FixVibe

// docs / changelog

Changelog

FixVibe Aggiornamenti del motore di scansione: nuova copertura, miglioramenti della sicurezza e della precisione. Prima le voci più recenti.

2026-07-02

  • CORRETTOLegal-link false positives reduced. Privacy and terms links that are visible after client-side rendering now count correctly, so SPA footers are not reported as missing when users can see those links.

30 giugno 2026

  • NUOVOLabel Studio CVE-2025-47783 reflected XSS check. Verified active scans now flag Label Studio upload-example responses when target-specific label_config evidence shows raw HTML metacharacter reflection, without executing JavaScript, using victim sessions, reading tokens, or storing project data.
  • NUOVOAVideo CVE-2023-25313 / GHSA-pgvh-p3g4-86jw advisory. Repo scans flag affected wwbn/avideo Composer manifests and lockfiles below 12.4 with version-based evidence only; no AVideo login, video-link submission, video creation, request-delay checks, command execution, or runtime exploit claim.
  • NUOVOGL.iNet GL-MT3000 CVE-2026-11451 advisory. Verified active scans flag GL.iNet GL-MT3000 firmware 4.4.5 as version-based advisory evidence only; no router authentication, FTP-setting changes, file writes, command input, or command-execution claim.
  • MIGLIORATOCopertura del riavvio remoto Schneider Modicon M221. Il controllo passivo esistente del firmware Modicon M221 ora correla le stesse solide prove HTTP pubbliche di prodotto e versione firmware con CVE-2018-7789 insieme a CVE-2018-7790, segnalando un contesto di advisory basato sulla versione senza inviare probe di riavvio, interrogare Modbus, riprodurre autenticazioni, caricare programmi PLC o dichiarare conferme di exploit.
  • NUOVOMbed TLS CVE-2024-45159 repo advisory coverage. GitHub repo scans now flag source and build metadata for affected Mbed TLS 3.2.0 through 3.6.0 releases, reporting version-based advisory evidence without client-certificate probes, TLS handshake testing, or authentication-bypass confirmation.
  • NUOVOOracle Java SE/GraalVM CVE-2022-21340 repo advisory coverage. GitHub repo scans now flag explicit Oracle Java SE or Oracle GraalVM Enterprise runtime metadata, reporting version-based advisory evidence without running Java, sandbox-code proof, denial-of-service traffic, or runtime exploit confirmation.
  • NUOVOOpenSSL CMS CVE-2025-15467 advisory. GitHub repo scans now flag affected OpenSSL CMS release-line evidence and report branch-aware source/config evidence without crash, denial-of-service, or code-execution reproduction.
  • NUOVOcodfish semantic-release GitHub Action compromise check. Repo scans can now flag workflow YAML references to codfish/semantic-release-action refs associated with the June 2026 compromise, reporting source/config evidence only. The check does not run GitHub Actions, read CI secrets, inspect runners, or claim credential theft.
  • NUOVOSpring Data Commons property-path advisory coverage. GitHub repo scans now report Maven/Gradle dependency evidence for Spring Data Commons versions associated with CVE-2018-1274 / GHSA-5q8m-mqmx-pxp9. The finding stays version-based and does not run the app, probe Spring Data REST endpoints, send crafted property-path parameters, stress CPU or memory, or claim denial-of-service confirmation.
  • NUOVOvm2 Promise species advisory coverage. GitHub repo scans now report npm manifest and lockfile evidence for vm2 versions associated with CVE-2026-47208 / GHSA-76w7-j9cq-rx2j. The finding stays version-based and does not run the app, execute sandbox-breakout proof-of-concept code, inspect live workers, or claim host command execution.
  • NUOVOpyLoad /flashgot advisory coverage. GitHub repo scans now report Python manifest and lockfile evidence for pyload-ng versions associated with CVE-2024-47821 / GHSA-w7hq-f2pj-c53g. The finding stays version-based and does not run pyLoad, send /flashgot requests, change settings, download files, write script directories, or claim command execution.
  • NUOVOSAP Cloud SDK for AI Python advisory check. GitHub repo scans now flag Python manifest and lockfile evidence for sap-ai-sdk-base versions affected by CVE-2023-25617 / GHSA-xxhh-59gh-6ffx as version-based advisory evidence, without running Python, connecting to SAP BusinessObjects, scheduling Program Objects, sending command-injection input, or claiming OS command execution.
  • NUOVOGradio Windows/Python path traversal advisory check. GitHub repo scans now flag Gradio dependency evidence for CVE-2026-28414 / GHSA-39mp-8hj3-5c49 and raise confidence when repository configuration also points to Windows with Python 3.13+, without requesting Gradio file endpoints, sending traversal input, reading files, or claiming live arbitrary file read.

29 Jun 2026

  • NUOVOMISP STIX import source advisory coverage. GitHub repo scans now report source evidence for CVE-2018-19908 in app/Model/Event.php when original STIX filenames flow into shell command construction. The check uses repository source evidence and does not run MISP, import files, or claim runtime command execution.
  • NUOVOMindsDB status version advisory coverage. Verified active scans now include MindsDB /api/status version evidence for CVE-2026-27483 when the public status endpoint reports a release before 25.9.1.1. This read-only check does not upload files, send traversal filenames, or claim remote-code execution.
  • NUOVONiceGUI upload filename source advisory check. GitHub repo scans now include CVE-2026-25732 coverage when affected NiceGUI dependency evidence appears with upload-handler source that saves paths built from client-supplied filenames. The check reports source/dependency evidence without uploading files, writing outside upload directories, or claiming code execution.

