7 months ago

May 19, 2025

Eleven new software fingerprints and a Rapid Response bulletin.

Rapid Response

The Censys Rapid Response team published information about and queries for the following issues and vulnerabilities.

Stack-Based Buffer Overflow Vulnerability Affecting Multiple Fortinet Products [CVE-2025-32756]
- Use the following queries to find Fortinet products. Not all of these are necessarily vulnerable, as specific version information may not be available.

New fingerprints

Added the following fingerprints.

Type	Name	Description	Query
software	Fortinet FortiVoice Application	This is a Fortinet FortiVoice Application.	Platform query
software	Fortinet FortiNDR	This is a Fortinet FortiNDR Server.	Platform query
software	Fortinet FortiCamera	This is a Fortinet FortiCamera device.	Platform query
software	Commvault CommCell by Certificate	Commvault CommCell is a centralized management framework that coordinates and controls all data protection operations across a Commvault environment.	Platform query
software	Fortinet FortiVoice	This is a Fortinet FortiVoice Server.	Platform query
software	Fortinet FortiMail	This is a Fortinet FortiMail server.	Platform query
software	Commvault CommCell Console	The CommCell Console is the central management user interface for managing the CommCell environment.	Platform query
software	Fortinet FortiRecorder	This is a Fortinet FortiRecorder Server.	Platform query
software	Cisco Wireless Controller	This is a Cisco Wireless Controller.	Platform query
software	Cisco IOS XE	This is a device running Cisco IOS XE software.	Platform query
software	Cisco Catalyst 9800 Series Wireless Controller	This is a Cisco Catalyst 9800 Series Wireless Controller.	Platform query

An RSS feed for the Censys changelog is available here.

8 months ago

May 12, 2025

Four new software fingerprints and two Rapid Response bulletins.

Rapid Response

The Censys Rapid Response team published information about and queries for the following issues and vulnerabilities.

Critical RCE Vulnerability Identified in Craft CMS (CVE-2025-32432)
- Use the following queries to find instances of Craft CMS. Not all of these are necessarily vulnerable, as specific version information may not be available.
Unauthenticated Code Injection Vulnerability in Langflow (CVE-2025-3248)
- Use the following queries to find exposed Langflow servers. Not all of these are necessarily vulnerable, as specific version information may not be available.

New fingerprints

Added the following fingerprints.

Type	Name	Description	Query
risk	Vulnerable SonicWall Gen7 Firewall [CVE-2024-53704]	SonicWall Gen7 Firewalls are vulnerable to an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication. This vulnerability affects SonicWall gen7 firewalls (models TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700) versions 7.1.x (7.1.1-7058 and older versions of 7.1.x only), and version 7.1.2-7019. Additionally, SonicWall Gen7 NSv (models 270, 470, and 870) versions 7.1.x (7.1.1-7058 and older versions of 7.1.x only), and version 7.1.2-7019 are affected, and the SonicWall TZ80 model (version 8.0.0-8035) is also affected.	ASM query: `risks.name="Vulnerable SonicWall Gen7 Firewall [CVE-2024-53704]"`
software	OpenCTI	This is an OpenCTI Cyber Threat Intelligence Platform.	Platform query
software	SonicWall SonicOSX	This is a SonicWall SonicOSX operating system.	Platform query
software	SonicWall SonicOS	This is a SonicWall SonicOS operating system.	Platform query
software	Langflow	Langflow is a low-code tool for building and deploying AI-powered agents and workflows.	Platform query

An RSS feed for the Censys changelog is available here.

8 months ago

May 5, 2025

Two new Rapid Response bulletins and two new software fingerprints.

Rapid Response

The Censys Rapid Response team published information about and queries for the following issues and vulnerabilities.

SAP NetWeaver Actively Exploited Unauthenticated File Upload Vuln (CVE-2025-31324)
Critical Pre-Authentication RCE Vulnerability in Commvault Software (CVE-2025-34028)
- Use the following queries to find internet-facing instances of Commvault software. Not all of these are necessarily vulnerable, as specific version information may not be available.

New fingerprints

Added the following fingerprints.

Type	Name	Description	Query
software	eSSL eTimeTrackLite	This is an eSSL eTimeTrackLite employee time tracking and attendance management system.	Platform query
software	Commvault Command Center	This is a Commvault Command Center server.	Platform query

An RSS feed for the Censys changelog is available here.

8 months ago

April 28, 2025

New Platform web app landing page, Platform Report Builder improvements, and Ports & Protocols dashboard for ASM.

Platform

Find the information you need in the Censys Platform faster using the new web app landing page. The new landing page includes a rotating selection of example queries, data aggregations, new onboarding steps, and more.
Use the new Filter my results to display services or endpoints that match my query option on the Report Builder to limit the report results to only the services or endpoints that match your query. This option helps you build more focused reports.
- The maximum number of report buckets has also been increased to 2,000.
Integrate Censys Platform functionality with your automated workflows with the new Python and Go SDKs.
- The Python SDK is also available on PyPI.

