Releases · projectdiscovery/nuclei-templates

15 Jul 07:45

princechaddha

v10.2.5

4ed154c

Nuclei Templates v10.2.5 - Release Notes Latest

Latest

New Templates Added: `75` | CVEs Added: `22` | First-time contributions: `5`

🔥 Release Highlights 🔥

[CVE-2025-48827] vBulletin 5.0.0-6.0.3 - Authentication Bypass (@pszyszkowski) [critical] 🔥
[CVE-2025-47812] Wing FTP Server <= 7.4.3 - Remote Code Execution (@rcesecurity, @4m3rr0r) [critical] (kev) 🔥
[CVE-2025-5777] Citrix NetScaler Memory Disclosure - CitrixBleed 2 (@watchtowr, @dhiyaneshdk, @darses) [critical] (kev) 🔥
[CVE-2025-4380] Ads Pro Plugin <= 4.89 - Local File Inclusion (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-2010] WordPress JobWP Plugin <= 2.3.9 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-42475] Fortinet SSL-VPN - Heap-Based Buffer Overflow (@0xhaggis, @pszyszkowski) [critical] 🔥
[CVE-2020-9548] FasterXML Jackson Databind <=2.9.10.4 - Remote Code Execution (@tomaquet18) [critical] 🔥
[CVE-2020-9547] FasterXML jackson-databind - Deserialization Remote Code Execution (@Pranjalnegi) [critical] 🔥

What's Changed

💰 Bounties Rewarded 💰

CVE-2025-48827 - vBulletin - Authentication Bypass 💰 #12506
CVE-2020-9547 - FasterXML jackson-databind 💰 #12488
CVE-2020-9548 - CVE-2020-9548 💰 #12484
CVE-2020-0646 - Microsoft .NET Framework - Remote Code Execution 💰 #12210
CVE-2020-12641 - Roundcube Webmail - Command Injection 💰 #12153

False Negatives

Fixed CVE-2023-5561 false negatives (#12187)

Templates Added

[CVE-2025-53624] Docusaurus Gists Plugin < 4.0.0 - GitHub Personal Access Token Exposure (@darses) [high]
[CVE-2025-52488] DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure (@assetnote, @dhiyaneshdk, @iamnoooob, @pdresearch) [high] 🔥
[CVE-2025-49493] Akamai CloudTest < 60 2025.06.02 - XML External Entity (XXE) (@xbow, @3th1c_yuk1) [critical]
[CVE-2025-48827] vBulletin 5.0.0-6.0.3 - Authentication Bypass (@pszyszkowski) [critical] 🔥
[CVE-2025-47813] Wing FTP Server <= 7.4.3 - Path Disclosure via Overlong UID Cookie (@rcesecurity, @pdteam) [medium]
[CVE-2025-47812] Wing FTP Server <= 7.4.3 - Remote Code Execution (@rcesecurity, @4m3rr0r) [critical] (kev) 🔥
[CVE-2025-41646] RevPi Webstatus <= v2.4.5 - Authentication Bypass (@dhiyaneshdk) [critical]
[CVE-2025-34040] Zhiyuan OA Platform - Arbitrary File Upload (@iamnoooob, @pdresearch) [critical]
[CVE-2025-32815] NetMRI < 7.6.1 - Authentication Bypass via Hardcoded Credentials (@iamnoooob, @pdresearch) [medium]
[CVE-2025-32814] NetMRI Unauthenticated SQL Injection via skipjackUsername (@iamnoooob, @pdresearch) [critical]
[CVE-2025-32813] Infoblox NetMRI < 7.6.1 - Unauthenticated Command Injection in get_saml_request (@iamnoooob, @pdresearch) [high]
[CVE-2025-27505] GeoServer - Missing Authorization on REST API Index (@securitytaters) [medium]
[CVE-2025-6216] Allegra - Authentication Bypass via Predictable Password Reset Token (@iamnoooob, @pdresearch) [critical]
[CVE-2025-5777] Citrix NetScaler Memory Disclosure - CitrixBleed 2 (@watchtowr, @dhiyaneshdk, @darses) [critical] (kev) 🔥
[CVE-2025-4380] Ads Pro Plugin <= 4.89 - Local File Inclusion (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-2010] WordPress JobWP Plugin <= 2.3.9 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-50334] Scoold < 1.64.0 - Authentication Bypass (@xbow, @iamnoooob, @pdresearch) [medium]
[CVE-2024-42475] Fortinet SSL-VPN - Heap-Based Buffer Overflow (@0xhaggis, @pszyszkowski) [critical] 🔥
[CVE-2023-49230] Peplink Balance Two before 8.4.0 - Unauthenticated Config Upload (@Srilakivarma) [high]
[CVE-2022-23397] Cedar Gate EZ-NET <= 6.8.0 - Cross-Site Scripting (@Srilakivarma) [medium]
[CVE-2020-9548] FasterXML Jackson Databind <=2.9.10.4 - Remote Code Execution (@tomaquet18) [critical] 🔥
[CVE-2020-9547] FasterXML jackson-databind - Deserialization Remote Code Execution (@Pranjalnegi) [critical] 🔥
[account-lockout-threshold] Account Lockout Threshold Check (@nukunga[SungHyunJeon]) [medium]
[admin-account-rename] Administrator Account Rename Check (@nukunga[SungHyunJeon]) [medium]
[admin-group-minimal] Minimum Administrator Group Membership Check (@nukunga[SungHyunJeon]) [medium]
[autologon-control] Autologon Function Control Check (@nukunga[SungHyunJeon]) [medium]
[crash-on-audit-fail] Shutdown on Audit Failure Check (@nukunga[SungHyunJeon]) [medium]
[dns-zone-transfer-check] DNS Zone Transfer Check (@nukunga[SungHyunJeon]) [medium]
[ftp-access-control-check] FTP Access Control Check (@nukunga[SungHyunJeon]) [medium]
[ftp-anonymous-check] Anonymous FTP Disabled Check (@nukunga[SungHyunJeon]) [medium]
[ftp-directory-permission-check] FTP Directory Access Permission Check (@nukunga[SungHyunJeon]) [medium]
[hard-disk-default-share] Hard Disk Default Share Removal Check (@nukunga[SungHyunJeon]) [medium]
[password-cleartext-encryption] Store Passwords Using Reversible Encryption Check (@nukunga[SungHyunJeon]) [medium]
[password-never-expires] Password Expiry Setting Check (@nukunga[SungHyunJeon]) [medium]
[rds-removal-check] RDS Removal Check (@nukunga[SungHyunJeon]) [medium]
[remote-registry-access-check] Remote Registry Service Disabled Check (@nukunga[SungHyunJeon]) [medium]
[remote-system-shutdown] Remote System Forced Shutdown Privilege Check (@nukunga[SungHyunJeon]) [medium]
[sam-file-access-control] SAM File Access Control Check (@nukunga[SungHyunJeon]) [medium]
[service-pack-check] Latest Service Pack Check (@nukunga[SungHyunJeon]) [medium]
[shutdown-without-logon] Shutdown Without Logon Check (@nukunga[SungHyunJeon]) [medium]
[unnecessary-accounts-check] Unnecessary Accounts Detection (@nukunga[SungHyunJeon]) [medium]
[unnecessary-service-check] Unnecessary Service Removal Check (@nukunga[SungHyunJeon]) [medium]
[molgenis-default-login] Molgenis - Default Login (@ritikchaddha) [high]
[cisco-cm-panel] Cisco Unified CM Console - Panel (@rxerium) [info]
[cisco-prime-license-manager-panel] Cisco Prime License Manager - Detect (@rxerium) [info]
[google-adk-api-exposed] Google ADK API Exposure (@princechaddha) [unknown]
[google-adk-webui-exposed] Google ADK Development UI Exposure (@princechaddha) [unknown]
[molgenis-panel] Molgenis Panel - Exposure (@matejsmycka) [info]
[peplink-panel] Peplink Login Panel - Detect (@pussycat0x) [info]
[wingftp-panel] Wing FTP Server Login Panel - Detect (@pdteam) [info]
[torrent-magnet-detect] Torrent Magnet - Detect (@rxerium) [info]
[dd-wrt-controlpanel-exposure] DD-WRT Control Panel - Exposure (@dhiyaneshdk) [low]
[pritunl-installer] Pritunl - Installation (@dhiyaneshdk) [high]
[twonky-server-exposure] Twonky Server - Exposure (@dhiyaneshdk) [high]
[sessionize] Sessionize User Information - Detect (@rxerium) [info]
[graphql-apiforwp-detect] Graphql apiforwp Detect (@princechaddha) [info]
[graphql-apollo-detect] Graphql Apollo Detect (@princechaddha) [info]
[graphql-ariadne-detect] Graphql Ariadne Detect (@princechaddha) [info]
[graphql-dianajl-detect] Graphql Dianajl Detect (@princechaddha) [info]
[graphql-flutter-detect] Graphql Flutter Detect (@princechaddha) [info]
[graphql-go-detect] Graphql Go Detect (@princechaddha) [info]
[graphql-gqlgen-detect] Graphql Gqlgen Detect (@princechaddha) [info]
[graphql-graphene-detect] Graphql Graphene Detect (@princechaddha) [info]
[graphql-hasura-detect] Graphql Hasura Detect (@princechaddha) [info]
[graphql-hypergraphql-detect] Graphql Hypergraphql Detect (@princechaddha) [info]
[graphql-java-detect] Graphql Java Detect (@princechaddha) [info]
[graphql-juniper-detect] Graphql Juniper Detect (@princechaddha) [info]
[graphql-php-detect] Graphql PHP Detect (@princechaddha) [info]
[graphql-ruby-detect] Graphql Ruby Detect (@princechaddha) [info]
[graphql-sangria-detect] Graphql Sangria Detect (@princechaddha) [info]
[graphql-strawberry-detect] Graphql Strawberry Detect (@princechaddha) [info]
[graphql-tartiflette-detect] Graphql Tartiflette Detect (@princechaddha) [info]
[graphql-wpgraphql-detect] Graphql wpgraphql Detect (@princechaddha) [info]
[infoblox-netmri-rails-cookie-rce] Infoblox NetMRI < 7.6.1 - Remote Code Execution via Hardcoded Ruby Cookie Secret Key (@iamnoooob, @pdresearch) [critical]
[jdwp-detect] Java Debug Wire Protocol - Detect (@johnk3r) [info]

New Contributors

@4m3rr0r made their first contribution in #12518
@Teruya-Higashi made their first contribution in #12535
@matejsmycka made their first contribution in #12538
@Pranjal6955 made their first contribution in #12491
@tomaquet18 made their first contribution in #12487

Full Changelog: v10.2.4...v10.2.5

Contributors

xbow, johnk3r, and 24 other contributors

Assets 3

01 Jul 11:32

princechaddha

v10.2.4

f10132e

Nuclei Templates v10.2.4 - Release Notes

New Templates Added: `67` | CVEs Added: `30` | First-time contributions: `9`

🔥 Release Highlights 🔥

[CVE-2025-49132] Pterodactyl Panel - Remote Code Execution (@darses) [critical] 🔥
[CVE-2025-30220] GeoServer WFS - XXE Processing Vulnerability (@iamnoooob, @pdresearch) [critical] 🔥
[CVE-2024-3272] D-Link Network Attached Storage - Backdoor Account (@ritikchaddha) [critical] (kev) 🔥
[CVE-2021-33045] Dahua IPC/VTH/VTO - Auth Bypass (@phantomowl) [critical] (kev) 🔥
[CVE-2020-11984] Apache HTTP Server - RCE (@[email protected], @pszyszkowski, @pdresearch, @iamnoooob) [critical] 🔥
[CVE-2020-0796] Microsoft SMBv3 - Remote Code Execution (@yusuf Amr) [critical] (kev) 🔥
[CVE-2020-0646] Microsoft .NET Framework - Remote Code Execution (@pszyszkowski) [critical] (kev) 🔥
[CVE-2019-17564] Apache Dubbo 2.5.x-2.7.4 - Insecure Deserialization (@Khalid6468) [critical] 🔥
[CVE-2019-0604] Microsoft SharePoint - RCE (@tree-chtsec, @pszyszkowski) [critical] (kev) 🔥
[CVE-2018-19207] WP GDPR Compliance < 1.4.3 - Unauth Call Any Action or Update Any Option (@iamnoooob, @pdresearch) [critical] 🔥
[CVE-2018-14933] NUUO NVRmini - RCE (@ritikchaddha) [critical] (kev) 🔥

What's Changed

Bounties Rewarded 💰

Anyscale Ray RCE (CVE-2023-48022, Issue #12451)
Microsoft SharePoint RCE (CVE-2019-0604, Issue #12340)
elFinder Command Injection (CVE-2019-9194, Issue #12288)
Microsoft SMBv3 RCE (CVE-2020-0796, Issue #12271)
Apache HTTP Server mod_proxy_uwsgi Info Disclosure & RCE (CVE-2020-11984, Issue #12266)

Bug Fixes

Fixed typo in CVE-2020-13700 (#12509)
Corrected Microsoft Silverlight detection (#12492)
Fixed MCP templates (#12400)
Renamed CVE-2020-11984.yaml (#12469)
Renamed hp-printer-default-login.yaml (#12407)