June 18, 2026

  • NUOVOSillyTavern SearXNG SSRF active check. Verified active scans now report only direct evidence that a SillyTavern SearXNG search proxy fetched a FixVibe-controlled external callback URL. The probe avoids localhost, cloud metadata, private-network targets, and internal-service requests.
  • NUOVOControllo dell'esposizione Glances REST API senza autenticazione. Le scansioni attive verificate ora possono confermare quando l'origine analizzata espone l'identità Glances REST API e risposte in forma di metriche senza autenticazione. FixVibe registra solo la forma della risposta ed evita dump API ampi, elenchi di processi, righe di comando, configurazione o segreti.
  • NUOVOSpring Data Commons + XMLBeam advisory coverage. GitHub repo scans now report paired Maven/Gradle dependency evidence for Spring Data Commons and XMLBeam versions associated with CVE-2018-1259 / GHSA-m929-7fr6-cvjg. The finding stays version-based and does not run the app, send XML payloads, probe endpoints, read local files, or claim SSRF confirmation.
  • NUOVOControllo advisory dipendenza Moby AuthZ. Le scansioni dei repository GitHub possono ora segnalare manifest Go che risolvono versioni Moby o Docker Engine interessate da CVE-2026-34040 / GHSA-x744-4wpc-v9h2, riportando prove basate sulla versione senza connettersi alle Docker APIs, sondare plugin AuthZ, inviare richieste create ad hoc o dichiarare una conferma del bypass di autorizzazione.
  • NUOVONGINX rewrite-module config advisory check. GitHub repo scans can now correlate affected NGINX version evidence with rewrite-module configuration evidence for CVE-2026-42945, without running NGINX, sending traffic, or claiming memory-corruption proof.
  • NUOVOSQLitePCLRaw NuGet advisory check. GitHub repo scans can now flag .NET project and NuGet lockfile evidence for affected SQLitePCLRaw native SQLite packages tied to CVE-2025-6965 / GHSA-2m69-gcr7-jv3q, without claiming memory-corruption proof.
  • NUOVOgemini-mcp-tool CVE-2026-0755 advisory. Repo scans flag affected npm manifest and lockfile versions for GHSA-4h5r-5jm8-jxjm with repository version evidence only. The check does not run the MCP server, send command or @file probes, trigger callbacks, read local files, or assert runtime exploit confirmation.
  • NUOVOMastra easy-day-js advisory check. GitHub repo scans flag easy-day-js manifest and lockfile evidence tied to the June 2026 Mastra npm incident. The finding stays limited to repository dependency evidence and does not verify stale npm owners, run package scripts, inspect hosts, or assert credential theft.
  • NUOVODrupal Core CVE-2026-9082 advisory check. GitHub repo scans flag Composer manifest and lockfile versions for GHSA-ghwc-95x2-682j with repository version evidence only. The check does not run Drupal, verify PostgreSQL, send SQL payloads, extract data, or assert runtime exploit confirmation.
  • NUOVOParamiko SSH-server authentication advisory check. GitHub repo scans can now flag Python dependency files that resolve Paramiko releases affected by CVE-2018-7750 / GHSA-232r-66cg-79px, reporting version-based advisory evidence without starting an SSH server, sending bypass traffic, or claiming deployed server-mode exposure.
  • NUOVOApache Tomcat HTTP/2 resource-consumption dependency advisory check. GitHub repo scans can now flag Maven and Gradle build files that resolve Tomcat releases affected by CVE-2020-11996 / GHSA-53hp-jpwq-2jgq, reporting version-based advisory evidence without running Tomcat, sending HTTP/2 denial-of-service traffic, generating high-CPU proof traffic, or claiming runtime availability impact.
  • NUOVO@andrei-tatar/nora-firebase-common prototype-pollution advisory check. GitHub repo scans can now flag npm manifests and lockfiles that resolve @andrei-tatar/nora-firebase-common versions affected by CVE-2024-30564 / GHSA-jjff-q3q4-5hh8, reporting version-based advisory evidence without running the package, mutating Object.prototype, sending proof payloads, or claiming runtime exploit confirmation.
  • NUOVOControllo advisory Android per cordova-plugin-inappbrowser. Le scans dei repo GitHub ora possono segnalare manifest npm, lockfile e file Cordova config.xml che risolvono versioni di cordova-plugin-inappbrowser interessate da CVE-2019-0219 / GHSA-c6pw-q7f2-97hv, riportando prove advisory basate sulla versione senza creare binari mobile, caricare contenuti di prova, esercitare il plugin bridge o dichiarare exploitability Android distribuita.
  • NUOVONokogiri libxslt RubyGems advisory coverage. GitHub repo scans now report Gemfile, Gemfile.lock, and gemspec evidence for Nokogiri releases affected by CVE-2019-18197 / GHSA-242x-7cm6-4w8j. The check uses version-based RubyGems evidence and does not run Ruby, process XML or XSLT input, crash-test libxslt, or claim runtime exploit confirmation.
  • NUOVOPerl GD CPAN advisory coverage. GitHub repo scans now report CPAN dependency evidence for Perl GD releases affected by CVE-2026-11526. The check uses version-based repository evidence and does not run Perl, process image files, pass crafted filenames to GD::Image constructors, or claim command-execution or file-overwrite confirmation.
  • NUOVOkill-port-process CVE-2019-15609 advisory check. GitHub repo scans flag affected npm manifest and lockfile versions for GHSA-xp4x-j9vh-c3wf, reporting version evidence only. The check does not run the package, send command payloads, terminate processes, or assert runtime exploit confirmation.
  • NUOVOproxy npm advisory coverage. GitHub repo scans can now report repository dependency evidence for proxy releases associated with CVE-2023-2968 / GHSA-mj6p-3pc9-wf5m. The finding stays version-based and does not run proxy, send crafted request traffic, crash-test services, or claim runtime denial-of-service confirmation.
  • NUOVOApache ActiveMQ Artemis Jolokia dependency advisory check. GitHub repo scans can now flag Maven and Gradle build files that resolve org.apache.activemq:artemis-cli versions affected by CVE-2023-50780 / GHSA-443j-grxv-2pgv, reporting version-based advisory evidence without authenticating to Jolokia, enumerating MBeans, changing Log4J2 configuration, writing files, restarting services, or claiming live RCE confirmation.
  • NUOVOApache ActiveMQ Artemis dependency advisory check. GitHub repo scans can now flag Maven and Gradle build files that pin or allow artemis-server versions affected by CVE-2026-27446 / GHSA-fw88-pf9m-p947, reporting version-based advisory evidence without connecting to brokers, triggering federation callbacks, or claiming message injection/exfiltration confirmation.
  • NUOVOApache Spark UI dependency advisory check. GitHub repo scans can now flag Maven, Gradle, and PySpark dependency files that pin or allow Apache Spark versions affected by CVE-2022-33891 / GHSA-4x9r-j582-cgr8, reporting version-based advisory evidence without visiting Spark UI, sending active exploit probes, or claiming command-execution confirmation.
  • NUOVOvLLM pickle-deserialization dependency advisory check. GitHub repo scans can now flag Python dependency files that pin or allow vllm versions affected by CVE-2024-9053 / GHSA-cj47-qj6g-x7r4, reporting version-based advisory evidence without running vLLM, exposing AsyncEngineRPCServer, sending pickle payloads, or claiming runtime code-execution confirmation.
  • NUOVOApache Airflow example-DAG advisory coverage. GitHub repo scans can now report repository dependency evidence for Airflow releases associated with CVE-2024-45498 / GHSA-c392-whpc-vfpr. The finding stays version-based and does not probe Airflow UI, trigger DAGs, run command payloads, or claim runtime exploit confirmation.
  • NUOVOONNX download_model_with_test_data advisory coverage. GitHub repo scans now report Python dependency evidence for onnx releases affected by CVE-2024-5187 / GHSA-6rq9-53c3-f7vj and add source-call context when download_model_with_test_data appears. The check does not run Python, download or extract model archives, create malicious tar files, overwrite files, or claim runtime exploit confirmation.
  • NUOVOYOURLS type-juggling dependency advisory check. GitHub repo scans can now flag Composer and YOURLS source-version evidence for yourls/yourls releases affected by CVE-2019-14537 / GHSA-vf23-f26f-mjj9, reporting version-based advisory evidence without calling the YOURLS API, sending authentication-bypass requests, probing admin pages, or claiming unauthorized access.
  • NUOVOhttp4k-format-xml dependency advisory check. GitHub repo scans can now flag Maven and Gradle build files that resolve org.http4k:http4k-format-xml versions affected by CVE-2024-55875 / GHSA-7mj5-hjjj-8rgw, reporting version-based advisory evidence without sending XML payloads, SSRF callbacks, local-file reads, or denial-of-service traffic.

