This release introduces the new Asset Appendix, a dedicated section in Asset Details that surfaces extra technical data collected by our scanners, including CORS configurations, input reflections, and JavaScript files. It provides security teams and researchers with deeper context for triage, investigation, and validation.We’ve also refined user roles, target cards, and the API to deliver smoother, more efficient workflows.
Our scanners collect valuable technical details beyond vulnerabilities. With this release, we’re giving you access to more of that data through the new Asset Appendix, a place where all those “extra but interesting” findings now live.
The Asset Appendix gives you visibility into three new types of asset data collected during scans:
See where the platform detected reflected input that could indicate injection points like HTML Injection or XSS. These aren’t vulnerabilities by themselves, but they can help identify areas worth a closer look.
Review detected CORS settings and possible misconfigurations that might expose sensitive tokens or cookies.
View JavaScript files discovered during scans - including their URLs, filenames, and content types -to understand how scripts interact with your application.
You’ll find the new Appendix tab inside the Asset Details overlay. Like everything in ULTRA RED, this data is refreshed according to your scan schedule, and items not seen again within three days are automatically removed to keep things clean and relevant.
Operators and above can now adjust the scan Rate Limit (RPM), a small change that gives you finer control over scan behavior.
Each target card now highlights the highest Threat Score and EPSS Score across its assets, making it easy to spot which environments need your attention first.
The Targets sidebar has been reorganized to flow more naturally, putting the most-used sections right where you expect them.