False Negatives

Improved conditional flow check for CVE-2025-29927 (#12480)

False Positives

Fixed revoked-ssl-certificate false positives (#12409, #12445)
Reduced false positives in bagisto-csti.yaml (#12430)
Removed invalid CVE-2024-33559.yaml (#12437)

Enhancements

Updated CVE-2019-0604.yaml (#12479)
Updated cisco-ise-admin-panel (#12477)
Updated and renamed moodle-filter-jmol-lfi.yaml & moodle-filter-jmol-xss.yaml (#12470)
Updated gogs-panel (#12466)
Updated and renamed vbulletin-replacead-rce.yaml to CVE-2025-48828.yaml (#12421)
Updated versa-director-login (#12422)
Updated veeam-backup-manager-login (#12399)
Updated misp-panel (#12390)
Updated privatebin-detect (#12354)
Updated mitel-micollab-panel (#12344)
Updated ActiveMQ default login & detection (#12329)
Updated Apache Airflow default login (#12328)
Updated apachespark-ui-exposed.yaml (#12289)
Updated tech-detect.yaml (#12274)

Templates Added

[CVE-2025-49132] Pterodactyl Panel - Remote Code Execution (@darses) [critical] 🔥
[CVE-2025-47646] PSW Front-end Login & Registration 1.13 - Weak Password Recovery (@pussycat0x) [critical]
[CVE-2025-47423] Personal Weather Station Dashboard 12 - Directory Traversal (@pussycat0x) [high]
[CVE-2025-45985] Blink Router - Command Injection (@darses) [critical]
[CVE-2025-45854] JEHC-BPM - Remote Code Execute (@ritikchaddha) [critical]
[CVE-2025-44148] MailEnable Mail Service < v10 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2025-34032] Moodle LMS Jmol Plugin <= 6.1 - Cross-Site Scripting (@madrobot, @ritikchaddha) [medium]
[CVE-2025-34031] Moodle Jmol Filter 6.1 - Local File Inclusion (@madrobot) [high]
[CVE-2025-30220] GeoServer WFS - XXE Processing Vulnerability (@iamnoooob, @pdresearch) [critical] 🔥
[CVE-2025-5569] IdeaCMS <= 1.7 - SQL Injection (@ritikchaddha) [critical]
[CVE-2025-5287] Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection (@CodeStuffBreakThings) [high]
[CVE-2025-3415] Grafana - Exposes DingDing API Keys (@lucasribolli) [medium]
[CVE-2024-51978] Brother Printers – Authentication Bypass via Default Admin Password (@iamnoooob, @pdresearch) [critical]
[CVE-2024-51977] Brother MFC-L9570CDW - Information Disclosure (@dhiyaneshdk, @iamnoooob, @darses) [medium]
[CVE-2024-4325] Gradio - Server-Side Request Forgery (@iamnoooob, @pdresearch) [high]
[CVE-2024-3272] D-Link Network Attached Storage - Backdoor Account (@ritikchaddha) [critical] (kev) 🔥
[CVE-2023-48022] Anyscale Ray - Remote Code Execution (@riteshs4hu) [critical]
[CVE-2023-7116] WeiYe-Jing datax-web <= 2.1.2 - OS Command Injection (@pussycat0x) [medium]
[CVE-2021-33045] Dahua IPC/VTH/VTO - Authentication Bypass (@phantomowl) [critical] (kev) 🔥
[CVE-2020-36333] ThemeGrill Demo Importer < 1.6.2 - Database Reset (@iamnoooob, @pdresearch) [critical]
[CVE-2020-11984] Apache HTTP Server - Remote Code Execution (@[email protected], @pszyszkowski, @pdresearch, @iamnoooob) [critical] 🔥
[CVE-2020-0796] Microsoft SMBv3 - Remote Code Execution (@yusuf Amr) [critical] (kev) 🔥
[CVE-2020-0646] Microsoft .NET Framework - Remote Code Execution (@pszyszkowski) [critical] (kev) 🔥
[CVE-2019-17564] Apache Dubbo 2.5.x-2.7.4 - Insecure Deserialization (@Khalid6468) [critical] 🔥
[CVE-2019-9194] elFinder <= 2.1.47 - Command Injection (@r00tuser111) [critical]
[CVE-2019-7194] QNAP Photo Station < 6.0.3 - Remote Code Execution (@x-stp) [critical] (kev)
[CVE-2019-0604] Microsoft SharePoint - Remote Code Execution (@tree-chtsec, @pszyszkowski) [critical] (kev) 🔥
[CVE-2018-19207] WP GDPR Compliance < 1.4.3 - Unauthenticated Call Any Action or Update Any Option (@iamnoooob, @pdresearch) [critical]
[CVE-2018-14933] NUUO NVRmini - Remote Command Execution (@ritikchaddha) [critical] (kev) 🔥
[CVE-2018-11686] FlexPaper/FlowPaper 2.3.6 - Remote Code Execution (@iamnoooob, @pdresearch, @pszyszkowski) [critical]
[kubernetes-exposing-docker-socket-hostpath] Kubernetes Exposing Host's Docker Socket (@dwisiswant0) [high]
[k8s-role-pod-create] Roles that have pod create permissions (@domwhewell-sage) [medium]
[fbi-seized-nameserver] FBI Seized Nameserver - Detect (@rxerium) [info]
[activemq-artemis-default-login] Apache ActiveMQ Artemis Console Default Login (@pdteam) [high]
[airflow-v3-default-login] Apache Airflow v3 Default Login (@pdteam) [high]
[hp-printer-default-login] Hewlett Packard LaserJet Printer - Default Login (@JohnAsbjorn) [high]
[ibm-security-verify-default-login] IBM Security Verify Access - Default Login (@johnk3r) [high]
[nuuo-nvr-default-login] NUUO NVR - Default Login (@ritikchaddha) [high]
[opensearch-dashboard-default-login] OpenSearch Dashboard - Default Login (@ritikchaddha) [high]
[photoprism-default-login] PhotoPrism - Default Login (@ritikchaddha) [high]
[beyondtrust-remotesupport-panel] BeyondTrust Remote Support Panel - Detect (@darses) [info]
[brother-printer-panel] Brother Printer Panel - Detect (@pdteam) [info]
[forgerock-ig-panel] ForgeRock IG Login/Welcome Page - Detect (@r3dg33k) [info]
[ibm-security-verify-panel] IBM Security Verify Access Login - Panel (@johnk3r) [info]
[motive-eim-panel] Motive eSIM Secure Connect Panel - Exposure Detection (@miguelse) [high]
[myq-panel] MyQ Print Server Panel - Detect (@darses) [info]
[opensearch-dashboard-panel] OpenSearch Dashboard Panel - Detect (@ritikchaddha) [info]
[openshift-oauth-proxy-panel] OpenShift OAuth Proxy - Panel Detect (@r3dg33k) [info]
[pterodactyl-panel] Pterodactyl game server - Panel (@darses) [info]
[teleport-login-panel] Teleport Login Panel - Detect (@pdteam, @Mahmoud0x00) [info]
[tools4ever-ssrpm-panel] Tools4Ever Self-Service Reset Password Manager - Panel (@darses) [info]
[windows-admin-center-panel] Windows Admin Center Panel - Detection (@darses) [info]
[apache-kyuubi-config] Apache Kyuubi - Configuration Exposure (@icarot) [medium]
[config-json-exposure-fuzz] Exposed JSON Configuration Files (@geeknik) [critical]
[discord-invite-detect] Discord Invites for Users, Bots & Servers - Detect (@rxerium) [info]
[totolink-installer] TOTOLINK Installer - Exposure (@ritikchaddha) [high]
[opensearch-dashboard-unauth] OpenSearch Dashboard - Unauth Access (@ritikchaddha) [high]
[photoprism-unauth] PhotoPrism - Unauth Access (@ritikchaddha) [high]
[greatpages-takeover] GreatPages - Takeover Detection (@juliosmelo) [high]
[apache-kyuubi-detect] Apache Kyuubi - Detect (@icarot) [info]
[beyondtrust-remotesupport-version] BeyondTrust Remote Support Version - Detect (@missing0x00) [info]
[cryptshare-detect] Pointsharp Cryptshare - Detect (@darses) [info]
[mitel-version-detect] Mitel MiCollab Unified Communications Server (UCS) - Detect (@aushack) [info]
[dahua-icc-getclassvalue-rce] Dahua 'GetClassValue' - Remote Code Execution (@ProjectDiscoveryAI) [critical]
[totolink-boaform-rce] TOTOLink Router - Remote Command Execution (@ritikchaddha) [critical]
[totolink-n150rt-password-exposure] TOTOLINK N150RT - Password Exposure (@ritikchaddha) [high]
[ueditor-arbitrary-file-upload] UEditor - PHP Arbitrary File Upload (@Chiragartani) [medium]

New Contributors

@nullenc0de made their first contribution in #12087
@lucasribolli made their first contribution in #12410
@riteshs4hu made their first contribution in #12429
@aushack made their first contribution in #12368
@pszyszkowski made their first contribution in #12452
@cybermorgue made their first contribution in #12296
@CodeStuffBreakThings made their first contribution in #12446
@Yusuf-Amr made their first...

Contributors

yusuf, geeknik, and 33 other contributors

Assets 3

16 Jun 14:43

princechaddha

v10.2.3

8a23273

Nuclei Templates v10.2.3 - Release Notes

New Templates Added: `105` | CVEs Added: `75` | First-time contributions: `9`

🔥 Release Highlights 🔥

[CVE-2025-49113] Roundcube Webmail - Remote Code Execution (@rootxharsh, @iamnoooob, @pdresearch, @Ademking) [critical] 🔥 (CISA KEV)
[CVE-2025-47539] Eventin <= 4.0.26 - Privilege Escalation (@pdresearch) [critical] 🔥 (CISA KEV)
[CVE-2025-20188] Cisco IOS XE WLC - Arbitrary File Upload (@iamnoooob, @pdresearch, @dhiyaneshdk) [critical] 🔥 (CISA KEV)
[CVE-2025-5086] Dassault Systèmes DELMIA Apriso (up to 2025) - Insecure Deserialization (@HacktronAI, @iamnoooob, @pdresearch) [critical] 🔥 (CISA KEV)
[CVE-2025-4322] Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
[CVE-2025-4009] Evertz SDVN 3080ipx-10G - Unauthenticated Arbitrary Command Injection (@Onekey, @iamnoooob, @pdresearch) [critical] 🔥 (CISA KEV)
[CVE-2025-0107] Palo Alto Networks Expedition - OS Command Injection (@iamnoooob, @pdresearch) [critical] 🔥 (CISA KEV)
[CVE-2024-10443] Synology BeeStation BST150-4T - Unauthenticated Command Injection (@iamnoooob, @pdresearch) [critical] 🔥 (CISA KEV)
[CVE-2024-7399] Samsung MagicINFO 9 Server 21.1050.0 - Remote Code Execution (@iamnoooob, @pdresearch) [high] 🔥 (CISA KEV)
[CVE-2024-0692] SolarWinds Security Event Manager - Unauthenticated RCE (@dhiyaneshdk) [high] 🔥 (CISA KEV)
[CVE-2023-34990] FortiWLM - Directory Traversal (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
[CVE-2023-25280] D-Link DIR820LA1_FW105B03 'ping_addr' - OS Command Injection (@pussycat0x) [critical] 🔥 (CISA KEV)
[CVE-2023-2986] Abandoned Cart Lite for WooCommerce - Authentication Bypass (@iamnoooob, @pdresearch) [critical] 🔥 (CISA KEV)
[CVE-2021-40655] D-Link DIR-605 - Information Disclosure (@dhiyaneshdk) [high] 🔥 (CISA KEV)
[CVE-2021-27964] SonLogger - Arbitrary File Upload (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
[CVE-2020-29047] WP Hotel Booking < 1.10.4 - PHP Object Injection (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
[CVE-2020-26879] Ruckus vRioT IoT Controller - Authentication Bypass (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
[CVE-2020-12641] Roundcube Webmail - Command Injection (@domwhewell-sage) [critical] 🔥 (CISA KEV)
[CVE-2020-10987] Tenda AC15 AC1900 version 15.03.05.19 - Command Injection (@pussycat0x) [critical] 🔥 (CISA KEV)
[CVE-2019-25141] Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
[CVE-2019-13372] D-Link Central WiFi Manager CWM(100) - Remote Code Execution (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
[CVE-2019-9879] WPGraphQL 0.2.3 - User Creation (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
[CVE-2018-17207] WordPress Duplicator Plugin < 1.2.42 - Arbitrary Code Execution (@synacktiv, @iamnoooob, @pdresearch) [critical] 🔥 (CISA KEV)
[CVE-2017-8046] Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution (@domwhewell-sage) [critical] 🔥 (CISA KEV)

What's Changed

Bug Fixes

Fixed FN in jupyter-notebooks-exposed.yaml (Issue #12260).

False Negatives

Improved detection in exposed-mcp-server.yaml (Issue #12269).

