v10.2.1

What's Changed

New Templates Added: 41 | CVEs Added: 16 | First-time contributions: 7

🔥 Release Highlights 🔥

• [CVE-2025-32432] CraftCMS - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2025-2777] SysAid On-Prem <= 23.3.40 - XML External Entity (@johnk3r) [critical] 🔥
• [CVE-2024-38475] Sonicwall - Pre-Authentication Arbitrary File Read (@shaikhyaser) [critical] 🔥
• [CVE-2024-21136] Oracle Retail Xstore Suite - Pre-auth Path Traversal (@dhiyaneshdk) [high] 🔥
• [CVE-2024-7591] Kemp Load Balancer - Unauth Command Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2023-45878] Gibbon LMS <= v25.0.01 - File Upload to RCE (@ajdumanhug) [critical] 🔥
• [CVE-2022-26585] Mingsoft MCMS v5.2.7 - SQL Injection (@ritikchaddha) [critical] 🔥
• [CVE-2022-1711] draw.io < 18.0.5 - Server Side Request Forgery (SSRF) (@ritikchaddha) [high] 🔥

---

Bug Fixes

• Fixed template for CVE-2025-32101 (Issue #11933).
• Corrected false negative in CVE-2020-26948 (Issue #12056).
• Fixed broken path to reference file causing 404 errors (Issue #11987).
• Modified regex to accept IPs in location header (Issue #12026).
• Updated Huawei WAF detection rule for accurate server header (Issue #12022).

False Negatives

• Addressed pre-authentication RCE vulnerability in CraftCMS 4.x and 5.x (Issue #12020).

False Positives

• Reduced false positives in Azure Cloud Templates (Issue #12047).
• Fixed false positive in CVE-2022-21587 PoC affecting system (Issue #11702).

Enhancements

• Added Amazon Elastic Kubernetes Service (EKS) templates (PR #12069).
• Removed CVE-2022-46463 template (PR #12029).

Template Updates

• [CVE-2025-32432] CraftCMS - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2025-28228] Electrolink FM/DAB/TV Transmitter - Credentials Disclosure (@dhiyaneshdk) [high]
• [CVE-2025-2907] Order Delivery Date Pro for WooCommerce < 12.3.1 - Arbitrary Option Update (@iamnoooob, @rootxharsh, @pdresearch) [critical]
• [CVE-2025-2777] SysAid On-Prem <= 23.3.40 - XML External Entity (@johnk3r) [critical] 🔥
• [CVE-2025-2776] SysAid On-Prem <= 23.3.40 - XML External Entity (@johnk3r) [critical]
• [CVE-2025-2775] SysAid On-Prem <= 23.3.40 - XML External Entity (@johnk3r) [critical]
• [CVE-2024-51739] iTop - User Enumeration via REST Endpoint (@dhiyaneshdk) [medium]
• [CVE-2024-38475] Sonicwall - Pre-Authentication Arbitrary File Read (@shaikhyaser) [critical] 🔥
• [CVE-2024-21641] Flarum < 1.8.5 - Open Redirect (@kking) [medium]
• [CVE-2024-21136] Oracle Retail Xstore Suite - Pre-auth Path Traversal (@dhiyaneshdk) [high] 🔥
• [CVE-2024-13322] Ads Pro Plugin <= 4.88 - Unauth SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [high]
• [CVE-2024-7591] Kemp Load Balancer - Unauth Command Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2023-45878] Gibbon LMS <= v25.0.01 - File Upload to RCE (@ajdumanhug) [critical] 🔥
• [CVE-2022-42118] Liferay Portal - Cross-site Scripting (@ritikchaddha) [medium]
• [CVE-2022-26585] Mingsoft MCMS v5.2.7 - SQL Injection (@ritikchaddha) [critical] 🔥
• [CVE-2022-1711] draw.io < 18.0.5 - Server Side Request Forgery (SSRF) (@ritikchaddha) [high] 🔥
• [eks-aws-managed-iam-policy] Use AWS-managed policy to manage AWS resources (@princechaddha) [high]
• [eks-cluster-logging] Kubernetes Cluster Logging (@princechaddha) [low]
• [eks-endpoint-access] EKS Cluster Endpoint Public Access (@princechaddha) [high]
• [eks-iam-managed-policy-networking] Use AWS-managed policy to Manage Networking Resources (@princechaddha) [high]
• [eks-kubernetes-secrets-encryption] EKS Kubernetes Secrets not Encrypted (@princechaddha) [high]
• [eks-logging-kubes-api-calls] Enable CloudTrail Logging for Kubernetes API Calls (@princechaddha) [high]
• [eks-long-running-pods] EKS Long Running Pods (@princechaddha) [medium]
• [eks-managed-policy-ecr-access] Use AWS-managed policy to access Amazon ECR Repositories (@princechaddha) [high]
• [eks-node-group-remote-access] EKS Node Group Remote Access Configuration (@princechaddha) [high]
• [nocobase-default-login] NocoBase - Default Login (@fur1na) [high]
• [yacht-default-login] Yacht - Default Login (@fur1na) [high]
• [bluemind-panel] Bluemind Panel - Detect (@tigibus) [info]
• [ekare-insight-panel] eKare inSight Panel - Detect (@s4e-io) [info]
• [frappe-panel] Frappe Panel - Detect (@Th3l0newolf) [info]
• [hoppscotch-panel] Hoppscotch Panel - Detect (@s4e-io) [info]
• [netscaler-console-panel] NetScaler Console - Panel (@dhiyaneshdk) [info]
• [yacht-panel] Yacht Login Panel - Detect (@fur1na) [info]
• [exposed-mcp-server] Exposed MCP JSON-RPC 2.0 API Detection (@ivan_wallarm) [unknown]
• [vscode-launch] Visual Studio Code launch.json Exposure (@dhiyaneshdk) [low]
• [emerson-intellislot-webcard] Emerson Network Power IntelliSlot Web Card - Exposure (@Th3l0newolf) [medium]
• [trust-center-detect] Trust Center Page - Detect (@ajdumanhug) [info]
• [luxtrust-cosi-detect] LuxTrust COSI - Detect (@righettod) [info]
• [streamlit-detect] Streamlit - Detect (@s4e-io) [info]
• [zk-framework-detect] ZK Framework - Detect (@ErikOwen, @cursor) [info]
• [zzcms-register-xss] Zzcms register_nodb.php - Cross Site Scripting (@3th1c_yuk1) [medium]

New Contributors

• @r00tuser111 made their first contribution in #12006
• @saharshtapi made their first contribution in #12011
• @ThibautPierru made their first contribution in #11997
• @ajdumanhug made their first contribution in #12027
• @serdarbsgn made their first contribution in #12022
• @SemenchenkoA made their first contribution in #11944
• @adaminfinitum made their first contribution in #11987

Full Changelog: v10.2.0...v10.2.1