June 14, 2026

  • CORRETTODOM XSS fragment probe stability fix. Verified active scans now skip the DOM fragment probe cleanly when browser automation is unavailable at startup, so reports no longer show internal browser-context errors for that check.
  • MIGLIORATOExpanded Red Hat npm worm coverage. GitHub repo scans now include additional Wiz-reported @redhat-cloud-services package versions for the Miasma campaign, while still reporting repository dependency evidence without installing packages, executing lifecycle scripts, or claiming credential theft.
  • NUOVOKnown npm typosquat package check. GitHub repo scans can now flag package manifests and lockfiles that resolve Microsoft-reported vpmdhaj npm typosquat package versions, reporting version-based advisory evidence without installing packages, executing lifecycle scripts, fetching tarballs, contacting attacker infrastructure, or claiming credential theft.
  • NUOVOCodex Remote UI token-stealing npm package check. GitHub repo scans can now flag package manifests and lockfiles that resolve codexui-android 0.1.82 or newer, reporting version-based advisory evidence without installing the package, executing it, reading Codex auth files, contacting exfiltration infrastructure, or claiming token theft.
  • NUOVOClaude Code GitHub Action workflow repo check. GitHub repo scans can now flag Claude Code Action workflows with mutable action refs, broad workflow token permissions, or risky access override inputs, reporting workflow YAML evidence without running Actions, executing Claude Code, reading CI secrets, or claiming prompt-injection exploitation.
  • NUOVOonering Rust crate malware repo check. GitHub repo scans can now flag Cargo manifests or lockfiles that resolve onering 1.4.1 or the known compromised onering git commit, and can flag matching checked-in build.rs evidence, without running Cargo, executing build scripts, fetching crates, or claiming source exfiltration.
  • NUOVONode-gyp / Phantom Gyp npm worm repo check. GitHub repo scans can now flag package manifests or lockfiles that resolve known malicious npm package versions from the binding.gyp supply-chain campaign, or flag matching binding.gyp source evidence, without running npm install, executing node-gyp, downloading tarballs, or claiming credential theft.