False Positives

Reduced FPs in CVE-2025-24813.yaml (Issue #12332).
Fixed FP in vscode-launch.yaml for custom 404 pages (Issue #12206).
Improved matrix-homeserver-detect.yaml to reduce FPs (Issue #12152).
Enhanced version detect scan to lower FPs (Issue #11698).
Fixed FP in CVE-2020-0618.yaml due to poor validation (Issue #11498).
Updated waf-detect:securesphere to filter FPs from OPNSense (Issue #12362).
Fixed FP in CVE-2025-4009.yaml (Issue #12343).
Reduced FPs in aspnet-version-detect (Issue #12211).
Fixed FP in rsync-list-modules.yaml (Issue #12208).
Lowered FPs for Apache Tomcat (Issue #12143).

Enhancements

Updated Jenkins default login for newer versions (Issue #12327).
Improved empirec2-default-login.yaml (Issue #12295).
Enhanced yealink-default-login.yaml (Issue #12294).
Updated fortinet-fortigate-panel.yaml (Issue #12275).
Improved favicon-detect.yaml (Issue #12273).
Added MCP SSE endpoint detection template (Issue #12268).
Updated hfs-exposure (Issue #12267).
Added NGSURVEY login panel detection (Issue #12261).
Updated versa concerto patch reference (Issue #12227).
Enhanced CVE-2019-7543.yaml (Issue #12230).
Improved discord-webhook.yaml (Issue #12224).
Added WP plugin & theme detection templates (Issue #12203).
Updated vbulletin-replacead-rce.yaml (Issue #12164).
Added version extract to sysaid-panel (Issue #12132).
Enhanced swagger-api.yaml (Issue #12091).
Updated phpwind-installer.yaml (Issue #12046).

Templates Added

[CVE-2025-49113] Roundcube Webmail - Remote Code Execution (@rootxharsh, @iamnoooob, @pdresearch, @Ademking) [critical] 🔥 (CISA KEV)
[CVE-2025-47539] Eventin <= 4.0.26 - Privilege Escalation (@pdresearch) [critical] 🔥 (CISA KEV)
[CVE-2025-46822] Java-springboot-codebase 1.1 - Arbitrary File Read (@haliteroglu25) [high]
[CVE-2025-27134] Joplin 3.3.3 Server - Privilege Escalation (@zonia3000) [high]
[CVE-2025-20188] Cisco IOS XE WLC - Arbitrary File Upload (@iamnoooob, @pdresearch, @dhiyaneshdk) [critical] 🔥 (CISA KEV)
[CVE-2025-5086] Dassault Systèmes DELMIA Apriso (up to 2025) - Insecure Deserialization (@HacktronAI, @iamnoooob, @pdresearch) [critical] 🔥 (CISA KEV)
[CVE-2025-4322] Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
[CVE-2025-4009] Evertz SDVN 3080ipx-10G - Unauthenticated Arbitrary Command Injection (@Onekey, @iamnoooob, @pdresearch) [critical] 🔥 (CISA KEV)
[CVE-2025-4008] MeteoBridge <= 6.1 - Remote Code Execution (@iamnoooob, @pdresearch) [high]
[CVE-2025-0674] Elber ESE DVB-S/S2 - Authentication Bypass (@dhiyaneshdk) [critical]
[CVE-2025-0133] PAN-OS - Reflected Cross-Site Scripting (@xbow, @dhiyaneshdk) [medium]
[CVE-2025-0107] Palo Alto Networks Expedition - OS Command Injection (@iamnoooob, @pdresearch) [critical] 🔥 (CISA KEV)
[CVE-2024-51211] openSIS Classic v9.1 - SQL Injection (@haliteroglu) [critical]
[CVE-2024-47073] DataEase v2.10.2 - JWT Signature Verification Bypass (@iamnoooob, @pdresearch) [critical]
[CVE-2024-36858] Jan v0.4.12 - Arbitrary File Upload (@pussycat0x) [critical]
[CVE-2024-33559] WordPress XStore Theme - SQL Injection (@haliteroglu) [critical]
[CVE-2024-30163] IPS Community Suite - Unauthenticated SQL Injection (@ritikchaddha) [critical]
[CVE-2024-24329] TotoLink Router setPortForwardRules - Command Injection (@pussycat0x) [critical]
[CVE-2024-24328] TotoLink Router setMacFilterRules - Command Injection (@pussycat0x) [critical]
[CVE-2024-22729] Netis MW5360 V1.0.1.3031 - Command Injection (@pussycat0x) [critical]
[CVE-2024-10571] Chartify – WordPress Chart Plugin < 2.9.6 - Local File Inclusion (@iamnoooob, @pdresearch) [critical]
[CVE-2024-10443] Synology BeeStation BST150-4T - Unauthenticated Command Injection (@iamnoooob, @pdresearch) [critical] 🔥 (CISA KEV)
[CVE-2024-9916] HuangDou UTCMS V9 - OS Command Injection (@iamnoooob, @pdresearch) [high]
[CVE-2024-9707] Hunk Companion <= 1.8.4 - Arbitrary Plugin Installation (@dhiyaneshdk) [critical]
[CVE-2024-7399] Samsung MagicINFO 9 Server 21.1050.0 - Remote Code Execution (@iamnoooob, @pdresearch) [high] 🔥 (CISA KEV)
[CVE-2024-4620] ArForms < 6.6 - Remote Code Execution (@iamnoooob, @pdresearch) [critical]
[CVE-2024-2667] InstaWP Connect <= 0.1.0.22 - Unauthenticated Arbitrary File Upload (@dhiyaneshdk) [critical]
[CVE-2024-0692] SolarWinds Security Event Manager - Unauthenticated RCE (@dhiyaneshdk) [high] 🔥 (CISA KEV)
[CVE-2023-38950] ZKTeco BioTime v8.5.5 - Path Traversal (@iamnoooob, @pdresearch) [high]
[CVE-2023-38879] openSIS v9.0 - Path Traversal (@haliteroglu) [high]
[CVE-2023-34990] FortiWLM - Directory Traversal (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
[CVE-2023-30192] PrestaShop 'possearchproducts' <= 1.7 - SQL Injection (@mastercho) [critical]
[CVE-2023-27638] tshirtecommerce PrestaShop Module - SQL Injection (@ritikchaddha) [high]
[CVE-2023-27637] PrestaShop tshirtecommerce Module - SQL Injection (@ritikchaddha) [critical]
[CVE-2023-26802] DCBI-Netlog-LAB v1.0 - Command Injection (@pussycat0x) [critical]
[CVE-2023-25280] D-Link DIR820LA1_FW105B03 'ping_addr' - OS Command Injection (@pussycat0x) [critical] 🔥 (CISA KEV)
[CVE-2023-4136] CrafterCMS Engine - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-3722] Avaya Aura Device Services - OS Command Injection (@iamnoooob, @pdresearch) [high]
[CVE-2023-2986] Abandoned Cart Lite for WooCommerce - Auth Bypass (@iamnoooob, @pdresearch) [critical] 🔥 (CISA KEV)
[CVE-2022-45699] APsystems ECU-R Firmware - Command Injection (@pussycat0x) [critical]
[CVE-2022-37061] FLIR AX8 1.46.16 - Remote Command Injection (@ritikchaddha) [critical]
[CVE-2022-25061] TP-Link TL-WR840N - Command Injection (@ritikchaddha) [critical]
[CVE-2022-1026] Kyocera Net View Address Book Exposure (@dhiyaneshdk) [high]
[CVE-2022-0783] Multiple Shipping Address Woocommerce < 2.0 - SQL Injection (@ritikchaddha) [high]
[CVE-2021-40655] D-Link DIR-605 - Information Disclosure (@dhiyaneshdk) [high] 🔥 (CISA KEV)
[CVE-2021-39341] OptinMonster Plugin < 2.6.5 - Unprotected REST-API (@iamnoooob, @pdresearch) [high]
[CVE-2021-34187] Chamilo model.ajax.php - SQL Injection (@dhiyaneshdk) [critical]
[CVE-2021-33558] Boa 0.94.13 - Information Disclosure (@dhiyaneshdk) [high]
[CVE-2021-27964] SonLogger - Arbitrary File Upload (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
[CVE-2021-26599] ImpressCMS < 1.4.3 - SQL Injection (@ritikchaddha) [high]
[CVE-2021-25032] PublishPress Capabilities < 2.3.1 - Missing Authorization (@ritikchaddha) [critical]
[CVE-2021-24522] ProfilePress < 3.1.11 - Cross-Site ...

Contributors

hdm, righettod, and 28 other contributors

Assets 3

27 May 03:52

princechaddha

v10.2.2

050a2ba

v10.2.2

What's Changed

New Templates Added: `65` | CVEs Added: `41` | First-time contributions: `4`

🔥 Release Highlights 🔥

[CVE-2025-47916] Invision Community <=5.0.6 Unauthenticated RCE via Template Injection (@EgiX, @iamnoooob, @pdresearch) [critical] 🔥
[CVE-2025-34027] Versa Concerto API Path Based - Authentication Bypass (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥
[CVE-2025-34026] Versa Concerto Actuator Endpoint - Authentication Bypass (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥
[CVE-2025-27007] OttoKit < 1.0.83 - SureTriggers allows Privilege Escalation (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-24016] Wazuh - Unsafe Deserialization Remote Code Execution (@hüseyin TINTAŞ, @ritikchaddha) [critical] 🔥
[CVE-2025-4427] Ivanti Endpoint Manager Mobile - Unauthenticated Remote Code Execution (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥 (CISA KEV)
[CVE-2025-4123] Grafana - XSS / Open Redirect / SSRF via Client Path Traversal (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2025-3102] SureTriggers – All-in-One Automation Platform ≤ 1.0.78 - Authentication Bypass (@dhiyaneshdk) [high] 🔥
[CVE-2025-2011] Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-12987] DrayTek Vigor - Command Injection (@ritikchaddha) [critical] 🔥 (CISA KEV)
[CVE-2024-11320] Pandora v7.0NG.777.3 - Remote Code Execution (@dhiyaneshdk, @shubham Rooter, @pdresearch, @iamnoooob) [critical] 🔥
[CVE-2024-8529] LearnPress < 4.2.7.1 - SQL Injection (@ritikchaddha) [critical] 🔥
[CVE-2023-51409] Jordy Meow AI Engine - Unrestricted File Upload (@pussycat0x) [critical] 🔥
[CVE-2023-1389] TP-Link Archer AX21 (AX1800) - Unauthenticated Command Injection (@ritikchaddha) [critical] 🔥 (CISA KEV)
[CVE-2020-15415] DrayTek Vigor - Command Injection (@ritikchaddha) [critical] 🔥 (CISA KEV)
[CVE-2018-20062] ThinkPHP 5.0.23 - Remote Code Execution (@dr_set) [critical] ] 🔥 (CISA KEV)
[CVE-2018-19410] PRTG Network Monitor - Local File Inclusion (@dhiyaneshdk) [critical] 🔥 (CISA KEV)

Bug Fixes

Updated affected vBulletin versions in vbulletin-replacead-rce.yaml (Issue #12150).
Renamed CVE-2022-31126 to CVE-2022-31137 (Issue #12103).
Updated and renamed thinkphp-5022-rce.yaml to CVE-2018-20062.yaml (Issue #12096).
Fixed payload for CVE-2019-17444 to avoid false positives (Issue #12050).

False Negatives

False Positives

Reduced false positives in Next.js cache poisoning headers (Issue #12000).
Fixed false positives in s3-bucket-policy-public-access.yaml (Issue #12085).

Enhancements

Updated tags for multiple templates (Issue #12157).
Updated tags for CVE-2025-34028.yaml (Issue #12156).
Moved templates for assigned CVEs (CVE-2025-34026, CVE-2025-34027) (Issue #12138).

