Newly Added Security Tests, February 15, 2017: MongoDB

DetectifyFeb 15, 2017

Security never stands still, which is why we update our service on a regular basis to help you keep up with the latest vulnerabilities. We are constantly working on updating and improving our modules, but you can find some highlights from this week’s update below:

MongoDB operation injection module
WordPress github-btn XSS
HelpJuice XSS
Express (serve static) open redirect

Detectify

Complete External Attack Surface Management for AppSec and ProdSec teams.

Check out more content

Product Updates

Introducing Dynamic API Scanning

Application environments are more complex than ever, with APIs forming the critical connective tissue. But this proliferation has created a vast, often invisible, attack surface. …

September 02, 2025

Product Updates

Redefining AppSec Testing with Intelligent Scan Recommendations and Asset Classification

The average organization is missing testing 9 out of 10 of their complex web apps that are attacker-attractive targets. To address this, we’re launching new …

April 24, 2025

Product Updates

Security Update: Publicly Exposed Ingress NGINX Admission

A series of vulnerabilities, known as IngressNightmare (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974), have been identified in ingress-nginx, a widely used Kubernetes ingress controller. When exploited together, …

March 26, 2025

Product Updates

Introducing Alfred for fully autonomous AI-built vulnerability assessments

We are excited to announce Detectify Alfred, a revolutionary system that uses AI to completely autonomously collect and prioritize threat intelligence and generate high-fidelity security …

March 10, 2025