June 11, 2026

  • MIGLIORATOMoxa NPort authentication advisory coverage. The existing verified-active Moxa NPort firmware check now correlates the same strong HTTP model and firmware evidence with CVE-2016-9361 as part of the MCSA-160401 advisory family, while still reporting a version-based advisory without attempting password retries, brute-force checks, firmware uploads, unauthenticated administrative actions, SNMP queries, serial-device protocol probes, crash tests, or exploit confirmation.
  • MIGLIORATOMoxa NPort unauthenticated firmware-update advisory coverage. The existing verified-active Moxa NPort firmware check now correlates the same strong HTTP model and firmware evidence with CVE-2016-9369 as part of the MCSA-160401 advisory family, while still reporting a version-based advisory without attempting firmware uploads, unauthenticated administrative actions, SNMP queries, serial-device protocol probes, crash tests, or exploit confirmation.
  • NUOVOSchneider Modicon M221 firmware advisory check. Passive scans can now flag strong public HTTP product and firmware-version evidence for Modicon M221 controllers associated with CVE-2018-7790, reporting version-based advisory context without capturing credentials, replaying authentication, querying Modbus, uploading PLC programs, or claiming unauthorized-access confirmation.
  • NUOVOLangflow CVE-2025-34291 CORS advisory check. Verified active scans can now flag affected Langflow instances when target-specific version evidence is paired with credentialed CORS origin reflection, without authenticating, reading tokens, triggering refresh flows, or claiming code-execution confirmation.
  • NUOVOSiteOmat BOS version advisory check. Verified active scans can now flag public SiteOmat BOS version evidence associated with CVE-2017-14728 as a version-based advisory, without attempting default credentials, SSH login, broad port scans, state-changing management actions, or unauthorized access.
  • NUOVOSiteOmat login SQL injection advisory check. Verified active scans can now flag public SiteOmat BOS version evidence associated with CVE-2017-14851 as a version-based advisory, without submitting login forms, sending SQL injection payloads, attempting authentication bypass, accessing post-login pages, or making state-changing management requests.
  • NUOVOSiteOmat CGI buffer-overflow advisory check. Verified active scans can now flag public SiteOmat BOS version evidence associated with CVE-2017-14854 as a version-based advisory, without sending crafted CGI input, overflow payloads, crash tests, broad port scans, state-changing management actions, or exploit requests.
  • NUOVOKubernetes externalIPs manifest advisory check. GitHub repo scans can now flag Kubernetes Service manifests that declare non-empty spec.externalIPs as source/config hardening evidence for CVE-2020-8554, without inspecting live clusters, checking RBAC, sending traffic, or claiming traffic interception.
  • NUOVOApache Tomcat EncryptInterceptor dependency advisory check. GitHub repo scans can now flag Maven and Gradle files that resolve exact Tomcat releases associated with CVE-2026-34486 / GHSA-69r9-qgr7-g2wj, reporting version-based advisory evidence without running Tomcat, inspecting cluster traffic, sending crafted Tribes packets, or claiming plaintext-disclosure confirmation.
  • NUOVOApache Tomcat h2c request mix-up dependency advisory check. GitHub repo scans can now flag Maven and Gradle files that resolve Tomcat embedded-core or Coyote versions affected by CVE-2021-25122 / GHSA-j39c-c8hj-x4j3, reporting version-based advisory evidence without running Tomcat, sending h2c upgrade requests, capturing traffic, or claiming information-disclosure confirmation.
  • NUOVOPickleScan ZIP CRC dependency advisory check. GitHub repo scans can now flag Python dependency files that pin or allow PickleScan versions affected by CVE-2025-10156 / GHSA-mjqp-26hc-grxg, reporting version-based advisory evidence without running PickleScan, creating corrupted archives, loading models, or claiming runtime code-execution confirmation.
  • NUOVONLTK Zip Slip dependency advisory check. GitHub repo scans can now flag Python dependency files that pin or allow NLTK versions affected by CVE-2025-14009 / GHSA-7p94-766c-hgjp, reporting version-based advisory evidence without running Python or NLTK, calling nltk.download(), extracting packages, creating malicious archives, or claiming runtime code-execution confirmation.
  • NUOVOTanStack ArkType adapter malware dependency check. GitHub repo scans can now flag package manifests and lockfiles that resolve @tanstack/arktype-adapter to malicious versions 1.166.12 or 1.166.15 from CVE-2026-45321 / GHSA-g7cv-rxg3-hmpx, reporting version-based advisory evidence without running npm install, executing lifecycle scripts, downloading tarballs, or claiming credential theft.
  • NUOVOMbed TLS CVE-2021-44732 repo advisory check. GitHub repo scans can now flag source and build metadata that identify Mbed TLS versions affected by CVE-2021-44732, reporting version-based advisory evidence without running Mbed TLS, forcing out-of-memory behavior, calling session-copy APIs, or claiming live double-free confirmation.
  • NUOVOIIS TRACK method exposure check. Verified active scans can now flag legacy TRACK echo behavior associated with CVE-2003-1567 using non-sensitive request evidence, without sending cookies, credentials, browser exploit pages, user traffic, or state-changing requests.
  • NUOVORed Hat npm worm dependency advisory check. GitHub repo scans can now flag package manifests and lockfiles that resolve known compromised @redhat-cloud-services npm versions associated with the credential-stealing worm campaign, reporting dependency evidence without executing install scripts or claiming credential theft.
  • NUOVODICOM executable preamble check. GitHub repo scans can now flag committed DICOM files whose Part 10 preamble carries executable-file evidence, reporting static file evidence without executing the file or claiming production compromise.