ASM

The new Ports & Protocols Dashboard enables you to understand exactly which ports are open in your attack surface across the full 65,535-port range. This allows you to quickly determine whether there are any open ports that are misconfigured or non-compliant with your organization’s policy.
- The dashboard also shows which protocols are present on your ports. ASM identifies whether these protocols are on standard ports, as defined by IANA.

New fingerprints

Added the following fingerprints.

Type	Name	Description	Query
risk	WINRM Service Exposed	Windows Remote Management (WinRM) is a Microsoft protocol used for remotely managing Windows systems via PowerShell and other tools. While powerful for automation and administration, exposing WinRM to the internet is dangerous because it can allow attackers to execute remote commands, especially if using weak or default credentials. It supports basic and NTLM authentication, which can be intercepted or brute-forced, particularly over unencrypted HTTP (port 5985). Without proper safeguards like VPN access, strong auth, and firewalls, an exposed WinRM service is a high-risk entry point for attackers.	`risks.name="WINRM Service Exposed"`
software	DPanel	This is a DPanel Docker Server.	Platform query Legacy Search query

Type

Name

Description

Query

risk

WINRM Service Exposed

Windows Remote Management (WinRM) is a Microsoft protocol used for remotely managing Windows systems via PowerShell and other tools. While powerful for automation and administration, exposing WinRM to the internet is dangerous because it can allow attackers to execute remote commands, especially if using weak or default credentials. It supports basic and NTLM authentication, which can be intercepted or brute-forced, particularly over unencrypted HTTP (port 5985). Without proper safeguards like VPN access, strong auth, and firewalls, an exposed WinRM service is a high-risk entry point for attackers.

risks.name="WINRM Service Exposed"

software

DPanel

This is a DPanel Docker Server.

Platform query

Legacy Search query

An RSS feed for the Censys changelog is available here.

8 months ago

April 21, 2025

This release includes one new Rapid Response bulletin and four new software fingerprints.

Rapid Response

The Censys Rapid Response team published information about and queries for the following issues and vulnerabilities.

Unauthenticated RCE in Erlang/OTP (CVE-2025-32433)
- Use the following queries to identify exposed Erlang SSH servers. Not all of these are necessarily vulnerable, as specific version information may not be available.
- Platform query
- Legacy Search query
- ASM query

New fingerprints

Added the following fingerprints.

Type	Name	Description	Query
software	Microsoft Power Apps	A modern low/no-code solution developed by Microsoft..	Platform query
software	Erlang SSHS	This is an Erlang SSH Server.	Platform query Legacy Search query
software	AQUILA Radiology Imaging Software by IMEXHS	AQUILA is a radiology imaging software platform that provides digital imaging and diagnostic support for medical facilities. It is commonly used in radiology departments for managing and viewing medical images.	Platform query Legacy Search query
software	Progress Kemp Loadmaster	This host appears to be running, or be running behind a Progress Kemp Loadmaster load balancer.	Platform query Legacy Search query

An RSS feed for the Censys changelog is available here.

8 months ago

April 14, 2025

This release features five new software fingerprints and two new ASM Rapid Response risks.

Rapid Response

The Censys Rapid Response team published information about and queries for the following issues and vulnerabilities.

Vulnerability in FortiSwitch Allows Unauthenticated Attackers to Change Admin Passwords (CVE-2024-48887)
- Use the following queries to find Fortinet FortiSwitch instances. Not all of these are necessarily vulnerable, as specific version information may not be available.
- Platform query
- Legacy Search query
- ASM query
Actively Exploited Deserialization Vulnerability in Gladinet CentreStack Secure File Sharing Software (CVE-2025-30406)
- The queries below can be used to identify exposed instances of Gladinet CentreStack, but they are not necessarily vulnerable to the exploit.
- Platform query
- Legacy Search query
- ASM query
- ASM risk query
  - This query can be used to identify exposed instances of Gladinet CentreStack that are vulnerable to the exploit.

New fingerprints

Added the following fingerprints.

Type	Name	Description	Query
risk	Vulnerable Gladinet CentreStack [CVE-2025-30406]	Gladinet CentreStack through version 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use.	ASM query
software	Gladinet Centrestack	This is a Gladinet Centrestack Server.	Platform query Legacy Search query
software	Fortinet FortiSwitch	This is a Fortinet FortiSwitch device.	Platform query Legacy Search query
software	Dell PowerProtect	Dell PowerProtect Data Domain and Data Manager.	Platform query Legacy Search query
software	CE-WAF Proactive Web Application Firewall	CE-WAF is a custom or internal Web Application Firewall solution.	Platform query
software	Aikido Zen WAF	ZenWAF is a Web Application Firewall solution produced by Aikido.	Platform query Legacy Search query

An RSS feed for the Censys changelog is available here.

