| Version | Change log |
| Acunetix Web Vulnerability Scanner 25.12.5 Jan 7, 2026 |
Security checks: Updated the Vulnerability Database (VDB) to version 20260106 Added 15 new versions for 18 technologies and 7 new CVEs Updated severity ratings for MongoDB versions 4.2.18, 4.3.0-4.3.3, 4.4.29, 5.0.30-5.0.31, 6.0.23-6.0.26, 8.0.13-8.0.15, 8.2.0-8.2.1 from Medium to High Updated severity rating for Podcast Generator version 3.2.9 from Medium to Critical Updated severity ratings for Python versions 3.10.10-3.10.19, 3.11-3.11.14, 3.12-3.12.5 from High to Critical Updated severity rating for Python version 3.12.6 from Medium to Critical Added vulnerability detection for CrushFTP: Medium: CVE-2025-63419 Added vulnerability detection for MongoDB: High: CVE-2025-14847 Added vulnerability detection for Podcast Generator: Critical: CVE-2023-53899 Added vulnerability detection for Python: Critical: CVE-2025-13836 Added vulnerability detection for Roundcube: High: CVE-2025-68460 Medium: CVE-2025-68461 Added vulnerability detection for phpMyFAQ: High: CVE-2023-53929 |
| Acunetix Web Vulnerability Scanner 25.12.4 Dec 31, 2025 |
Security checks: Updated the Vulnerability Database (VDB) to version 20251230 Added 84 new versions for 50 technologies and 133 new CVEs Improved severity ratings for Dotclear version 2.29 from Medium to High Improved severity ratings for Jenkins versions 2.426.3, 2.452.4, 2.462.1-2.462.3, 2.471-2.492, 2.492.1-2.492.3, 2.493-2.501, 2.504 from Medium to High Improved severity ratings for Liferay DXP versions 2024.q1.14-2024.q1.18 from High to Critical Improved severity ratings for Liferay DXP versions 2024.q3.0, 2024.q4.7, 2025.q1.0-2025.q1.14, 2025.q2.0 from Medium to Critical Improved severity ratings for Liferay Portal version 7.4.3.132 from Medium to Critical Improved severity ratings for Next.js React Framework versions 15.2.6-15.2.7, 15.3.6-15.3.7, 15.4.8-15.4.9 from Critical to High Improved severity ratings for Next.js React Framework version 15.6.0 from High to Critical Improved severity ratings for React versions 19.0.1-19.0.2, 19.1.2-19.1.3 from Critical to High Improved severity ratings for Roundcube versions 1.5.6, 1.6.5-1.6.6 from Medium to High Improved severity ratings for Ruby version 1.9.0 from Critical to High Added vulnerability detection for Coppermine: CVE-2023-53868 (High) Added vulnerability detection for Dotclear: CVE-2023-53952 (High) CVE-2024-58281 (High) Added vulnerability detection for Jenkins: CVE-2025-67635 (High): CVE-2025-67636 (Medium) CVE-2025-67637 (Medium) CVE-2025-67638 (Medium) CVE-2025-67639 (Low) Added vulnerability detection for Liferay DXP: CVE-2025-43773 (Critical) CVE-2025-43790 (High) CVE-2025-43793 (High) CVE-2025-43796 (High) CVE-2025-43816 (High) CVE-2025-4581 (High) CVE-2025-43771, CVE-2025-43775, CVE-2025-43776, CVE-2025-43779, CVE-2025-43781, CVE-2025-43782, CVE-2025-43783, CVE-2025-43784, CVE-2025-43785, CVE-2025-43786, CVE-2025-43787, CVE-2025-43788, CVE-2025-43789, CVE-2025-43791, CVE-2025-43792, CVE-2025-43794, CVE-2025-43795, CVE-2025-43797, CVE-2025-43798, CVE-2025-43799, CVE-2025-43800, CVE-2025-43803, CVE-2 |
| Acunetix Web Vulnerability Scanner 25.12.3 Dec 19, 2025 |
Security checks: Updated the Vulnerability Database (VDB) to version 20251215 Added 179 new versions for 37 technologies and 118 new CVEs Improved severity ratings for Apache 2.4.64 from Medium to High Improved severity ratings for Liferay DXP versions 2023.q3.0, 2023.q4.6-10, 2024.q1.1-5, 7.0-7.2 from Medium/High to High/Critical Improved severity ratings for Liferay Portal versions 6.2, 7.0.0, 7.0.6, 7.2.0-7.2.1, 7.3.0-7.3.2, 7.4.3.10-7.4.3.119 from Medium/High to Critical Improved severity ratings for MongoDB versions 7.0.20-7.0.25, 8.0.9-8.0.12, 8.1.0 from Medium to High Improved severity ratings for Next.js React Framework versions 14.2.25-14.2.29 from Medium to High Added vulnerability detection for Angular: CVE-2025-61261 (Medium) Added vulnerability detection for Apache: CVE-2025-55753 (High) CVE-2025-58098 (High) CVE-2025-59775 (High) CVE-2025-65082 (Medium) CVE-2025-66200 (Medium) Added vulnerability detection for Django: CVE-2025-13372 (Medium) CVE-2025-64460 (High) Added vulnerability detection for Liferay DXP: CVE-2025-3586 (High) CVE-2025-3594 (Critical) CVE-2025-43766 (Critical) CVE-2025-43768 (High) CVE-2025-43801 (High) CVE-2025-43813 (High) CVE-2025-43746, CVE-2025-43747, CVE-2025-43754, CVE-2025-43755, CVE-2025-43756, CVE-2025-43757, CVE-2025-43761, CVE-2025-43762, CVE-2025-43763, CVE-2025-43764, CVE-2025-43765, CVE-2025-43767, CVE-2025-43769, CVE-2025-43770, CVE-2025-43777, CVE-2025-43778, CVE-2025-43802, CVE-2025-43806, CVE-2025-43810, CVE-2025-43811, CVE-2025-43812, CVE-2025-43814, CVE-2025-43815, CVE-2025-43817, CVE-2025-43818, CVE-2025-43820, CVE-2025-43830, CVE-2025-62237, CVE-2025-62238, CVE-2025-62239, CVE-2025-62240, CVE-2025-62245, CVE-2025-62246, CVE-2025-62247, CVE-2025-62248, CVE-2025-62249, CVE-2025-62250, CVE-2025-62251, CVE-2025-62252, CVE-2025-62253, CVE-2025-62255, CVE-2025-62259 (Medium) Added vulnerability detection for Liferay Portal: CVE-2025-3586 (High) CVE-2025-3594 (Critical) CVE-2025-43766 (Critical) CVE-2025-43768 (High) |
| Acunetix Web Vulnerability Scanner 25.12.2 Dec 10, 2025 |
Security check: Updated the Vulnerability Database (VDB) to version 20251209 |
| Acunetix Web Vulnerability Scanner 25.11.2 Nov 25, 2025 |
Security check: Added detection for the Fortinet FortiWeb authentication bypass vulnerability (CVE-2025-64446) Added detection for the Citrix NetScaler memory leak and reflected XSS vulnerability (CVE-2025-12101) Improved detection of SQL injection attempts in prepared statements used with NodeJS and MySQL Added detection for the Oracle Identity Manager authentication bypass leading to RCE (CVE-2025-61757) Updated the Vulnerability Database to version 20251125 Resolved issue: Fixed an issue in the script that identifies API resources missing required authentication |
| Acunetix Web Vulnerability Scanner 25.11.1 Nov 21, 2025 |
Security check: Updated the Vulnerability Database (VDB) to version 20251118 |
| Acunetix Web Vulnerability Scanner 25.11 Nov 14, 2025 |
Improvements: Added support for tracking session tokens in URL Parameters in DAST scans Updated LSR to use configured custom cookies Added support for Custom Namespaces in WSDL specifications Improved support for web applications that return 429 responses during the DAST scan Improved processing of Path Fragments discovered by Deepscan Improved handling of sitemaps Upgraded Python to v3.13.6 Resolved issues: Fixed false positives from “PII without authentication” scripts API documentation is now properly reachable in the most recent on-premise version |
| Acunetix Web Vulnerability Scanner 25.8.5 Nov 6, 2025 |
Security check: Improved Local Path Traversal detection in J2EE environments to cover CVE-2025-55752 Added detection for Magento authentication bypass (SessionReaper) – CVE-2025-54236 Updated the Vulnerability Database (VDB) to version 20251104 Improvements: Improved detection of sensitive information and personally identifiable information (PII) Resolved issues: Resolved an issue where XSS findings in JSON responses didn’t display attack details Fixed the issue where sensitive data was not highlighted in the response for Sensitive Data Exposure vulnerabilities Resolved classification of standard XSS vulnerabilities that depend on how legacy browsers handle encoding |
| Acunetix Web Vulnerability Scanner 25.8.4 Nov 3, 2025 |
Security check: Updated AEM (Adobe Experience Manager) checks to include seven newly reported vulnerabilities from the Hopgoblin toolkit (CVE-2025-54251, CVE-2025-54249, CVE-2025-54252, CVE-2025-54250, CVE-2025-54247, CVE-2025-54248, CVE-2025-54246) Updated the Vulnerability Database (VDB) to version 20251006 Updated the Vulnerability Database (VDB) to version 20251021 Added detection for the Oracle E-Business Suite remote code execution vulnerability (CVE-2025-61882) Added a new information discovery capability to detect sensitive or personally identifiable (PII) data during scans Improvements: Increased the severity level of TLS 1.1 usage from “Info” to “Low” Added new informational XSS finding types for cases where exploitation depends on the encoding behavior of legacy browsers Resolved issues: Removed duplicate CVE findings |
| Acunetix Web Vulnerability Scanner 25.5.0 Jun 17, 2025 | Resolved an issue causing a hang in the LSR during retry playback |