June 10, 2026

  • NUOVOMbed TLS CVE-2023-45199 repo advisory check. GitHub repo scans can now flag source and build metadata that identify Mbed TLS 3.2.x through 3.4.x, reporting version-based advisory evidence without sending TLS handshake payloads or claiming live memory corruption.
  • NUOVORockwell MicroLogix 1100 advisory fingerprint. Passive scans can now flag strong public HTTP evidence of a Rockwell Automation MicroLogix 1100 controller associated with CVE-2021-33012, reporting advisory context without sending industrial protocol commands or claiming denial-of-service behavior.
  • NUOVOMoxa NPort firmware advisory check. Verified active scans can now flag public HTTP model and firmware-version evidence for Moxa NPort devices associated with CVE-2016-9363, reporting version-based advisory context without sending crafted packets, querying SNMP, testing serial-device services, or claiming exploit confirmation.
  • NUOVORockwell MicroLogix 1100 authentication-attempt advisory check. Verified active scans can now flag public HTTP model and firmware evidence for MicroLogix 1100 controllers associated with CVE-2017-7898, reporting version-based advisory context without attempting logins, brute force, or industrial protocol probes.
  • NUOVOLog4j 1.2 JDBCAppender advisory check. GitHub repo scans can now flag Log4j 1.2 dependency evidence paired with JDBCAppender SQL configuration for CVE-2022-23305 / GHSA-65fg-84f6-3jq3, reporting repository/config evidence without executing SQL, writing log events, or claiming runtime database compromise.
  • NUOVOLog4j 1.2 JMSAppender advisory check. GitHub repo scans can now flag Log4j 1.2 dependency evidence paired with JMSAppender configuration for CVE-2021-4104 / GHSA-fp5r-v3w9-4333, reporting repository/config evidence without contacting JNDI or JMS services or claiming runtime exploit confirmation.
  • NUOVOMicrosoft ATL MS09-035 source advisory check. GitHub repo scans can now flag legacy Visual C++ ATL project metadata paired with ATL source usage associated with CVE-2009-0901/CVE-2009-2493/CVE-2009-2495, reporting source/build advisory evidence without inspecting build machines, sending malformed streams, probing information disclosure, or claiming live code-execution confirmation.
  • NUOVOLangflow CVE-2026-33017 version advisory check. Verified active scans can now flag public Langflow version evidence for CVE-2026-33017 / GHSA-vwmf-pq79-vjvx as a version-based advisory, without submitting flow data, building flows, executing code, or claiming public-flow exploit confirmation.
  • NUOVOKeras CVE-2025-1550 dependency advisory check. GitHub repo scans can now flag Python dependency files that pin or allow Keras versions affected by CVE-2025-1550 / GHSA-48g7-3x6r-xfhp, reporting version-based advisory evidence without loading model archives, generating payloads, or claiming runtime code-execution confirmation.
  • NUOVOTLS RC4 negotiation advisory check. Verified active scans can now flag TLS endpoints that still select RC4 cipher suites associated with CVE-2015-2808, reporting confirmed RC4 support without capturing traffic or claiming plaintext recovery.
  • NUOVOTLS Sweet32 DES/3DES advisory check. Verified active scans can now flag TLS endpoints that still select DES or 3DES 64-bit block cipher suites associated with CVE-2016-2183, reporting confirmed cipher negotiation without capturing traffic or claiming plaintext recovery.
  • NUOVOSchneider PowerLogic EGX advisory check. Verified active scans can now flag public PowerLogic EGX100 firmware or EGX300 product evidence associated with CVE-2021-22765/CVE-2021-22767/CVE-2021-22768, reporting product/firmware advisory context without sending crafted HTTP packets, querying industrial protocols, crash-testing gateways, or claiming exploit confirmation.

May 27, 2026

  • NUOVOArcserve UDP CVE-2025-34523 version advisory check. Verified active scans can now flag public Arcserve UDP version evidence for CVE-2025-34523 as a version-based advisory, without sending crafted heap-overflow input, crash-testing the service, authenticating to the console, or claiming command execution.
  • NUOVOLiferay Portal CVE-2010-5327 version advisory check. Verified active scans can now flag public Liferay Portal version evidence for CVE-2010-5327 as a version-based advisory, without authenticating, editing templates, sending template payloads, or claiming command execution.
  • NUOVOws excessive-header DoS dependency advisory check. GitHub repo scans can now flag npm manifests and lockfiles that resolve ws versions affected by CVE-2024-37890 / GHSA-3h5v-q93c-6h6q, reporting version-based advisory evidence without sending denial-of-service traffic or claiming runtime WebSocket exposure.

May 25, 2026

  • MIGLIORATOSPIP version advisory wording. Passive SPIP version findings now distinguish version-fingerprint advisory evidence for CVE-2016-7980 and CVE-2016-7998 from runtime exploit proof, without active CSRF, local-file validation, or template-execution reproduction.
  • CORRETTOActive scan reliability and SSTI accuracy fix. Active scans now safely store response-derived evidence that contains unsupported control characters, and SSTI reporting requires stronger target-specific template-evaluation evidence instead of common page or static-asset content.

May 24, 2026

  • NUOVOWebdriverIO BrowserStack service dependency advisory check. GitHub repo scans can now flag npm manifests and lockfiles that resolve @wdio/browserstack-service versions affected by CVE-2026-25244 / GHSA-5c46-x3qw-q7j7, reporting version-based advisory evidence without running WebdriverIO, starting BrowserStack Local, or using command payloads.
  • NUOVOWordPress REST API user-exposure check. Verified active scans can now report WordPress REST users endpoints that return public user slugs to unauthenticated clients, with medium-severity exposure wording that does not claim WordPress version proof or account compromise.
  • NUOVODjango CSRF dependency advisory check. GitHub repo scans can now flag Python dependency files that pin or allow Django versions affected by CVE-2011-0696 / GHSA-5j2h-h5hg-3wf8, reporting version-based advisory evidence without running Django, probing state-changing routes, or claiming runtime CSRF exploitability.
  • NUOVOTMT Lockcell SQL injection active check. Verified active scans can now report TMT Lockcell login surfaces whose responses change consistently with CVE-2023-3047, using a bounded login-response comparison that does not run timing delays, follow authenticated redirects, or extract database data.
  • NUOVOOpenSSL PowerPC Poly1305 advisory check. GitHub repo scans can now correlate affected OpenSSL 3.x version evidence with PowerPC build/deployment evidence for CVE-2023-6129, reporting version-and-architecture advisory evidence without reproducing state corruption or denial-of-service behavior.