Templates Added

[CVE-2025-47916] Invision Community <=5.0.6 Unauthenticated RCE via Template Injection (@EgiX, @iamnoooob, @pdresearch) [critical] 🔥
[CVE-2025-47204] Bootstrap Multiselect <= 1.1.2 - Cross-Site Scripting (@r3naissance) [medium]
[CVE-2025-41393] Ricoh Web Image Monitor - Reflected XSS (@JPG0mez) [medium]
[CVE-2025-34027] Versa Concerto API Path Based - Authentication Bypass (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥
[CVE-2025-34026] Versa Concerto Actuator Endpoint - Authentication Bypass (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥
[CVE-2025-27007] OttoKit < 1.0.83 - SureTriggers allows Privilege Escalation (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-24016] Wazuh - Unsafe Deserialization Remote Code Execution (@hüseyin TINTAŞ, @ritikchaddha) [critical] 🔥
[CVE-2025-4427] Ivanti Endpoint Manager Mobile - Unauthenticated Remote Code Execution (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥 (CISA KEV)
[CVE-2025-4396] Relevanssi <= 4.24.4 (Free) - Unauthenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2025-4388] Liferay Portal 'marketplace-app-manager-web' - Reflected XSS (@iamnoooob, @rootxharsh, @pdresearch) [medium]
[CVE-2025-4123] Grafana - XSS / Open Redirect / SSRF via Client Path Traversal (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2025-3102] SureTriggers – All-in-One Automation Platform ≤ 1.0.78 - Authentication Bypass (@dhiyaneshdk) [high] 🔥
[CVE-2025-2636] InstaWP Connect < 0.1.0.86 - Local PHP File Inclusion (@iamnoooob, @pdresearch) [high]
[CVE-2025-2610] MagnusBilling Alarm Module - Cross-Site Scripting (@dhiyaneshdk) [high]
[CVE-2025-2609] MagnusBilling Login Logs - Cross-Site Scripting (@dhiyaneshdk) [high]
[CVE-2025-2127] JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS (@3th1c_yuk1) [medium]
[CVE-2025-2011] Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2025-1743] Pichome 2.1.0 - Arbitrary File Read (@3th1c_yuk1) [high]
[CVE-2024-44762] Usermin 2.100 - Username Enumeration (@ritikchaddha) [medium]
[CVE-2024-12987] DrayTek Vigor - Command Injection (@ritikchaddha) [critical] 🔥 (CISA KEV)
[CVE-2024-11320] Pandora v7.0NG.777.3 - Remote Code Execution (@dhiyaneshdk, @shubham Rooter, @pdresearch, @iamnoooob) [critical] 🔥
[CVE-2024-8529] LearnPress < 4.2.7.1 - SQL Injection (@ritikchaddha) [critical] 🔥
[CVE-2024-2473] WPS Hide Login <= 1.9.15.2 - Login Page Disclosure (@popcorn94) [medium]
[CVE-2023-51409] Jordy Meow AI Engine - Unrestricted File Upload (@pussycat0x) [critical] 🔥
[CVE-2023-1389] TP-Link Archer AX21 (AX1800) - Unauthenticated Command Injection (@ritikchaddha) [critical] 🔥 (CISA KEV)
[CVE-2022-45808] LearnPress Plugin < 4.2.0 - Unauthenticated Time-Based Blind SQLi (@dhiyaneshdk) [critical]
[CVE-2022-31161] Roxy-WI - Remote Code Execution (@ritikchaddha) [critical]
[CVE-2022-31137] Roxy-WI < 6.1.1.0 - Remote Code Execution (@dhiyaneshdk) [critical]
[CVE-2022-1950] Youzify < 1.2.0 - Unauthenticated SQLi (@dhiyaneshdk) [critical]
[CVE-2022-0592] MapSVG < 6.2.20 - Unauthenticated SQLi (@dhiyaneshdk) [critical]
[CVE-2021-36646] KodExplorer - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2021-25161] Aruba Instant Access Point (IAP) - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2020-15415] DrayTek Vigor - Command Injection (@ritikchaddha) [critical] 🔥 (CISA KEV)
[CVE-2019-20504] Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Remote Code Execution (@dhiyaneshdk) [critical]
[CVE-2019-5129] YouPHPTube Encoder 2.3 - Command Injection (@pussycat0x) [critical]
[CVE-2019-5128] YouPHPTube Encoder - Arbitrary File Write (@pussycat0x) [critical]
[CVE-2018-20062] ThinkPHP 5.0.23 - Remote Code Execution (@dr_set) [critical] ] 🔥 (CISA KEV)
[CVE-2018-19410] PRTG Network Monitor - Local File Inclusion (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
[CVE-2018-19276] OpenMRS Platform < 2.24.0 - Insecure Object Deserialization (@dhiyaneshdk) [critical]
[CVE-2018-17283] Zoho ManageEngine OpManager - SQL Injection (@dhiyaneshdk) [high]
[CVE-2018-11222] Pandora FMS <=7.0NG.722 - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [high]
[loytec-default-password] Loytec PLC - Default Login (@biero-el-corridor) [high]
[magnusbilling-default-login] MagnusBilling - Default Login (@dhiyaneshdk) [high]
[enviromuux-default-login] Network Technologies Inc ENVIROMUX - Default Login (@M.Sarmad Shafiq) [high]
[osasi-default-login] OSASI PLC - Default Login (@biero-el-corridor) [high]
[siemens-simatic-default-login] Siemens SIMATIC HMI Miniweb - Default Login (@biero-el-corridor) [high]
[wago-webbased-default-login] WAGO Web based Management - Default Login (@biero-el-corridor) [high]
[aperio-eslidemanager-panel] Aperio eSlideManager - Panel (@Th3l0newolf) [info]
[mbilling-panel] MagnusBilling - Login Panel (@dhiyaneshdk) [info]
[osasi-panel] OSASI Login - Panel (@biero-el-corridor) [info]
[polarion-siemens-panel] Polarion Siemens Login - Panel (@Th3l0newolf) [info]
[sap-netweaver-cet-detect] SAP NetWeaver Composition Environment Tools - Detect (@ap3r) [info]
[cae-monitor-panel] CAE Monitoring - Login Panel (@biero-el-corridor) [info]
[etic-telecom-panel] ETIC Telecom Device Login - Panel (@biero-el-corridor) [info]
[moxa-vpn-router-panel] Moxa OnCell VPN - Login Panel (@biero-el-corridor) [info]
[siemens-logo8-panel] Siemens Logo! 8 Web - Panel (@biero-el-corridor) [info]
[siemens-simatic-panel] Siemens SIMATIC HMI Miniweb - Login Panel (@biero-el-corridor) [info]
[wago-webbased-panel] WAGO WebBased Management - Panel (@biero-el-corridor) [info]
[emby-installer] Emby Installation Page - Exposure (@dhiyaneshdk) [high]
[traccar-settings-disclosure] Traccar Server Settings - Disclosure (@dhiyaneshdk) [low]
[docker-registry-browser-detect] Docker Registry Browser - Detect (@pussycat0x) [info]
[plantumlserver-detect] PlantUMLServer - Detect (@s4e-io) [info]
[webswing-api-version-detect] WebSwing REST API Version - Detection (@aushack) [info]
[wp-publishpress-capabilities-xss] PublishPress Capabilities < 2.3.3 - Cross-Site Scripting (@ritikchaddha) [medium]
[vbulletin-replacead-rce] vBulletin replaceAdTemplate - Remote Code Execution (@dhiyaneshdk) [critical]

New Contributors

@vshekhda made their first contribution in #12050
@biero-el-corridor made their first contribution in #12005
@huseyinstif made their first contribution in #11616
@shubhamrooter made their first contribution in #11281

Full Changelog: https://github.com/projectdiscovery/nuclei-te...

Contributors

ap3r, aushack, and 19 other contributors

Assets 3

13 May 11:06

princechaddha

v10.2.1

7cbcbbe

v10.2.1

What's Changed

New Templates Added: `41` | CVEs Added: `16` | First-time contributions: `7`

🔥 Release Highlights 🔥

[CVE-2025-32432] CraftCMS - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-2777] SysAid On-Prem <= 23.3.40 - XML External Entity (@johnk3r) [critical] 🔥
[CVE-2024-38475] Sonicwall - Pre-Authentication Arbitrary File Read (@shaikhyaser) [critical] 🔥
[CVE-2024-21136] Oracle Retail Xstore Suite - Pre-auth Path Traversal (@dhiyaneshdk) [high] 🔥
[CVE-2024-7591] Kemp Load Balancer - Unauth Command Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2023-45878] Gibbon LMS <= v25.0.01 - File Upload to RCE (@ajdumanhug) [critical] 🔥
[CVE-2022-26585] Mingsoft MCMS v5.2.7 - SQL Injection (@ritikchaddha) [critical] 🔥
[CVE-2022-1711] draw.io < 18.0.5 - Server Side Request Forgery (SSRF) (@ritikchaddha) [high] 🔥

Bug Fixes

Fixed template for CVE-2025-32101 (Issue #11933).
Corrected false negative in CVE-2020-26948 (Issue #12056).
Fixed broken path to reference file causing 404 errors (Issue #11987).
Modified regex to accept IPs in location header (Issue #12026).
Updated Huawei WAF detection rule for accurate server header (Issue #12022).

False Negatives

Addressed pre-authentication RCE vulnerability in CraftCMS 4.x and 5.x (Issue #12020).

False Positives

Reduced false positives in Azure Cloud Templates (Issue #12047).
Fixed false positive in CVE-2022-21587 PoC affecting system (Issue #11702).

Enhancements

Added Amazon Elastic Kubernetes Service (EKS) templates (PR #12069).
Removed CVE-2022-46463 template (PR #12029).

Template Updates

[CVE-2025-32432] CraftCMS - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-28228] Electrolink FM/DAB/TV Transmitter - Credentials Disclosure (@dhiyaneshdk) [high]
[CVE-2025-2907] Order Delivery Date Pro for WooCommerce < 12.3.1 - Arbitrary Option Update (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2025-2777] SysAid On-Prem <= 23.3.40 - XML External Entity (@johnk3r) [critical] 🔥
[CVE-2025-2776] SysAid On-Prem <= 23.3.40 - XML External Entity (@johnk3r) [critical]
[CVE-2025-2775] SysAid On-Prem <= 23.3.40 - XML External Entity (@johnk3r) [critical]
[CVE-2024-51739] iTop - User Enumeration via REST Endpoint (@dhiyaneshdk) [medium]
[CVE-2024-38475] Sonicwall - Pre-Authentication Arbitrary File Read (@shaikhyaser) [critical] 🔥
[CVE-2024-21641] Flarum < 1.8.5 - Open Redirect (@kking) [medium]
[CVE-2024-21136] Oracle Retail Xstore Suite - Pre-auth Path Traversal (@dhiyaneshdk) [high] 🔥
[CVE-2024-13322] Ads Pro Plugin <= 4.88 - Unauth SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-7591] Kemp Load Balancer - Unauth Command Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2023-45878] Gibbon LMS <= v25.0.01 - File Upload to RCE (@ajdumanhug) [critical] 🔥
[CVE-2022-42118] Liferay Portal - Cross-site Scripting (@ritikchaddha) [medium]
[CVE-2022-26585] Mingsoft MCMS v5.2.7 - SQL Injection (@ritikchaddha) [critical] 🔥
[CVE-2022-1711] draw.io < 18.0.5 - Server Side Request Forgery (SSRF) (@ritikchaddha) [high] 🔥
[eks-aws-managed-iam-policy] Use AWS-managed policy to manage AWS resources (@princechaddha) [high]
[eks-cluster-logging] Kubernetes Cluster Logging (@princechaddha) [low]
[eks-endpoint-access] EKS Cluster Endpoint Public Access (@princechaddha) [high]
[eks-iam-managed-policy-networking] Use AWS-managed policy to Manage Networking Resources (@princechaddha) [high]
[eks-kubernetes-secrets-encryption] EKS Kubernetes Secrets not Encrypted (@princechaddha) [high]
[eks-logging-kubes-api-calls] Enable CloudTrail Logging for Kubernetes API Calls (@princechaddha) [high]
[eks-long-running-pods] EKS Long Running Pods (@princechaddha) [medium]
[eks-managed-policy-ecr-access] Use AWS-managed policy to access Amazon ECR Repositories (@princechaddha) [high]
[eks-node-group-remote-access] EKS Node Group Remote Access Configuration (@princechaddha) [high]
[nocobase-default-login] NocoBase - Default Login (@fur1na) [high]
[yacht-default-login] Yacht - Default Login (@fur1na) [high]
[bluemind-panel] Bluemind Panel - Detect (@tigibus) [info]
[ekare-insight-panel] eKare inSight Panel - Detect (@s4e-io) [info]
[frappe-panel] Frappe Panel - Detect (@Th3l0newolf) [info]
[hoppscotch-panel] Hoppscotch Panel - Detect (@s4e-io) [info]
[netscaler-console-panel] NetScaler Console - Panel (@dhiyaneshdk) [info]
[yacht-panel] Yacht Login Panel - Detect (@fur1na) [info]
[exposed-mcp-server] Exposed MCP JSON-RPC 2.0 API Detection (@ivan_wallarm) [unknown]
[vscode-launch] Visual Studio Code launch.json Exposure (@dhiyaneshdk) [low]
[emerson-intellislot-webcard] Emerson Network Power IntelliSlot Web Card - Exposure (@Th3l0newolf) [medium]
[trust-center-detect] Trust Center Page - Detect (@ajdumanhug) [info]
[luxtrust-cosi-detect] LuxTrust COSI - Detect (@righettod) [info]
[streamlit-detect] Streamlit - Detect (@s4e-io) [info]
[zk-framework-detect] ZK Framework - Detect (@ErikOwen, @cursor) [info]
[zzcms-register-xss] Zzcms register_nodb.php - Cross Site Scripting (@3th1c_yuk1) [medium]

New Contributors

@r00tuser111 made their first contribution in #12006
@saharshtapi made their first contribution in #12011
@ThibautPierru made their first contribution in #11997
@ajdumanhug made their first contribution in #12027
@serdarbsgn made their first contribution in #12022
@SemenchenkoA made their first contribution in #11944
@adaminfinitum made their first contribution in #11987

Full Changelog: v10.2.0...v10.2.1

Contributors

righettod, adaminfinitum, and 21 other contributors

Assets 3

27 Apr 17:31

princechaddha

v10.2.0

b01a0db

GCP Cloud Configuration Templates - Nuclei Templates v10.2.0 🎉

🔥 Release Highlights 🔥

We’re excited to announce the expansion of the Nuclei Templates with new templates specifically for Google Cloud Platform (GCP) Configurations. This release introduces a series of specialized security checks tailored for a wide range of GCP services, including Compute Engine, GKE clusters, Cloud Storage buckets, BigQuery datasets, and more. These new templates are crafted to pinpoint common misconfigurations, ensure compliance with regulatory standards, and maintain adherence to industry best practices, leveraging advanced features such as flow and code analysis.

