025-43796 (High) CVE-2025-43816 (High) CVE-2025-4581 (High) CVE-2025-43771, CVE-2025-43775, CVE-2025-43776, CVE-2025-43779, CVE-2025-43781, CVE-2025-43782, CVE-2025-43783, CVE-2025-43784, CVE-2025-43785, CVE-2025-43786, CVE-2025-43787, CVE-2025-43788, CVE-2025-43789, CVE-2025-43791, CVE-2025-43792, CVE-2025-43794, CVE-2025-43795, CVE-2025-43797, CVE-2025-43798, CVE-2025-43799, CVE-2025-43800, CVE-2025-43803, CVE-2 |
| Acunetix Web Vulnerability Scanner 25.12.3 Dec 19, 2025 |
Security checks: Updated the Vulnerability Database (VDB) to version 20251215 Added 179 new versions for 37 technologies and 118 new CVEs Improved severity ratings for Apache 2.4.64 from Medium to High Improved severity ratings for Liferay DXP versions 2023.q3.0, 2023.q4.6-10, 2024.q1.1-5, 7.0-7.2 from Medium/High to High/Critical Improved severity ratings for Liferay Portal versions 6.2, 7.0.0, 7.0.6, 7.2.0-7.2.1, 7.3.0-7.3.2, 7.4.3.10-7.4.3.119 from Medium/High to Critical Improved severity ratings for MongoDB versions 7.0.20-7.0.25, 8.0.9-8.0.12, 8.1.0 from Medium to High Improved severity ratings for Next.js React Framework versions 14.2.25-14.2.29 from Medium to High Added vulnerability detection for Angular: CVE-2025-61261 (Medium) Added vulnerability detection for Apache: CVE-2025-55753 (High) CVE-2025-58098 (High) CVE-2025-59775 (High) CVE-2025-65082 (Medium) CVE-2025-66200 (Medium) Added vulnerability detection for Django: CVE-2025-13372 (Medium) CVE-2025-64460 (High) Added vulnerability detection for Liferay DXP: CVE-2025-3586 (High) CVE-2025-3594 (Critical) CVE-2025-43766 (Critical) CVE-2025-43768 (High) CVE-2025-43801 (High) CVE-2025-43813 (High) CVE-2025-43746, CVE-2025-43747, CVE-2025-43754, CVE-2025-43755, CVE-2025-43756, CVE-2025-43757, CVE-2025-43761, CVE-2025-43762, CVE-2025-43763, CVE-2025-43764, CVE-2025-43765, CVE-2025-43767, CVE-2025-43769, CVE-2025-43770, CVE-2025-43777, CVE-2025-43778, CVE-2025-43802, CVE-2025-43806, CVE-2025-43810, CVE-2025-43811, CVE-2025-43812, CVE-2025-43814, CVE-2025-43815, CVE-2025-43817, CVE-2025-43818, CVE-2025-43820, CVE-2025-43830, CVE-2025-62237, CVE-2025-62238, CVE-2025-62239, CVE-2025-62240, CVE-2025-62245, CVE-2025-62246, CVE-2025-62247, CVE-2025-62248, CVE-2025-62249, CVE-2025-62250, CVE-2025-62251, CVE-2025-62252, CVE-2025-62253, CVE-2025-62255, CVE-2025-62259 (Medium) Added vulnerability detection for Liferay Portal: CVE-2025-3586 (High) CVE-2025-3594 (Critical) CVE-2025-43766 (Critical) CVE-2025-43768 (High) |
| Acunetix Web Vulnerability Scanner 25.12.2 Dec 10, 2025 |
Security check: Updated the Vulnerability Database (VDB) to version 20251209 |