May 23, 2026

  • NUOVOControllo avviso electerm per esecuzione comandi non autenticata. Le scansioni dei repository GitHub possono ora segnalare manifesti npm e lockfile che fissano o consentono versioni di electerm affette da CVE-2020-23256 / GHSA-x73w-g8hx-v7rp, riportando il risultato come avviso basato sulla versione, senza sondare né avviare il servizio electerm.
  • NUOVOControllo avviso dipendenza SaltStack Salt. Le scansioni dei repository GitHub possono ora segnalare prove di dipendenza Python per versioni di Salt affette da CVE-2017-12791 / GHSA-xxvj-8g5m-4qgw, riportandolo come avviso basato sulla versione, senza sondare gli handshake del master Salt.
  • NUOVOControllo esposizione rclone RC fsinfo. Le scansioni attive verificate possono ora confermare l'esposizione fsinfo non autenticata di rclone Remote Control associata a CVE-2026-41179 / GHSA-jfwf-28xr-xw6q, usando prove di metadati limitate e senza esecuzione di comandi.
  • NUOVOControllo avviso persistenza di sessione di Apache Tomcat. Le scansioni dei repository GitHub possono ora segnalare file di build Maven e Gradle che risolvono versioni di Tomcat affette da CVE-2020-9484 / GHSA-344f-f5vg-2jfj, e rafforzare il risultato quando la configurazione del repo mostra anche persistenza di sessione PersistentManager basata su FileStore.
  • NUOVONote Mark dependency advisory check. GitHub repo scans can now flag Go manifests that resolve Note Mark backend versions affected by CVE-2026-44522 / GHSA-g49p-4qxj-88v3, reporting the result as a version-based advisory without uploading files, triggering exports, or claiming live RCE confirmation.

20 maggio 2026

  • NUOVOGogs dependency advisory check. GitHub le scansioni dei repository ora possono contrassegnare i manifest Go che bloccano le versioni Gogs interessate per CVE-2018-20303 / GHSA-9hxg-w7qf-hh93, con prove di avviso basate sulla versione anziché conferma dell'attraversamento del percorso.
  • NUOVOdeephas prototype-pollution advisory check. GitHub le scansioni repository ora possono contrassegnare manifest npm e file di lock che risolvono le versioni deephas interessate da CVE-2020-28271 / GHSA-4fr2-j4g9-mppf, con prove di avviso basate sulla versione anziché conferma dell'inquinamento del prototipo in fase di esecuzione.
  • NUOVOOpenSSL TLSv1.3 session advisory check. GitHub le scansioni dei repository ora possono correlare le prove della versione OpenSSL interessata con le prove della configurazione della sessione TLSv1.3 per CVE-2024-2511, segnalando prove di origine con confidenza media/config anziché una conferma di denial-of-service in tempo reale.

19 maggio 2026

  • MIGLIORATOelecterm Linux install-script coverage. L'avviso sulla dipendenza da electerm ora include CVE-2026-41501 / GHSA-8x35-hph8-37hq insieme all'avviso sullo script di installazione di macOS esistente, mantenendo l'ambito del risultato sul manifest npm e sulle prove del file di blocco anziché sulla conferma dell'exploit.
  • NUOVOGeniXCMS author-route SQL injection check. Le scansioni attive verificate ora possono confermare il comportamento degli errori del database in stile CVE-2017-5517- sui percorsi dell'autore GeniXCMS con prove specifiche del target, senza estrazione di dati o sonde SQL distruttive.
  • NUOVONetmaker DNS key authorization-bypass check. Le scansioni attive verificate ora possono confermare l'esposizione CVE-2023-32077 sulle distribuzioni Netmaker quando il DNS API di sola lettura nega la richiesta di base ma restituisce la prova del record DNS attraverso il percorso di autorizzazione legacy DNS, senza creare, modificare o eliminare record.
  • NUOVOopenDCIM source command-injection check. GitHub le scansioni del repository ora possono contrassegnare il pattern CVE-2026-28517 source/config in report_network_map.php con evidenza della corrispondenza della sorgente, confidenza e limiti di sfruttabilità del runtime invece dell'esecuzione attiva del comando.
  • NUOVOSPIP valider_xml XSS check. Le scansioni attive verificate ora possono confermare la riflessione CVE-2016-7981-style senza escape URL su implementazioni SPIP con prove di contesto HTML-specifiche per il target, senza eseguire JavaScript in un browser.
  • NUOVOApache Tomcat Coyote dependency advisory check. GitHub le scansioni repository ora possono contrassegnare file di build Maven e Gradle che risolvono Tomcat Coyote o versioni embedded-core interessate da CVE-2025-48989 / GHSA-gqp3-2cvr-x8m3, con prove di avviso basate sulla versione anziché conferma di negazione del servizio in runtime.
  • NUOVOveraPDF XSLT dependency advisory check. GitHub le scansioni repository ora possono contrassegnare file di build Maven e Gradle che risolvono gli artefatti veraPDF interessati da CVE-2024-28109 / GHSA-qxqf-2mfx-x8jw, con prove di avviso basate sulla versione anziché XSLT conferma di esecuzione.