The introduction of these GCP-specific templates empowers security teams to conduct thorough security audits of their GCP environments, uncovering critical misconfigurations and vulnerabilities. Moreover, these checks can be tailored to meet the unique operational demands of different teams, aiding in the prompt detection and remediation of security issues.

We encourage contributors and reviewers to provide their valuable feedback and suggestions to help enhance and evolve these GCP security templates further. For more details, please visit our latest blog post.

Other Highlights

[CVE-2025-34028] Commvault - SSRF via /commandcenter/deployWebpackage.do (@dhiyaneshdk, @abhishekrautela) [critical] 🔥
[CVE-2025-32433] Erlang/OTP SSH - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch, @darses) [critical] 🔥
[CVE-2025-31324] SAP NetWeaver Visual Composer Metadata Uploader - Deserialization (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥
[CVE-2025-30406] Gladinet CentreStack < 16.4.10315.56368 - Unauth RCE (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-29306] FoxCMS v.1.2.5 - Remote Code Execution (@ritikchaddha) [critical] 🔥
[CVE-2024-6235] NetScaler Console - Sensitive Information Disclosure (@dhiyaneshdk) [critical] 🔥

What's Changed

New Templates Added: `268` | CVEs Added: `11` | First-time contributions: `4`

[CVE-2025-34028] Commvault - SSRF via /commandcenter/deployWebpackage.do (@dhiyaneshdk, @abhishekrautela) [critical] 🔥
[CVE-2025-32433] Erlang/OTP SSH - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch, @darses) [critical] 🔥
[CVE-2025-31324] SAP NetWeaver Visual Composer Metadata Uploader - Deserialization (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥
[CVE-2025-30406] Gladinet CentreStack < 16.4.10315.56368 - Unauth RCE (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-29306] FoxCMS v.1.2.5 - Remote Code Execution (@ritikchaddha) [critical] 🔥
[CVE-2025-28367] mojoPortal <=2.9.0.1 - Directory Traversal (@dhiyaneshdk) [medium]
[CVE-2025-27892] Shopware < 6.5.8.13 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2024-32870] iTop Hub Connector - Information Disclosure (@dhiyaneshdk) [medium]
[CVE-2024-6235] NetScaler Console - Sensitive Information Disclosure (@dhiyaneshdk) [critical] 🔥
[CVE-2022-35507] Proxmox - CRLF Injection (@dhiyaneshdk) [high]
[CVE-2022-28508] MantisBT < 2.25.2 - Cross-Site Scripting (@ritikchaddha) [medium]
[gcloud-api-key-restrictions-missing] Missing API Key API Restrictions (@princechaddha) [medium]
[gcloud-api-key-unrestricted] Unrestricted API Key Usage (@princechaddha) [medium]
[gcloud-api-keys-inactive-services] API Keys Should Only Exist for Active Services (@princechaddha) [low]
[gcloud-critical-service-apis-disabled] Critical Service APIs Not Enabled (@princechaddha) [critical]
[gcloud-security-center-api-disabled] Security Command Center API Disabled (@princechaddha) [high]
[gcloud-cloud-asset-disabled] Cloud Asset Inventory Not Enabled (@princechaddha) [high]
[gcloud-artifact-registry-public] Publicly Accessible Artifact Registry Repositories (@princechaddha) [high]
[gcloud-vuln-scan-missing] Artifact Registry Vulnerability Scanning Not Enabled (@princechaddha) [high]
[gcloud-bigquery-cmek-not-enabled] BigQuery Dataset Encryption with Customer-Managed Encryption Keys Not Enabled (@princechaddha) [high]
[gcloud-bigquery-cmk-not-enabled] BigQuery Datasets Not Encrypted with Customer-Managed Keys (@princechaddha) [high]
[gcloud-bigquery-public-datasets] Publicly Accessible BigQuery Datasets (@princechaddha) [high]
[gcloud-backend-bucket-missing-storage] Backend Buckets Referencing Missing Storage Buckets (@princechaddha) [high]
[gcloud-cdn-backend-bucket] Check Cloud CDN Backend Bucket Configuration (@princechaddha) [medium]
[gcloud-cdn-origin-auth-unconfigured] Unconfigured Cloud CDN Origin Authentication (@princechaddha) [medium]
[gcloud-cdn-ssl-enforcement] Cloud CDN SSL/TLS Not Enforced (@princechaddha) [medium]
[gcloud-cdn-tls-unenforced] Unenforced SSL/TLS on Cloud CDN Backend Service Origins (@princechaddha) [medium]
[gcloud-certificate-validity-exceeded] Exceeded SSL Certificate Validity Period (@princechaddha) [medium]
[gcloud-disk-image-public-access] Disk Images Publicly Shared (@princechaddha) [medium]
[gcloud-instance-group-autohealing-disabled] Instance Group Autohealing Not Enabled (@princechaddha) [high]
[gcloud-mig-no-load-balancer] Managed Instance Group Not Using Load Balancer (@princechaddha) [low]
[gcloud-mig-single-zone] Managed Instance Group Not Configured for Multiple Zones (@princechaddha) [low]
[gcloud-oslogin-disabled] OS Login Not Enabled for GCP Projects (@princechaddha) [low]
[gcloud-persistent-disks-suspended-vms] Persistent Disks Attached to Suspended Virtual Machines (@princechaddha) [high]
[gcloud-vm-automatic-restart-disabled] VM Instance Automatic Restart Not Enabled (@princechaddha) [medium]
[gcloud-vm-confidential-computing-disabled] VM Instance Confidential Computing Not Enabled (@princechaddha) [medium]
[gcloud-vm-default-service-account-full-access] VM Instance Using Default Service Account with Full API Access (@princechaddha) [medium]
[gcloud-vm-default-service-account] VM Instance Using Default Service Account (@princechaddha) [medium]
[gcloud-vm-deletion-protection-disabled] VM Instance Deletion Protection Not Enabled (@princechaddha) [medium]
[gcloud-vm-disk-autodelete-enabled] Auto-Delete Not Disabled for VM Instance Persistent Disks (@princechaddha) [medium]
[gcloud-vm-disk-cmk-not-enabled] Virtual Machine Disk Encryption with Customer-Managed Keys Not Enabled (@princechaddha) [high]
[gcloud-vm-disk-csek-disabled] VM Disk Encryption with Customer-Supplied Keys Disabled (@princechaddha) [high]
[gcloud-vm-disk-csek-not-enabled] Virtual Machine Disk Encryption with Customer-Supplied Keys Not Enabled (@princechaddha) [high]
[gcloud-vm-ip-forwarding-enabled] IP Forwarding Not Disabled for VM Instances (@princechaddha) [medium]
[gcloud-vm-maintenance-terminate] VM Instance Maintenance Policy Set to Terminate (@princechaddha) [high]
[gcloud-vm-oslogin-2fa-disabled] OS Login with 2FA Authentication Not Enabled for VM Instances (@princechaddha) [high]
[gcloud-vm-preemptible-enabled] VM Instance Preemptibility Not Disabled (@princechaddha) [high]
[gcloud-vm-project-ssh-keys-enabled] Block Project-Wide SSH Keys Not Enabled (@princechaddha) [medium]
[gcloud-vm-public-ip-enabled] VM Instance Using Public IP Address (@princechaddha) [high]
[gcloud-vm-serial-console-enabled] Interactive Serial Console Support Not Disabled (@princechaddha) [medium]
[gcloud-vm-shielded-disabled] Shielded VM Security Features Not Enabled (@princechaddha) [medium]
[gcloud-dataproc-no-cmk] Dataproc Cluster Not Using Customer-Managed Keys (@princechaddha) [high]
[gcloud-dataproc-public-access] Dataproc Cluster Publicly Accessible (@princechaddha) [high]
[gcloud-dns-dangling-records] Dangling DNS Records Check (@princechaddha) [high]
[gcloud-dns-dnssec-unenabled] DNSSEC Not Enabled for Google Cloud DNS Zones (@princechaddha) [medium]
[gcloud-dnssec-keysigning-rsasha1] DNSSEC RSASHA1 Algorithm Deprecated Usage (@princechaddha) [medium]
[gcloud-dnssec-rsasha1-deprecated] DNSSEC RSASHA1 Algorithm Deprecated (@princechaddha) [medium]
[gcloud-filestore-deletion-protection-disabled] Filestore Instance Deletion Protection Not Enabled (@princechaddha) [medium]
[gcloud-filestore-no-backups] Filestore Instance Not Using On-Demand Backup (@princechaddha) [high]
[gcloud-filestore-no-cmek] Filestore Instance Not Using Customer-Managed Encryption Keys (@princechaddha) [high]
[gcloud-filestore-no-vpc-controls] Filestore Instance Not Protected by VPC Service Controls (@princechaddha) [medium]
[gcloud-filestore-unrestricted-access] Filestore Instance Client Access Not Restricted by IP (@princechaddha) [medium]
[gcloud-func-auto-runtime-updates-disabled] Automatic Runtime Security Updates Disabled in Google Cloud Functions (@princechaddha) [medium]
[gcloud-func-cmek-not-used] No Customer-Managed Encryption Keys in Google Cloud Functions (@princechaddha) [high]
[gcloud-func-inactive-svc-acc] Inactive Service Accounts in Google Cloud Functions (@princechaddha) [high]
[gcloud-func-min-instances-unset] Unset Minimum Instances for Cloud Functions (@princechaddha) [medium]
[gcloud-func-missing-labels] Missing User-Defined Labels in Google Cloud Functions (@princechaddha) [low]
[gcloud-func-no-vpc-access] No Serverless VPC Access in Google Cloud Functions (@princechaddha) [high]
[gcloud-func-public-access] Publicly Accessible Google Cloud Functions (@princechaddha) [high]
[gcloud-func-pubsub-dlt-missing] Configure Dead Lettering for Pub/Sub-Triggered Functions (@princechaddha) [low]
[gcloud-func-secrets-unmanaged] Use Secrets Manager for Managing Secrets in Google Cloud Functions (@princechaddha) [medium]
[gcloud-func-unrestricted-outbound] Unrestricted Outbound Network Access in Google Cloud Functions (@princechaddha) [high]
[gcp-cloud-fu...

Contributors

righettod, matusso, and 17 other contributors

Assets 3

12 Apr 13:43

princechaddha

v10.1.7

196ed9f

v10.1.7

What's Changed

🔥 Release Highlights 🔥

[CVE-2025-32101] UNA CMS 14.0.0-RC - PHP Object Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-31489] MinIO - Signature Validation for Unsigned-Trailer Uploads (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2025-31131] Yeswiki < 4.5.2 - Unauth Path Traversal (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2025-24799] GLPI < 10.0.17 - Pre-Auth SQLi (@ritikchaddha) [critical] 🔥
[CVE-2025-24514] Ingress-Nginx Controller - Configuration Injection auth-url Annotation (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2025-3248] Langflow AI - Unauth Remote Code Execution (@nvn1729) [critical] 🔥
[CVE-2025-2294] Kubio AI Page Builder <= 2.5.1 - Local File Inclusion (@s4e-io) [critical] 🔥
[CVE-2025-1098] Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations (@UNC1739) [high] 🔥
[CVE-2025-1097] Ingress-Nginx Controller - Configuration Injection via Unsanitized auth-tls-match-cn Annotation (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-56325] Apache Pinot < 1.3.0 - Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-55591] Fortinet Authentication Bypass (@rootxharsh, @iamnoooob, @pdresearch) [critical] 🔥
[CVE-2024-7314] AJ-Report < 1.4.1 - Remote Code Execution (@ritikchaddha) [critical] 🔥
[CVE-2023-22047] Oracle Peoplesoft - Unauth File Read (@tuo4n8) [high] 🔥

False Negatives

Improved detection in halo-tism-sqli.yaml (PR #11892).

False Positives

Reduced false positives in hashicorp-consul-unauth.yaml (Issues #11852, #11881)
Corrected misdetection in headless-open-redirect.yaml with specific redirect target (Issue #11885)

Enhancements

Applied waitdialog handling to improve detection in dom-xss.yaml (PR #11921).
Updated detection logic in CVE-2025-1974.yaml for Ingress-Nginx RCE (PR #11917).
Updated smb-shares.yaml to refine share enumeration (PR #11880).
Improved login detection in emqx-default-login.yaml (PR #11865).
Refined credential detection in apache-hertzbeat-default-login.yaml (PR #11850).

Bug Fixes

Fixed metadata resolution issue in ldap-metadata.yaml (PR #11922).