9 months ago

April 7, 2025

This release includes two new Rapid Response risks for ASM and a new software fingerprint for all datasets.

Rapid Response

The Censys Rapid Response team published information about and queries for the following issues and vulnerabilities.

Unauthenticated Auth Bypass Vulnerability in CrushFTP CVE-2025-31161
- Use the following queries to find CrushFTP services. Not all of these are necessarily vulnerable, as specific version information may not be available.
- Platform query
- Legacy Search query
- ASM query
- ASM risk query
  - This query can be used to identify exposed instances of CrushFTP that are vulnerable to the exploit.
Unauthenticated RCE Vulnerability in Ivanti Connect & Policy Secure and ZTA Gateway CVE-2025-22457
- Use the following queries to find Ivanti Connect Secure services. Not all of these are necessarily vulnerable, as specific version information may not be available.
- Platform query
- Legacy Search query
- ASM query
- ASM risk query
  - This query can be used to identify exposed instances of Ivanti Connect Secure that are vulnerable to the exploit.

New fingerprints

Type	Name	Description	Query
risk	Vulnerable CrushFTP [CVE-2025-2825, CVE-2025-31161]	CrushFTP contains an unauthenticated authentication bypass vulnerability. This affects CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0. There are two CVE-IDs because the original CVE-2025-2825 was assigned by VulnCheck, but the vendor has identified the CVE-ID as CVE-2025-31161.	ASM query
risk	Vulnerable Ivanti Connect Secure Application [CVE-2025-22457]	This Ivanti Connect Secure (before 22.7R2.6) application is vulnerable to CVE-2025-22457. This vulnerability allows an unauthenticated attacker to achieve remote code execution.	ASM query
software	Medsynapse PACS	Medsynapse PACS is a web-based picture archiving and communication system (PACS) for transfer of medical images within and outside hospitals.	Platform query Legacy Search query

Type

Name

Description

Query

risk

Vulnerable CrushFTP [CVE-2025-2825, CVE-2025-31161]

CrushFTP contains an unauthenticated authentication bypass vulnerability. This affects CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0. There are two CVE-IDs because the original CVE-2025-2825 was assigned by VulnCheck, but the vendor has identified the CVE-ID as CVE-2025-31161.

ASM query

risk

Vulnerable Ivanti Connect Secure Application [CVE-2025-22457]

This Ivanti Connect Secure (before 22.7R2.6) application is vulnerable to CVE-2025-22457. This vulnerability allows an unauthenticated attacker to achieve remote code execution.

ASM query

software

Medsynapse PACS

Medsynapse PACS is a web-based picture archiving and communication system (PACS) for transfer of medical images within and outside hospitals.

Platform query

Legacy Search query

An RSS feed for the Censys changelog is available here.

9 months ago

April 2, 2025

This release includes Collections for the Platform and risk evidence for ASM.

For product updates from before April 2, 2025, please refer to the product updates section of the Censys Community.

Censys Platform

Use Collections to track and monitor the results of a Censys query over time.
- Save time and resources by creating a collection and configuring alerts to track new assets that match your queries.
- Collections track both additions and subtractions to assets that match your queries.
- Configure collection webhooks to receive real-time alerts for any changes within your collections.
- Collections are currently available to Platform Starter users.
- Learn more about Collections in the Censys Academy.

Censys ASM

Use risk evidence to understand how Censys ASM detected a risk and determine whether a risk requires further validation before it is prioritized for remediation.
- Risk evidence links directly to the scan data that includes the evidence for risk. This enables you to accelerate your investigations and use Censys data to find and close risks faster.

Rapid Response

The Censys Rapid Response team published information about and queries for the following issues and vulnerabilities.

Authentication Bypass Vulnerability in Next.js CVE-2025-29927
- Use the following queries to map Next.js services. Not all of these are necessarily vulnerable, as specific version information may not be available.

New protocols

Added support for the following protocols.

Protocol	Query
`CHECK_MK_AGENT`	Platform query
`NATS_IO`	Platform query

New fingerprints

Added the following fingerprints.

Type	Name	Description	Query
risk	Exposed Kubernetes Ingress NGINX Admission Controller	The affected service exposes a Kubernetes Ingress NGINX Admission Controller. This controller is vulnerable to multiple critical unauthenticated Remote Code Execution vulnerabilities collectively known as "IngressNightmare" (CVE-2025-1974, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-24513). Exploitation can lead to unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in complete cluster takeover.	ASM query
risk	Vulnerable Next.js [CVE-2025-29927]	Next.js contains a vulnerability that could allow an attacker to execute arbitrary code through a specially crafted request. This affects versions 11.1.4 through 12.3.5, 13.0.0 through 13.5.9, 14.0.0 through 14.2.25, and 15.0.0 through 15.2.3.	ASM query

An RSS feed for the Censys changelog is available here.