18 maggio 2026

  • NUOVOelecterm dependency advisory check. GitHub le scansioni repository possono contrassegnare manifest npm e file di lock che bloccano o consentono versioni electerm interessate da CVE-2026-41500 / GHSA-wxw2-rwmh-vr8f e CVE-2026-41501 / GHSA-8x35-hph8-37hq, con prove di avviso basate sulla versione anziché conferma dell'exploit.
  • NUOVOOpenCms dependency advisory check. GitHub le scansioni repository ora possono contrassegnare i file Maven pom.xml che bloccano o risolvono le versioni org.opencms:opencms-core interessate da CVE-2023-42344 / GHSA-rcc6-6q2f-m2cw, con prove di avviso basate sulla versione anziché conferma dell'exploit XXE.
  • NUOVOMagicMirror /cors SSRF check. Le scansioni attive verificate ora possono confermare l'esposizione CVE-2026-42281 sulle istanze MagicMirror quando l'endpoint /cors non autenticato recupera un callback esterno controllato da FixVibe, senza sondare i servizi interni.

17 maggio 2026

  • NUOVOFUXA hardcoded JWT secret check. Le scansioni attive verificate ora possono confermare l'esposizione CVE-2025-69971 su istanze FUXA che ancora si fidano della configurazione di firma JWT di fallback vulnerabile.
  • NUOVOCKAN DataStore SQL exposure check. Le scansioni attive verificate ora possono confermare l'accesso non autenticato al CKAN DataStore SQL associato a CVE-2026-42031 e guidare i team verso linee di rilascio CKAN con patch o una configurazione più sicura di DataStore.

16 May 2026

  • NUOVOPDF.js dependency advisory check. GitHub le scansioni repository ora possono contrassegnare manifest npm e file di lock che bloccano o consentono versioni pdfjs-dist interessate da CVE-2024-4367 / GHSA-wgrm-67xf-hhpq.
  • NUOVOActive scans via REST API and MCP. Ora è possibile attivare scansioni attive da REST e MCP contro domini verificati che sono stati esplicitamente autorizzati dalla dashboard. L'autorizzazione è revocabile in qualsiasi momento.
  • NUOVOSafer authorization levels for active scans. L'autorizzazione del dominio ora distingue i controlli attivi automatizzati più sicuri dai test attivi più approfonditi, in modo che i team possano automatizzare il giusto livello di verifica per ciascun dominio.
  • NUOVOWebhook di primo utilizzo per scansioni attive API/MCP. Un webhook può avvisare i team la prima volta che una scansione attiva API/MCP-triggered viene eseguita su un dominio appena autorizzato.
  • MIGLIORATOImproved Referrer-Policy findings. Missing or weak Referrer-Policy results now separate URL-referrer leakage from broad information exposure, show document-response evidence, and include generic plus static-host remediation guidance.
  • MIGLIORATOImproved Permissions-Policy findings. Missing or weak Permissions-Policy results now show feature-level evidence, separate broad feature allowlists from missing hardening, and include generic plus static-host remediation guidance for common hosts, proxies, and app servers.
  • MIGLIORATOImproved clickjacking header prompts. Missing X-Frame-Options findings now point agents to CSP frame-ancestors as the modern protection, add Vercel/static SPA header guidance, and verify x-frame-options with CSP.
  • MIGLIORATOI report CSP header evidence and fix prompts improved. Missing-CSP ora includono un contesto di hosting e risposta più chiaro, oltre a indicazioni di correzione più sicure basate sul framework.
  • CORRETTOVercel path-probe false positives reduced. FixVibe ora richiede prove più forti specifiche dell'applicazione prima di segnalare artefatti del framework esposti sulle distribuzioni che riscrivono percorsi sconosciuti alla shell dell'app.
  • CORRETTOI rilevamenti di conformità non riportano più tag CWE fuorvianti. Il check legal-compliance assegnava CWE-359 (esposizione di PII) a "informativa privacy mancante" e "termini mancanti", che non descrive il vero gap. Ora vengono pubblicati senza CWE — sono questioni di conformità, non debolezze di sicurezza classificabili.

15 maggio 2026

  • NUOVOAdditional research-informed checks. FixVibe ha fornito una maggiore copertura basata sulla recente ricerca sulle vulnerabilità e ha mappato gli argomenti duplicati sui moduli di scansione esistenti dove la copertura già esisteva.
  • NUOVOVerifica fuga di segreti nel repository. Le scansioni di repository GitHub possono ora segnalare chiavi di provider hardcoded e valori ad alta entropia simili a segreti committati nel codice, con le prove mascherate e il prompt di rotazione standard di FixVibe incluso.
  • NUOVOVercel deployment protection check. Le scansioni passive ora possono contrassegnare gli URL di distribuzione generati da *.vercel.app pubblici che rispondono senza Vercel Distribuzione Protection, mentre i controlli delle intestazioni esistenti continuano a controllare CSP, HSTS e il rafforzamento del browser.

14 maggio 2026

  • NUOVOLiteLLM dependency advisory check. GitHub le scansioni del repository ora possono contrassegnare i file di dipendenza di Python che bloccano o consentono le versioni LiteLLM interessate da CVE-2026-42208 / GHSA-r75f-5x8p-qvmc.
  • NUOVOLibreNMS dependency advisory check. GitHub le scansioni del repository ora possono contrassegnare i manifest del compositore che bloccano o consentono le versioni LibreNMS interessate da CVE-2024-51092 / GHSA-x645-6pf9-xwxw.
  • MIGLIORATOLe scansioni Firebase rules detection improved. BaaS ora rilevano più forme di app Firebase e utilizzano prove di sola lettura per identificare l'esposizione rischiosa dei dati pubblici.