Template Updates

New Templates Added: `64` | CVEs Added: `28` | First-time contributions: `6`

[CVE-2025-32101] UNA CMS 14.0.0-RC - PHP Object Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-31489] MinIO - Incomplete Signature Validation for Unsigned-Trailer Uploads (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2025-31131] Yeswiki < 4.5.2 - Unauth Path Traversal (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2025-31125] Vite Development Server - Path Traversal (@martian, @ritikchaddha, @v2htw) [medium] 🔥
[CVE-2025-30567] WordPress WP01 - Path Traversal (@s4e-io) [high]
[CVE-2025-29085] Vipshop Saturn Console <= 3.5.1 - SQLi via ClusterKey Component (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2025-24799] GLPI < 10.0.17 - Pre-Auth SQLi (@ritikchaddha) [critical] 🔥
[CVE-2025-24514] Ingress-Nginx Controller - Configuration Injection via Unsanitized auth-url Annotation (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2025-3248] Langflow AI - Unauth Remote Code Execution (@nvn1729) [critical] 🔥
[CVE-2025-2748] Kentico Xperience CMS - Unauth Stored XSS (@iamnoooob, @rootxharsh, @pdresearch) [medium] 🔥
[CVE-2025-2563] User Registration & Membership <= 4.1.1 - Unauth Privilege Escalation (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2025-2294] Kubio AI Page Builder <= 2.5.1 - Local File Inclusion (@s4e-io) [critical] 🔥
[CVE-2025-2264] Sante PACS Server.exe - Path Traversal Information Disclosure (@dhiyaneshdk) [high]
[CVE-2025-2075] Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2025-1098] Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations (@UNC1739) [high] 🔥
[CVE-2025-1097] Ingress-Nginx Controller - Configuration Injection via Unsanitized auth-tls-match-cn Annotation (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-56325] Apache Pinot < 1.3.0 - Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-55591] Fortinet Authentication Bypass (@rootxharsh, @iamnoooob, @pdresearch) [critical] 🔥
[CVE-2024-13126] WordPress Download Manager < 3.3.07 - Unauth Data Exposure (@ritikchaddha) [medium]
[CVE-2024-10486] Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File (@popcorn94) [medium]
[CVE-2024-7314] AJ-Report < 1.4.1 - Remote Code Execution (@ritikchaddha) [critical] 🔥
[CVE-2024-7313] Shield Security Plugin < 20.0.6 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2024-3300] Delmia Apriso - Pre-Authentication Unsafe .NET Object Deserialization (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2023-22047] Oracle Peoplesoft - Unauth File Read (@tuo4n8) [high] 🔥
[CVE-2023-7246] System Dashboard < 2.8.10 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-6421] WordPress Download Manager - File Password Exposure (@ritikchaddha) [medium]
[CVE-2023-4490] WordPress Job Portal < 2.0.6 - SQLi (@paresh_parmar1, @configtea) [high]
[CVE-2022-2168] WordPress Download Manager < 3.2.44 - Authenticated Cross-Site Scripting (@ritikchaddha) [medium]
[android-user-certificates-trust] Android Trusts User Certificates (@Th3l0newolf) [medium]
[file-disable-directory-listing] Disable Apache2 Directory Listing (@pussycat0x) [medium]
[file-disable-http-trace-method] Disable Apache2 HTTP TRACE Method (@pussycat0x) [high]
[file-disable-server-header] Disable Apache2 Server Header (@pussycat0x) [medium]
[file-disable-server-signature] Disable Apache Server Signature (@pussycat0x) [medium]
[file-enforce-server-tokens-prod] Enforce Apache2 ServerTokens Prod (@pussycat0x) [medium]
[iis-directory-browsing] IIS Directory Browsing Detection (@pussycat0x) [high]
[iis-logging-disabled] IIS Logging Disabled (@pussycat0x) [medium]
[file-mongodb-audit-log-disabled] MongoDB Audit Logging Disabled (@pussycat0x) [high]
[file-mongodb-auth-disabled] MongoDB Authentication Disabled (@pussycat0x) [high]
[file-mongodb-http-interface-enabled] MongoDB HTTP Interface Enabled (@pussycat0x) [high]
[file-mongodb-ssl-disabled] MongoDB SSL Disabled (@pussycat0x) [high]
[file-disable-nginx-server-tokens] Disbale Nginx Server Tokens (@pussycat0x) [medium]
[file-missing-nginx-bof-protection] Missing Nginx Buffer Overflow Protection (@pussycat0x) [medium]
[file-missing-nginx-xss-protection] Missing Nginx XSS Protection (@pussycat0x) [high]
[file-missing-nginx-hsts] Missing Nginx HSTS (@pussycat0x) [high]
[file-missing-nginx-rate-limiting] Missing Nginx Rate Limiting Configuration (@pussycat0x) [medium]
[adfinity-panel] Adfinity Login Panel - Detect (@righettod) [info]
[dependency-track-panel] Dependency-Track Login - Panel (@Th3l0newolf) [info]
[fortiswitch-panel] Fortiswitch Panel - Detect (@rxerium) [info]
[gladinet-centrestack-panel] CentreStack Login Panel - Detect (@rxerium) [info]
[tibco-mft-panel] TIBCO Managed File Transfer - Panel (@Th3l0newolf) [info]
[3cx-config] 3CX Config - File Disclosure (@dhiyaneshdk) [low]
[cpanel-config] cPanel Configuration - File Disclosure (@dhiyaneshdk) [medium]
[fastcgi-config] FastCGI Configuration - File Disclosure (@dhiyaneshdk) [medium]
[geovision-lfi] GeoVision GV-SNVR0811 - Directory Traversal (@dhiyaneshdk) [high]
[dlink-n300-backup] DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure (@dhiyaneshdk) [high]
[prometheus-unauth] Prometheus Monitoring System - Unauth (@pussycat0x) [high]
[couchdb-detect] CouchDB - Detect (@pussycat0x) [info]
[halo-tism-sqli] Halo ITSM - Pre-Authentication SQLi (@rootxharsh, @iamnoooob, @pdresearch) [critical]
[httpbin-contenttype-xss] HTTPBin - Cross-Site Scripting (@AyushXtha) [medium]
[oracle-detect] Oracle - Detection (@pussycat0x) [info]
[rdp-detect] RDP - Detection (@pussycat0x) [info]
[ntlm-info] NTLM Information - Detection (@pussycat0x) [info]
[smb-v1-supported] SMB v1 Supported - Detection (@pussycat0x) [info]
[ldap-anonymous-login-detect] LDAP Anonymous Login - Detect (@pussycat0x, @S0obi) [medium]

New Contributors

@Th3l0newolf made their first contribution in #11786
@AyushXtha made their first contribution in #11782
@tuo4n8 made their first contribution in #11870
@PareshParmar made their first contribution in #11874
@micktaiwan made their first contribution in #11784
@passkal4 made their first contribution in #11857

Full Changelog: v10.1.6...v10.1.7

Contributors

micktaiwan, nvn1729, and 20 other contributors

Assets 3

28 Mar 11:35

princechaddha

v10.1.6

30af57b

v10.1.6

What's Changed

🔥 Release Highlights 🔥

[CVE-2025-29927] Next.js Middleware Bypass (@pdresearch, @pdteam, @hazedic) [critical] 🔥
[CVE-2025-26319] FlowiseAI Flowise <= 2.2.6 - Arbitrary File Upload (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2025-25291] GitLab - SAML Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-24813] Apache Tomcat Path Equivalence - RCE (@iamnoooob, @rootxharsh, @pdresearch, @themiddle) [critical] 🔥
[CVE-2025-2825] CrushFTP - Authentication Bypass (@parthmalhotra, @Ice3man, @dhiyaneshdk, @pdresearch) [critical] 🔥
[CVE-2025-1974] Ingress-Nginx Controller - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-1661] HUSKY – for WooCommerce <= 1.3.6.5 - Unauth LFI (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-53991] Discourse Backup File Disclosure - Nginx Configuration (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-51378] CyberPanel - Command Injection (@ritikchaddha) [critical] 🔥
[CVE-2024-13496] GamiPress <= 2.8.9 - SQL Injection (@ritikchaddha) [high] 🔥
[CVE-2023-22952] SugarCRM Unauthenticated - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥

False Negatives

CVE-2025-24813 PUT method not sending data (Issue #11798)
Hardcoded interact.sh in 178 templates (Issue #11771)

False Positives

Missing MFA check (Issue #11761)
CVE-2022-40032 (Issue #11758)
CVE-2021-40822 (Issue #11119)
external-service-interaction.yaml (PR #11809)
internal-ip-disclosure.yaml (PR #11806)
CVE-2022-40032 (PR #11791)

Enhancements

CVE-2025-2825.yaml (PR #11839)
CVE-2025-29927.yaml (PRs #11804, #11820)
mobsf-apktool-lfi.yaml renamed and updated to CVE-2024-21633.yaml (PR #11805)
CVE-2020-28351.yaml (PR #11794)
CVE-2020-2036.yaml (PR #11795)
oracle-ebs-xss.yaml (PR #11792)
polyfill-backdoor.yaml (PR #11748)
craft-cms-detect.yaml (PR #11700)

Bug Fixes

Fixed Dell iDRAC workflow issue (Issue #10876).
Fixed GET request handling in CVE-2025-24813 (Issue #11759).

Template Updates

New Templates Added: `78` | CVEs Added: `45` | First-time contributions: `8`

[CVE-2025-30208] Vite - Arbitrary File Read (@v2htw) [medium] 🔥
[CVE-2025-29927] Next.js Middleware Bypass (@pdresearch, @pdteam, @hazedic) [critical] 🔥
[CVE-2025-26319] FlowiseAI Flowise <= 2.2.6 - Arbitrary File Upload (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2025-25291] GitLab - SAML Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-24813] Apache Tomcat Path Equivalence - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch, @themiddle) [critical] 🔥
[CVE-2025-2825] CrushFTP - Authentication Bypass (@parthmalhotra, @Ice3man, @dhiyaneshdk, @pdresearch) [critical] 🔥
[CVE-2025-2539] File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2025-2129] Mage AI - Insecure Default Authentication Setup (@zn9988, @H0j3n) [medium]
[CVE-2025-1974] Ingress-Nginx Controller - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-1661] HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-1323] WP-Recall – Plugin <= 16.26.10 - Unauthenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-57050] TP-LINK WR840N v6 up to 0.9.1 4.16 - Improper Authentication (@dhiyaneshdk) [critical]
[CVE-2024-57049] TP-Link Archer C20 - Authentication Bypass (@ritikchaddha) [critical]
[CVE-2024-57046] Netgear DGN2200 - Improper Authentication (@ritikchaddha) [high]
[CVE-2024-57045] D-Link DIR-859 - Information Disclosure (@ritikchaddha) [critical]
[CVE-2024-55556] InvoiceShelf <= 1.3.0 - PHP Deserialization (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2024-54767] AVM FRITZ!Box 7530 AX - Unauthorized Access (@dhiyaneshdk) [high]
[CVE-2024-54764] ipTIME A2004 - Unauthorized Access (@ritikchaddha) [medium]
[CVE-2024-54763] ipTIME A2004 - Unauthorized Access (@ritikchaddha) [medium]
[CVE-2024-53991] Discourse Backup File Disclosure Via Default Nginx Configuration (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-52763] Ganglia Web Interface (v3.7.3 - v3.7.5) - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2024-52762] Ganglia Web Interface (v3.7.3 - v3.7.6) - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2024-51378] CyberPanel - Command Injection (@ritikchaddha) [critical] 🔥
[CVE-2024-30570] Netgear R6850 - Information Disclosure (@ritikchaddha) [medium]
[CVE-2024-30569] Netgear R6850 - Information Disclosure (@ritikchaddha) [medium]
[CVE-2024-30568] Netgear R6850 V1.1.0.88 - Command Injection (@ritikchaddha) [critical]
[CVE-2024-21485] Dash Framework - Cross-site Scripting (@lee Changhyun(eeche)) [medium]
[CVE-2024-13853] WordPress SEO Tools Plugin 4.0.7 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2024-13624] WordPress WPMovieLibrary Plugin <= 2.1.4.8 - Cross-Site Scripting (@ritikchaddha) [high]
[CVE-2024-13496] GamiPress <= 2.8.9 - SQL Injection (@ritikchaddha) [high] 🔥
[CVE-2024-11740] Download Manager < 3.3.04 - Unauthenticated Arbitrary Shortcode Execution (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-10783] WordPress Plugin MainWP Child - Authentication Bypass (@sean Murphy, @iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-6892] Journyx 11.5.4 - Reflected Cross Site Scripting (@dhiyaneshdk) [medium]
[CVE-2024-6651] WordPress File Upload Plugin < 4.24.8 - Cross-Site Scripting (@ritikchaddha) [high]
[CVE-2024-6460] WordPress Grow by Tradedoubler Plugin < 2.0.22 - Unauthenticated Local File Inclusion (@ritikchaddha) [critical]
[CVE-2024-4399] WordPress CAS Theme <= 1.0.0 - Server-Side Request Forgery (@ritikchaddha) [critical]
[CVE-2024-3080] ASUS DSL-AC88U - Authentication Bypass (@ritikchaddha) [critical]
[CVE-2024-3032] WordPress Themify Builder < 7.5.8 - Open Redirect (@ritikchaddha) [medium]
[CVE-2023-49489] KodeExplorer 4.51 - Reflective Cross Site Scripting (XSS) (@dhiyaneshdk) [medium]
[CVE-2023-31478] GL.iNET SSID Key Disclosure (@dhiyaneshdk) [high]
[CVE-2023-22952] SugarCRM Unauthenticated - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2023-5974] WordPress WPB Show Core <= 2.2 - Server-Side Request Forgery (@ritikchaddha) [critical]
[CVE-2023-4284] WordPress Post Timeline Plugin < 2.2.6 - Cross-Site Scripting (@ritikchaddha) [high]
[CVE-2023-2518] WordPress Easy Forms for Mailchimp Plugin < 6.8.9 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-2256] WordPress Product Addons & Fields for WooCommerce < 32.0.7 - Cross-Site Scripting (@ritikchaddha) [high]
[CVE-2025-1974-k8s] Ingress-Nginx Controller - Unauthenticated Remote Code Execution (@princechaddha) [critical]
[CVE-2025-29927-HEADLESS] Next.js Middleware Authorization Bypass (@Ademking) [critical]
[insecure-powershell-execution-policy] Insecure PowerShell Execution Policy - Detect (@JeonSungHyun[nukunga]) [medium]
[powershell-script-block-logging-disabled] PowerShell Script Block Logging - Disabled (@JeonSungHyun[nukunga]) [medium]
[chirpstack-default-login] ChirpStack - Default Login (@t3l3machus) [high]
[unify-hipath-default-login] Unify HiPath Cordless IP - Default Login (@flx) [high]
[chirpstack-login] ChirpStack LoRaWAN Detection (@ProjectDiscoveryAI) [info]
[cisco-webui-login] Cisco Web UI Login - Detect (@drewvravick) [info]
[dbt-docs-panel] dbt Docs Panel - Detect (@johnk3r) [info]
[vectoradmin-panel] VectorAdmin Panel - Detect (@s4e-io) [info]
[xphoneconnect-admin-panel] XPhone Connect Admin Interface - Detect (@flx) [info]
[dnsmasq-config] Dnsmasq Config - File Disclosure (@dhiyaneshdk) [low]
[elastic-kibana-config] Elastic Kibana Config - File Disclosure (@dhiyaneshdk) [medium]
[gunicorn-config-file] Gunicorn Config File - File Disclosure (@dhiyaneshdk) [low]
[haproxy-config-file] Haproxy Config - File Disclosure (@dhiyaneshdk) [low]
[icecast-config] Icecast Config - File Disclosure (@dhiyaneshdk) [low]
[lighttpd-config-file] Lighttpd Config File - File Disclosure (@dhiyaneshdk) [low]
[log4-properties] Log4j Properties - File Disclosure (@dhiyaneshdk) [low]
[next-js-config-file] Next JS Config - File Disclosure (@dhiyaneshdk) [low]
[nuxtjs-config-file] Nuxtjs Config File - File Disclosure (@dhiyaneshdk) [low]
[vercel-config-file] Vercel Config File - File Disclosure (@dhiyaneshdk) [low]
[vugex-source-detect] Vugex Framework Source Code - Detect (@ProjectDiscoveryAI, @pdteam) [medium]
[hashicorp-consul-unauth] Hashicorp Consul API Unauthenticated (@pussycat0x) [medium]
[basercms-install] baserCMS Installation - Exposure (@ritikchaddha) [critical]
[kentico-13-auth-bypass-wt-2025-0006] Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006) (@dhiyaneshdk) [unknown]
[kentico-13-auth-bypass-wt-2025-0011] Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0011) (@dhiyaneshdk) [unknown]
[apache-hertzbeat-detect] Apache Hertzbeat - Detect (@icarot) [info]
[flutter-web-detect] Flutter Web Application - Detect (@incogbyte) [info]
[oqtane-cms-db] Oqtane CMS Database - Detect (@Masoud Abdaal) [info]
[drupal7-elfinder-rce] Drupal 7 Elfinder - Remote Code Execution (@1337kro) [critical]
[netgear-wnr614-auth-bypass] Netgear WNR614 - Improper Authentication (@ritikchaddha) [high]
[mockoon-lfi] Mockoon <= 9.1.0 - Path Traversal (@iamnoooob, @rootxharsh, @pdresearch) [high]
[siam-xss] SIAM 2.0 - Cross-Site Scripting (@3th1c_yuk1) [medium]

