v10.2.2

What's Changed

New Templates Added: 65 | CVEs Added: 41 | First-time contributions: 4

🔥 Release Highlights 🔥

• [CVE-2025-47916] Invision Community <=5.0.6 Unauthenticated RCE via Template Injection (@EgiX, @iamnoooob, @pdresearch) [critical] 🔥
• [CVE-2025-34027] Versa Concerto API Path Based - Authentication Bypass (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥
• [CVE-2025-34026] Versa Concerto Actuator Endpoint - Authentication Bypass (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥
• [CVE-2025-27007] OttoKit < 1.0.83 - SureTriggers allows Privilege Escalation (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2025-24016] Wazuh - Unsafe Deserialization Remote Code Execution (@hüseyin TINTAŞ, @ritikchaddha) [critical] 🔥
• [CVE-2025-4427] Ivanti Endpoint Manager Mobile - Unauthenticated Remote Code Execution (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥 (CISA KEV)
• [CVE-2025-4123] Grafana - XSS / Open Redirect / SSRF via Client Path Traversal (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
• [CVE-2025-3102] SureTriggers – All-in-One Automation Platform ≤ 1.0.78 - Authentication Bypass (@dhiyaneshdk) [high] 🔥
• [CVE-2025-2011] Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
• [CVE-2024-12987] DrayTek Vigor - Command Injection (@ritikchaddha) [critical] 🔥 (CISA KEV)
• [CVE-2024-11320] Pandora v7.0NG.777.3 - Remote Code Execution (@dhiyaneshdk, @shubham Rooter, @pdresearch, @iamnoooob) [critical] 🔥
• [CVE-2024-8529] LearnPress < 4.2.7.1 - SQL Injection (@ritikchaddha) [critical] 🔥
• [CVE-2023-51409] Jordy Meow AI Engine - Unrestricted File Upload (@pussycat0x) [critical] 🔥
• [CVE-2023-1389] TP-Link Archer AX21 (AX1800) - Unauthenticated Command Injection (@ritikchaddha) [critical] 🔥 (CISA KEV)
• [CVE-2020-15415] DrayTek Vigor - Command Injection (@ritikchaddha) [critical] 🔥 (CISA KEV)
• [CVE-2018-20062] ThinkPHP 5.0.23 - Remote Code Execution (@dr_set) [critical] ] 🔥 (CISA KEV)
• [CVE-2018-19410] PRTG Network Monitor - Local File Inclusion (@dhiyaneshdk) [critical] 🔥 (CISA KEV)

---

Bug Fixes

• Updated affected vBulletin versions in vbulletin-replacead-rce.yaml (Issue #12150).
• Renamed CVE-2022-31126 to CVE-2022-31137 (Issue #12103).
• Updated and renamed thinkphp-5022-rce.yaml to CVE-2018-20062.yaml (Issue #12096).
• Fixed payload for CVE-2019-17444 to avoid false positives (Issue #12050).

False Negatives

• NA

False Positives

• Reduced false positives in Next.js cache poisoning headers (Issue #12000).
• Fixed false positives in s3-bucket-policy-public-access.yaml (Issue #12085).

Enhancements

• Updated tags for multiple templates (Issue #12157).
• Updated tags for CVE-2025-34028.yaml (Issue #12156).
• Moved templates for assigned CVEs (CVE-2025-34026, CVE-2025-34027) (Issue #12138).