13 maggio 2026

  • NUOVORepo Supabase RLS migration check. GitHub le scansioni del repository ora possono contrassegnare le migrazioni Supabase SQL che creano tabelle pubbliche senza un'istruzione ALTER TABLE ... ENABLE ROW LEVEL SECURITY corrispondente.
  • NUOVOSupabase Storage posture check. Le scansioni passive ora possono esaminare i bucket di archiviazione Supabase pubblici e l'esposizione di elenchi di oggetti anonimi insieme ai RLS esistenti e ai controlli chiave.
  • NUOVOAI-generated code guardrail check. GitHub le scansioni dei repository ora possono segnalare l'automazione della sicurezza mancante relativa alla scansione del codice, alla scansione segreta, agli aggiornamenti delle dipendenze e alle istruzioni dell'agente AI-.

12 maggio 2026

  • NUOVORepo web-app risk checklist. GitHub le scansioni dei repository ora possono segnalare rischi di codice in stile OWASP- ad alta sicurezza come interpolazione grezza SQL, sink HTML non sicuri, caratteri jolly con credenziali CORS, verifica TLS disabilitata e fallback segreti JWT deboli.
  • NUOVONext.js middleware-bypass check. Le scansioni attive per i domini verificati ora possono confermare l'esposizione CVE-2025-29927 su percorsi protetti da middleware prima di segnalarla e i report includono la richiesta di correzione standard FixVibe AI per la correzione.

9 maggio 2026

  • SICUREZZACross-origin scope hardening. Le scansioni attive e i controlli delle risorse client ora rientrano nell'ambito di destinazione autorizzato ed evitano il trasporto delle credenziali fornite dal cliente attraverso reindirizzamenti multiorigine.
  • CORRETTOSupabase RLS check is now strictly read-only. Supabase i controlli posturali ora evitano tentativi di scrittura e si concentrano su segnali di esposizione sicura. Il test attivo del dominio verificato rimane il limite per una conferma più approfondita.
  • MIGLIORATOLe segnalazioni sugli header di sicurezza si applicano solo alle risposte HTML root. CSP, Permissions-Policy, X-Frame-Options o Referrer-Policy mancanti su un 204, un'API JSON, un download di file o una 404 non producono più una segnalazione. HSTS e X-Content-Type-Options continuano a essere valutati su tutte le risposte.
  • MIGLIORATOAuth-flow and rate-limit checks now require stronger evidence. FixVibe ora segnala questi problemi solo quando il comportamento dell'applicazione supporta chiaramente il risultato, riducendo il rumore derivante da pagine di errore generiche e metodi non supportati.
  • MIGLIORATOFile-upload findings tier by exploitability evidence. I report di caricamento file ora separano i segnali di accettazione con scarsa certezza da prove più forti di comportamenti di servizio rischiosi, riducendo la severità eccessiva sui gestori di caricamento benigni.

7 maggio 2026

  • CORRETTOThreat-intel listing accuracy improved. FixVibe ora distingue le prove reali della blocklist dalla diagnostica del risolutore in modo che i risultati delle informazioni sulle minacce non riportino in modo eccessivo le risposte di ricerca lato infrastruttura.
  • NUOVOScansioni di repository GitHub. Collega un repo e FixVibe controlla il sorgente per chiavi service Supabase esposte, token admin Firebase, file workflow rischiosi e dipendenze obsolete, senza mai caricare il tuo sito distribuito. Vedi Tipi di scansione.
  • NUOVOCheck SAST per JavaScript rischioso. Le scansioni repo ora segnalano new Function() e setTimeout("string"): entrambi equivalgono a eval() quando ricevono input non attendibile.
  • CORRETTOFalse segnalazioni “file esposto” su siti Vercel / Cloudflare. Le semplici risposte 403 Forbidden non sono più segnalate come “file exists”: la maggior parte dei provider edge restituisce 403 per path dall'aspetto sospetto, che il file esista o meno. Ora richiediamo un segnale HTTP positivo prima di segnalare.
  • CORRETTORepo-code false positives reduced. Le scansioni del repository ora evitano di contrassegnare i termini di sicurezza nei commenti, nella documentazione, negli assistenti ai test e chiaramente nei contesti solo server per diversi controlli di codice ad alto segnale.
  • CORRETTOLa chiave anon Supabase in localStorage non viene più segnalata come finding JWT-in-storage: la chiave anon è il token client previsto come pubblico. I veri token service-role nello storage del browser ora sono critical con un titolo più chiaro.
  • CORRETTOCSP weakness detection improved. Content-Security-Policy i controlli ora rilevano policy di origine più permissive mantenendo prove e soluzioni focalizzate sull'effettiva policy del browser.
  • CORRETTOReflected-XSS check tightened. Le scansioni attive ora richiedono prove di riflessione più forti prima di segnalare il rischio del contesto dell'eseguibile, riducendo i falsi positivi derivanti da markup non correlati sulla pagina.
  • CORRETTOLa verifica del dominio gestisce correttamente i redirect apex ↔ www ed è più chiara su quale valore inserire nel campo Host del record TXT.

Formato

Ogni voce è etichettata così puoi scorrerla rapidamente:

  • NUOVO Un nuovo check, superficie o funzionalità.
  • MIGLIORATO Un comportamento esistente è migliorato: più accurato, più veloce, più chiaro.
  • CORRETTO Un bug che abbiamo rilasciato e poi corretto.
  • SICUREZZA Hardening, correzioni di vulnerabilità o modifiche di conformità.

Noti qualcosa che si è rotto e non è registrato qui? Scrivi a support@fixvibe.app.

Changelog — Docs · FixVibe