New Contributors

@felixsta made their first contribution in https://github.com/projectdis...

Contributors

lee, sean, and 30 other contributors

Assets 3

10 Mar 12:01

princechaddha

v10.1.5

f41c1e9

CSP Bypass Templates - Nuclei Templates v10.1.5 🎉

🔥 Release Highlights 🔥

With this release, we are adding new CSP Bypass (DAST) Nuclei Templates to help security teams and bug hunters efficiently identify Content Security Policy (CSP) misconfigurations. These templates automate the detection of CSP bypass techniques, allowing testers to analyze real-world attack scenarios where CSP restrictions can be circumvented in the presence of existing XSS vulnerabilities.

We encourage contributors and reviewers to provide their valuable feedback and suggestions to help enhance and update these CSP Bypass templates further. For more details, please visit our latest blog post.

Other Highlights

[CVE-2025-27218] Sitecore Experience Manager (XM)/Experience Platform (XP) 10.4 - Insecure Deserialization (@iamnoooob, @rootxharsh, @pdresearch) [medium] 🔥
[CVE-2025-26793] FREEDOM Administration - Default Login (@eric Daigle, @dhiyaneshdk) [critical] 🔥
[CVE-2025-24893] XWiki Platform - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-24752] Essential Addons for Elementor < 6.0.15 - Cross-Site Scripting (@dhiyaneshdk) [medium] 🔥
[CVE-2024-48248] NAKIVO Backup and Replication Solution - Unauthenticated Arbitrary File Read (@dhiyaneshdk) [high] 🔥
[CVE-2024-13161] Ivanti EPM - Credential Coercion Vulnerability in GetHashForSingleFile (@ritikchaddha) [critical] 🔥
[CVE-2024-13160] Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard (@ritikchaddha) [critical] 🔥
[CVE-2024-13159] Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcardRecursive (@ritikchaddha) [critical] 🔥
[CVE-2024-12356] Privileged Remote Access & Remote - Command Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2023-47248] PyArrow Flight RPC - Remote Code Execution (@smolse) [critical] 🔥
[CVE-2022-29455] WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting (@RotemBar, @daffainfo) [medium] 🔥

What's Changed

New Templates Added: `281` | CVEs Added: `23` | First-time contributions: `4`

[CVE-2025-27218] Sitecore Experience Manager (XM)/Experience Platform (XP) 10.4 - Insecure Deserialization (@iamnoooob, @rootxharsh, @pdresearch) [medium] 🔥
[CVE-2025-27112] Navidrome <=0.54.5 - Auth Bypass in Subsonic API (@iamnoooob, @rootxharsh, @pdresearch) [medium]
[CVE-2025-26793] FREEDOM Administration - Default Login (@eric Daigle, @dhiyaneshdk) [critical] 🔥
[CVE-2025-25062] Backdrop CMS - Cross-Site Scripting (@soonghee2) [medium]
[CVE-2025-24893] XWiki Platform - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-24752] Essential Addons for Elementor < 6.0.15 - Cross-Site Scripting (@dhiyaneshdk) [medium] 🔥
[CVE-2025-22952] Elestio Memos <= v0.24.0 - Server-Side Request Forgery (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2025-1025] Cockpit < 2.4.1 - Arbitrary File Upload (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2025-0868] DocsGPT - Unauthenticated Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2024-56331] Uptime-Kuma - Local File Inclusion (LFI) (@hyni03) [critical]
[CVE-2024-51228] TOTOLINK CX-A3002RU - Remote Code Execution (@dhiyaneshdk) [medium]
[CVE-2024-48248] NAKIVO Backup and Replication Solution - Unauthenticated Arbitrary File Read (@dhiyaneshdk) [high] 🔥
[CVE-2024-13888] WPMobile.App <= 11.56 - Open Redirect (@s4e-io) [high]
[CVE-2024-13161] Ivanti EPM - Credential Coercion Vulnerability in GetHashForSingleFile (@ritikchaddha) [critical] 🔥
[CVE-2024-13160] Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard (@ritikchaddha) [critical] 🔥
[CVE-2024-13159] Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcardRecursive (@ritikchaddha) [critical] 🔥
[CVE-2024-12824] Nokri – Job Board <= 1.6.2 - Unauth Password Change (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2024-12356] Privileged Remote Access & Remote - Command Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-11396] Event Monster <= 1.4.3 - Information Exposure Via Visitors List Export (@s4e-io) [medium]
[CVE-2024-9193] WHMpress <= 6.3 - Unauth LFI to Arbitrary Options Update (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2023-47248] PyArrow Flight RPC - Remote Code Execution (@smolse) [critical] 🔥
[CVE-2023-45826] Leantime < 2.4 - Authenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [medium]
[CVE-2022-29455] WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting (@RotemBar, @daffainfo) [medium] 🔥
[remote-desktop-default-port] Remote Desktop Listening Default Port - Detect (@asteria121) [info]
[python-code-injection] Python Code Injection (@ritikchaddha) [high]
[open-redirect-bypass] Open Redirect Bypass (@ritikchaddha) [medium]
[freemarker-sandbox-bypass-ssti] Freemarker < 2.3.30 Sandbox Bypass - Server Side Template Injection (@ritikchaddha) [high]
[codepen-oob] Codepen - Out of Band Template Injection (@ritikchaddha) [high]
[jinjava-ssti] Jinjava - Server Side Template Injection (@ritikchaddha) [high]
[pebble-oob] Pebble - Out of Band Template Injection (@ritikchaddha) [high]
[spring-expression-oob] Spring Expression Language - Out of Band Template Injection (@ritikchaddha) [high]
[thymeleaf-oob] Thymeleaf - Out of Band Template Injection (@ritikchaddha) [high]
[razor-ssti] Razor - Server Side Template Injection (@ritikchaddha) [high]
[smarty-ssti] Smarty - Server Side Template Injection (@ritikchaddha) [high]
[twig-ssti] Twig - Server Side Template Injection (@ritikchaddha) [high]
[adnxs-ib-csp-bypass] Content-Security-Policy Bypass - Adnxs IB (@renniepak, @dhiyaneshdk) [medium]
[adnxs-secure-csp-bypass] Content-Security-Policy Bypass - Adnxs Secure (@renniepak, @dhiyaneshdk) [medium]
[adobe-campaign-csp-bypass] Content-Security-Policy Bypass - Adobe Campaign (@renniepak, @dhiyaneshdk) [medium]
[adroll-csp-bypass] Content-Security-Policy Bypass - AdRoll (@renniepak, @dhiyaneshdk) [medium]
[afterpay-help-csp-bypass] Content-Security-Policy Bypass - Afterpay Help (@renniepak, @dhiyaneshdk) [medium]
[akamai-content-csp-bypass] Content-Security-Policy Bypass - Akamai Content (@renniepak, @dhiyaneshdk) [medium]
[alibaba-ug-csp-bypass] Content-Security-Policy Bypass - Alibaba UG (@renniepak, @dhiyaneshdk) [medium]
[aliexpress-acs-csp-bypass] Content-Security-Policy Bypass - AliExpress ACS (@renniepak, @dhiyaneshdk) [medium]
[amap-wb-csp-bypass] Content-Security-Policy Bypass - AMap WB (@renniepak, @dhiyaneshdk) [medium]
[amazon-aax-eu-csp-bypass] Content-Security-Policy Bypass - Amazon AAX EU (@renniepak, @dhiyaneshdk) [medium]
[amazon-media-csp-bypass] Content-Security-Policy Bypass - Amazon Media (@renniepak, @dhiyaneshdk) [medium]
[amazon-romania-csp-bypass] Content-Security-Policy Bypass - Amazon Romania (@renniepak, @dhiyaneshdk) [medium]
[amazon-s3-elysium-csp-bypass] Content-Security-Policy Bypass - Amazon S3 Elysium (@renniepak, @dhiyaneshdk) [medium]
[ancestrycdn-angular-csp-bypass] Content-Security-Policy Bypass - AncestryCDN Angular (@renniepak, @dhiyaneshdk) [medium]
[angularjs-code-csp-bypass] Content-Security-Policy Bypass - AngularJS Code (@renniepak, @dhiyaneshdk) [medium]
[app-link-csp-bypass] Content-Security-Policy Bypass - App Link (@renniepak, @dhiyaneshdk) [medium]
[apple-developer-csp-bypass] Content-Security-Policy Bypass - Apple Developer (@renniepak, @dhiyaneshdk) [medium]
[arkoselabs-cdn-csp-bypass] Content-Security-Policy Bypass - Arkose Labs CDN (@renniepak, @dhiyaneshdk) [medium]
[arkoselabs-client-api-csp-bypass] Content-Security-Policy Bypass - Arkose Labs Client API (@renniepak, @dhiyaneshdk) [medium]
[ayco-portal-csp-bypass] Content-Security-Policy Bypass - Ayco Portal (@renniepak, @dhiyaneshdk) [medium]
[azure-inno-csp-bypass] Content-Security-Policy Bypass - Azure Inno (@renniepak, @dhiyaneshdk) [medium]
[baidu-map-api-csp-bypass] Content-Security-Policy Bypass - Baidu Map API (@renniepak, @dhiyaneshdk) [medium]
[baidu-passport-csp-bypass] Content-Security-Policy Bypass - Baidu Passport (@renniepak, @dhiyaneshdk) [medium]
[battlenet-eu-csp-bypass] Content-Security-Policy Bypass - Battle.net EU (@renniepak, @dhiyaneshdk) [medium]
[bazaarvoice-api-csp-bypass] Content-Security-Policy Bypass - Bazaarvoice API (@renniepak, @dhiyaneshdk) [medium]
[bdimg-apps-csp-bypass] Content-Security-Policy Bypass - BDImg Apps (@renniepak, @dhiyaneshdk) [medium]
[bebezoo-1688-csp-bypass] Content-Security-Policy Bypass - Bebezoo 1688 (@renniepak, @dhiyaneshdk) [medium]
[bild-don-csp-bypass] Content-Security-Policy Bypass - Bild Don (@renniepak, @dhiyaneshdk) [medium]
[bing-api-csp-bypass] Content-Security-Policy Bypass - Bing API (@renniepak, @dhiyaneshdk) [medium]
[bing-csp-bypass] Content-Security-Policy Bypass - Bing (@renniepak, @dhiyaneshdk) [medium]
[blogger-api-csp-bypass] Content-Security-Policy Bypass - Blogger API (@renniepak, @dhiyaneshdk) [medium]
[buzzfeed-mango-csp-bypass] Content-Security-Policy Bypass - BuzzFeed Mango (@renniepak, @dhiyaneshdk) [medium]
[bytedance-sso-csp-bypass] Content-Security-Policy Bypass - ByteDance SSO (@renniepak, @dhiyaneshdk) [medium]
[carbonads-srv-csp-bypass] Content-Security-Policy Bypass - CarbonAds SRV (@renniepak, @dhiyaneshdk) [medium]
[chartbeat-api-csp-bypass] Content-Security-Policy Bypass - Chartbeat API (@renniepak, @dhiyaneshdk) [medium]
[clearbit-reveal-csp-bypass] Content-Security-Policy Bypass - Clearbit Reveal (@renniepak, @dhiyaneshdk) [medium]
[cloudflare-cdn-csp-bypass] Content-Security-Policy Bypass - Cloudflare CDN (@renniepak, @dhiyaneshdk) [medium]
[cloudflare-challenges-csp-bypass] Content-Security-Policy Bypass - Cloudflare Challenges (@renniepak, @DH...