Templates Added

• [CVE-2025-47916] Invision Community <=5.0.6 Unauthenticated RCE via Template Injection (@EgiX, @iamnoooob, @pdresearch) [critical] 🔥
• [CVE-2025-47204] Bootstrap Multiselect <= 1.1.2 - Cross-Site Scripting (@r3naissance) [medium]
• [CVE-2025-41393] Ricoh Web Image Monitor - Reflected XSS (@JPG0mez) [medium]
• [CVE-2025-34027] Versa Concerto API Path Based - Authentication Bypass (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥
• [CVE-2025-34026] Versa Concerto Actuator Endpoint - Authentication Bypass (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥
• [CVE-2025-27007] OttoKit < 1.0.83 - SureTriggers allows Privilege Escalation (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2025-24016] Wazuh - Unsafe Deserialization Remote Code Execution (@hüseyin TINTAŞ, @ritikchaddha) [critical] 🔥
• [CVE-2025-4427] Ivanti Endpoint Manager Mobile - Unauthenticated Remote Code Execution (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥 (CISA KEV)
• [CVE-2025-4396] Relevanssi <= 4.24.4 (Free) - Unauthenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [high]
• [CVE-2025-4388] Liferay Portal 'marketplace-app-manager-web' - Reflected XSS (@iamnoooob, @rootxharsh, @pdresearch) [medium]
• [CVE-2025-4123] Grafana - XSS / Open Redirect / SSRF via Client Path Traversal (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
• [CVE-2025-3102] SureTriggers – All-in-One Automation Platform ≤ 1.0.78 - Authentication Bypass (@dhiyaneshdk) [high] 🔥
• [CVE-2025-2636] InstaWP Connect < 0.1.0.86 - Local PHP File Inclusion (@iamnoooob, @pdresearch) [high]
• [CVE-2025-2610] MagnusBilling Alarm Module - Cross-Site Scripting (@dhiyaneshdk) [high]
• [CVE-2025-2609] MagnusBilling Login Logs - Cross-Site Scripting (@dhiyaneshdk) [high]
• [CVE-2025-2127] JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS (@3th1c_yuk1) [medium]
• [CVE-2025-2011] Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
• [CVE-2025-1743] Pichome 2.1.0 - Arbitrary File Read (@3th1c_yuk1) [high]
• [CVE-2024-44762] Usermin 2.100 - Username Enumeration (@ritikchaddha) [medium]
• [CVE-2024-12987] DrayTek Vigor - Command Injection (@ritikchaddha) [critical] 🔥 (CISA KEV)
• [CVE-2024-11320] Pandora v7.0NG.777.3 - Remote Code Execution (@dhiyaneshdk, @shubham Rooter, @pdresearch, @iamnoooob) [critical] 🔥
• [CVE-2024-8529] LearnPress < 4.2.7.1 - SQL Injection (@ritikchaddha) [critical] 🔥
• [CVE-2024-2473] WPS Hide Login <= 1.9.15.2 - Login Page Disclosure (@popcorn94) [medium]
• [CVE-2023-51409] Jordy Meow AI Engine - Unrestricted File Upload (@pussycat0x) [critical] 🔥
• [CVE-2023-1389] TP-Link Archer AX21 (AX1800) - Unauthenticated Command Injection (@ritikchaddha) [critical] 🔥 (CISA KEV)
• [CVE-2022-45808] LearnPress Plugin < 4.2.0 - Unauthenticated Time-Based Blind SQLi (@dhiyaneshdk) [critical]
• [CVE-2022-31161] Roxy-WI - Remote Code Execution (@ritikchaddha) [critical]
• [CVE-2022-31137] Roxy-WI < 6.1.1.0 - Remote Code Execution (@dhiyaneshdk) [critical]
• [CVE-2022-1950] Youzify < 1.2.0 - Unauthenticated SQLi (@dhiyaneshdk) [critical]
• [CVE-2022-0592] MapSVG < 6.2.20 - Unauthenticated SQLi (@dhiyaneshdk) [critical]
• [CVE-2021-36646] KodExplorer - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2021-25161] Aruba Instant Access Point (IAP) - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2020-15415] DrayTek Vigor - Command Injection (@ritikchaddha) [critical] 🔥 (CISA KEV)
• [CVE-2019-20504] Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Remote Code Execution (@dhiyaneshdk) [critical]
• [CVE-2019-5129] YouPHPTube Encoder 2.3 - Command Injection (@pussycat0x) [critical]
• [CVE-2019-5128] YouPHPTube Encoder - Arbitrary File Write (@pussycat0x) [critical]
• [CVE-2018-20062] ThinkPHP 5.0.23 - Remote Code Execution (@dr_set) [critical] ] 🔥 (CISA KEV)
• [CVE-2018-19410] PRTG Network Monitor - Local File Inclusion (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
• [CVE-2018-19276] OpenMRS Platform < 2.24.0 - Insecure Object Deserialization (@dhiyaneshdk) [critical]
• [CVE-2018-17283] Zoho ManageEngine OpManager - SQL Injection (@dhiyaneshdk) [high]
• [CVE-2018-11222] Pandora FMS <=7.0NG.722 - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [high]
• [loytec-default-password] Loytec PLC - Default Login (@biero-el-corridor) [high]
• [magnusbilling-default-login] MagnusBilling - Default Login (@dhiyaneshdk) [high]
• [enviromuux-default-login] Network Technologies Inc ENVIROMUX - Default Login (@M.Sarmad Shafiq) [high]
• [osasi-default-login] OSASI PLC - Default Login (@biero-el-corridor) [high]
• [siemens-simatic-default-login] Siemens SIMATIC HMI Miniweb - Default Login (@biero-el-corridor) [high]
• [wago-webbased-default-login] WAGO Web based Management - Default Login (@biero-el-corridor) [high]
• [aperio-eslidemanager-panel] Aperio eSlideManager - Panel (@Th3l0newolf) [info]
• [mbilling-panel] MagnusBilling - Login Panel (@dhiyaneshdk) [info]
• [osasi-panel] OSASI Login - Panel (@biero-el-corridor) [info]
• [polarion-siemens-panel] Polarion Siemens Login - Panel (@Th3l0newolf) [info]
• [sap-netweaver-cet-detect] SAP NetWeaver Composition Environment Tools - Detect (@ap3r) [info]
• [cae-monitor-panel] CAE Monitoring - Login Panel (@biero-el-corridor) [info]
• [etic-telecom-panel] ETIC Telecom Device Login - Panel (@biero-el-corridor) [info]
• [moxa-vpn-router-panel] Moxa OnCell VPN - Login Panel (@biero-el-corridor) [info]
• [siemens-logo8-panel] Siemens Logo! 8 Web - Panel (@biero-el-corridor) [info]
• [siemens-simatic-panel] Siemens SIMATIC HMI Miniweb - Login Panel (@biero-el-corridor) [info]
• [wago-webbased-panel] WAGO WebBased Management - Panel (@biero-el-corridor) [info]
• [emby-installer] Emby Installation Page - Exposure (@dhiyaneshdk) [high]
• [traccar-settings-disclosure] Traccar Server Settings - Disclosure (@dhiyaneshdk) [low]
• [docker-registry-browser-detect] Docker Registry Browser - Detect (@pussycat0x) [info]
• [plantumlserver-detect] PlantUMLServer - Detect (@s4e-io) [info]
• [webswing-api-version-detect] WebSwing REST API Version - Detection (@aushack) [info]
• [wp-publishpress-capabilities-xss] PublishPress Capabilities < 2.3.3 - Cross-Site Scripting (@ritikchaddha) [medium]
• [vbulletin-replacead-rce] vBulletin replaceAdTemplate - Remote Code Execution (@dhiyaneshdk) [critical]

New Contributors

• @vshekhda made their first contribution in #12050
• @biero-el-corridor made their first contribution in #12005
• @huseyinstif made their first contribution in #11616
• @shubhamrooter made their first contribution in #11281

Full Changelog: v10.2.1...v10.2.2