Contributors

eric, geeknik, and 24 other contributors

Assets 3

21 Feb 18:41

princechaddha

v10.1.3

b98b28b

v10.1.3

What's Changed

🔥 Release Highlights 🔥

[CVE-2025-0108] PAN-OS Management Interface - Path Confusion to Auth Bypass (@halencarjunior, @ritikchaddha) [critical] 🔥
[CVE-2024-55415] DevDojo Voyager <=1.8.0 - Arbitrary File Read (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-53704] SSL VPN Session Hijacking (@johnk3r) [critical] 🔥
[CVE-2024-46507] Yeti Platform < 2.1.12 - Server-Side Template Injection RCE (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-27115] SOPlanning - Remote Code Execution (@[email protected]) [high] 🔥
[CVE-2024-24759] MindsDB - DNS Rebinding SSRF Protection Bypass (@lee Changhyun(eeche)) [high] 🔥
[CVE-2024-5082] Nexus Repository 2 - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2022-25226] ThinVNC - Authentication Bypass (@ritikchaddha) [critical] 🔥

False Negatives

[FALSE-NEGATIVE] wp-user-enum.yaml #11533
Fix FN wp-user-enum.yaml #11556

False Positives

[FALSE-POSITIVE] CVE-2024-4439 #11496
[FALSE-POSITIVE] http/technologies/ivanti-epm-detect.yaml #11483
[FALSE-POSITIVE] Next.js - Cache Poisoning - Headers #11473
Fixed FP in CVE-2022-2535.yaml #11510
Fixed Flase Positive | Next.js - Cache Poisoning - Headers #11532

Enhancements

Update CVE-2023-26360.yaml #11524
Update Duplicate id #11530
Update prestashop-cartabandonmentpro-file-upload.yaml (Added Additional Path) #11573
fix(apache): make reference links correct #11604
Add new title support for jenkins-openuser-register.yaml #11606
Update siteminder-dom-xss.yaml #11613
Update CVE-2020-11710.yaml #11619
Update fingerprinthub-web-fingerprints.yaml #11622
Disabling redirects for mixed-active-content template #11628
Refactor the "NETDATA" template. #11629

Bug Fixes

Template Updates

New Templates Added: `52` | CVEs Added: `25` | First-time contributions: `11`

[CVE-2025-24963] Vitest Browser Mode - Local File Read (@iamnoooob, @rootxharsh, @pdresearch) [medium]
[CVE-2025-1035] KLog Server - Path Traversal (@s4e-io) [medium]
[CVE-2025-0108] PAN-OS Management Interface - Path Confusion to Authentication Bypass (@halencarjunior, @ritikchaddha) [critical] 🔥
[CVE-2024-57514] TP-Link Archer A20 v3 Router - Cross-site Scripting (@s4e-io) [medium]
[CVE-2024-55417] DevDojo Voyager <= 1.8.0 - Arbitrary File Write vulnerability (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-55416] DevDojo Voyager <=1.8.0 - Cross-Site Scripting (@iamnoooob, @rootxharsh, @pdresearch) [low]
[CVE-2024-55415] DevDojo Voyager <=1.8.0 - Arbitrary File Read (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-53704] SSL VPN Session Hijacking (@johnk3r) [critical] 🔥
[CVE-2024-50967] DATAGERRY - Improper Access Control (@s4e-io, @0xByteHunter) [high]
[CVE-2024-48766] NetAlert X - Arbitary File Read (@s4e-io) [critical]
[CVE-2024-46507] Yeti Platform < 2.1.12 - Server-Side Template Injection to RCE (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-45591] XWiki Platform - Unauthorized Document History Access (@pd-bot) [medium]
[CVE-2024-27115] SOPlanning - Remote Code Execution (@[email protected]) [high] 🔥
[CVE-2024-24759] MindsDB - DNS Rebinding SSRF Protection Bypass (@lee Changhyun(eeche)) [high] 🔥
[CVE-2024-13726] Themes Coder Ecommerce <= 1.3.4 - SQL Injection (@s4e-io) [high]
[CVE-2024-12760] BentoML v1.3.9 - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2024-11044] Stable Diffusion Webui 1.10.0 - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2024-10908] FastChat - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2024-10812] GPT Academic v1.3.9 - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2024-6886] Gitea 1.22.0 - Cross-Site Scripting (@soonghee2) [medium]
[CVE-2024-5082] Nexus Repository 2 - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2022-26271] 74cmsSE v3.4.1 - Arbitrary File Read (@ritikchaddha) [high]
[CVE-2022-25226] ThinVNC - Authentication Bypass (@ritikchaddha) [critical] 🔥
[CVE-2022-3766] phpMyFAQ < 3.1.8 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2021-45793] Slims9 Bulian 9.4.2 - SQL Injection (@nblirwn) [high]
[shopify-shared-secret-key] Shopify Shared Secret (@gaurang) [high]
[devdojo-voyager-default-login] DevDojo Voyager - Default login (@iamnoooob, @rootxharsh, @pdresearch) [high]
[datagerry-panel] Datagerry Panel - Detect (@s4e-io) [info]
[dify-panel] Dify Panel - Detect (@s4e-io) [info]
[klog-server-panel] Klog Server Panel - Detect (@s4e-io) [info]
[netalertx-panel] NetAlert X Panel - Detect (@s4e-io) [info]
[opentext-contentserver-panel] OpenText Content Server Login Panel - Detect (@righettod) [info]
[reposilite-panel] Reposilite Login Panel - Detect (@righettod) [info]
[supertokens-login-panel] Supertokens Login Panel - Detect (@rxerium) [info]
[tenemos-t24-panel] Tenemos T24 Login Panel - Detect (@righettod) [info]
[veracore-panel] Veracore Login - Detect (@rxerium) [info]
[secrets-patterns-rules] Secrets Patterns (Rules) (@dwisiswant0) [info]
[casdoor-unauth-operations] Casdoor <=v1.811.0 - Unauthenticated SCIM Operations (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[netalertx-dashboard] NetAlert X Admin Dashboard - Exposed (@s4e-io) [medium]
[attu-detect] Attu - Detect (@s4e-io) [info]
[caobox-cms-detect] Caobox CMS - Detect (@chirag Mistry) [info]
[frappe-framework-detect] Frappe Framework - Detect (@righettod) [info]
[ivanti-endpoint-manager] Ivanti Endpoint Manager - Detect (@ritikchaddha) [info]
[jway-products-detect] JWay Products - Detect (@righettod) [info]
[powerbi-report-server-detect] PowerBI Report Server - Detect (@righettod) [info]
[milvus-detect] Milvus - Detect (@s4e-io) [info]
[nextchat-detect] NextChat - Detect (@s4e-io) [info]
[sekolahku-cms-detect] Sekolahku CMS - Detect (@nblirwn) [info]
[slims-cms-detect] Slims CMS - Detect (@nblirwn) [info]
[netgear-dgn-rce] Netgear DGN Devices - Command Execution (@3th1c_yuk1) [critical]
[slims-8-akasia-xss] Senayan Library Management System v8.3.1 (Akasia) - Cross-Site Scripting (@nblirwn) [medium]
[slims-9-xss-index] Senayan Library Management System v9.5.2 (Bulian) - Cross-Site Scripting (@nblirwn) [medium]

New Contributors

@Sechunt3r made their first contribution in #11531
@mistry4592 made their first contribution in #11516
@nblirwn made their first contribution in #11550
@VulnScout-Chris made their first contribution in #11570
@missing0x00 made their first contribution in #11577
@babariviere made their first contribution in #11604
@kee-reel made their first contribution in #11606
@halil-s4e made their first contribution in #11633
@domwhewell-sage made their first contribution in #11619
@mpatil-netspi made their first contribution in #11613
@halencarjunior made their first contribution in #11623

Full Changelog: v10.1.2...v10.1.3

Contributors

lee, chirag, and 25 other contributors

Assets 3

Releases: projectdiscovery/nuclei-templates

Nuclei Templates v10.2.5 - Release Notes

New Templates Added: 75 | CVEs Added: 22 | First-time contributions: 5

🔥 Release Highlights 🔥

What's Changed

Templates Added

New Contributors

Contributors

Uh oh!

Nuclei Templates v10.2.4 - Release Notes

New Templates Added: 67 | CVEs Added: 30 | First-time contributions: 9

🔥 Release Highlights 🔥

What's Changed

Templates Added

New Contributors

Contributors

Uh oh!

Nuclei Templates v10.2.3 - Release Notes

New Templates Added: 105 | CVEs Added: 75 | First-time contributions: 9

🔥 Release Highlights 🔥

What's Changed

Templates Added

Contributors

Uh oh!

v10.2.2

What's Changed

New Templates Added: 65 | CVEs Added: 41 | First-time contributions: 4

🔥 Release Highlights 🔥

Templates Added

New Contributors

Contributors

Uh oh!

v10.2.1

What's Changed

New Templates Added: 41 | CVEs Added: 16 | First-time contributions: 7

🔥 Release Highlights 🔥

Template Updates

New Contributors

Contributors

Uh oh!

GCP Cloud Configuration Templates - Nuclei Templates v10.2.0 🎉

🔥 Release Highlights 🔥

Other Highlights

What's Changed

New Templates Added: 268 | CVEs Added: 11 | First-time contributions: 4

Contributors

Uh oh!

v10.1.7

What's Changed

🔥 Release Highlights 🔥

False Negatives

False Positives

Enhancements

Bug Fixes

Template Updates

New Templates Added: 64 | CVEs Added: 28 | First-time contributions: 6

New Contributors

Contributors

Uh oh!

v10.1.6

What's Changed

🔥 Release Highlights 🔥

False Negatives

False Positives

Enhancements

Bug Fixes

Template Updates

New Templates Added: 78 | CVEs Added: 45 | First-time contributions: 8

New Contributors

Contributors

Uh oh!

CSP Bypass Templates - Nuclei Templates v10.1.5 🎉

🔥 Release Highlights 🔥

Other Highlights

What's Changed

New Templates Added: 281 | CVEs Added: 23 | First-time contributions: 4

Contributors

Uh oh!

v10.1.3

What's Changed

New Templates Added: `75` | CVEs Added: `22` | First-time contributions: `5`

New Templates Added: `67` | CVEs Added: `30` | First-time contributions: `9`

New Templates Added: `105` | CVEs Added: `75` | First-time contributions: `9`

New Templates Added: `65` | CVEs Added: `41` | First-time contributions: `4`

New Templates Added: `41` | CVEs Added: `16` | First-time contributions: `7`

New Templates Added: `268` | CVEs Added: `11` | First-time contributions: `4`

New Templates Added: `64` | CVEs Added: `28` | First-time contributions: `6`

New Templates Added: `78` | CVEs Added: `45` | First-time contributions: `8`

New Templates Added: `281` | CVEs Added: `23` | First-time contributions: `4`

New Templates Added: `52` | CVEs Added: `25` | First-time contributions: `11`