v9.9.2

🔥 Release Highlights 🔥

• [CVE-2024-40348] Bazarr < 1.4.3 - Arbitrary File Read (@s4e-garage) [high] 🔥
• [CVE-2024-38526] Polyfill Supply Chain Attack Malicious Code Execution (@abut0n) [high] 🔥
• [CVE-2024-34351] Next.js - Server Side Request Forgery (SSRF) (@righettod) [high] 🔥
• [CVE-2024-5217] ServiceNow - Incomplete Input Validation (@dhiyaneshdk, @ritikchaddha) [critical] 🔥
• [CVE-2024-4879] ServiceNow UI Macros - Template Injection (@dhiyaneshdk, @ritikchaddha) [unknown] 🔥
• [CVE-2023-43662] ShokoServer System - Local File Inclusion (LFI) (@pussycat0x) [high] 🔥
• [CVE-2023-4220] Chamilo LMS <= 1.11.24 - Remote Code Execution (@s4e-garage) [medium] 🔥
• [CVE-2022-34267] RWS WorldServer - Auth Bypass (@pdresearch, @iamnoooob, @rootxharsh, @parthmalhotra) [critical] 🔥

What's Changed

Bug Fixes

• Corrected issue with mismatched redirects (Issue #10125).
• Resolved invalid template error for CVE-2024-36991 (Issue #10352).

False Negatives

• Improved detection in the SVN configuration leak template, reducing underreporting (Issue #10344).
• Addressed false negatives in the following:
• Exposed SVN configuration (PR #10362)
• CVE-2019-7139 template (PR #10339)

False Positives

• Reduced false positives and improved accuracy in the following templates:
• IdeMia biometrics default login (Issues #10126, #10277)
• jan-file-upload (PR #10361)
• Apache XSS (PR #10342)
• Beanstalk service (PR #10334, duplicated issue)
• DS-Store file discovery (PR #10278)
• GOIP default login (PR #10276)

Enhancements

• Enhanced detection capabilities in dom-xss.yaml (PR #10360).
• Improved accuracy in generic-xxe.yaml (PR #10359).

New Templates Added: 67 | CVEs Added: 32 | First-time contributions: 7

• [CVE-2024-40348] Bazarr < 1.4.3 - Arbitrary File Read (@s4e-garage) [high] 🔥
• [CVE-2024-39914] FOG Project < 1.5.10.34 - Remote Command Execution (@s4e-garage) [critical]
• [CVE-2024-39250] EfroTech Timetrax v8.3 - Sql Injection (@s4e-garage, @efran) [high]
• [CVE-2024-38526] Polyfill Supply Chain Attack Malicious Code Execution (@abut0n) [high] 🔥
• [CVE-2024-38289] TurboMeeting - Boolean-based SQL Injection (@rootxharsh, @iamnoooob, @pdresearch) [critical]
• [CVE-2024-37843] Craft CMS <=v3.7.31 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical]
• [CVE-2024-34351] Next.js - Server Side Request Forgery (SSRF) (@righettod) [high] 🔥
• [CVE-2024-34257] TOTOLINK EX1800T TOTOLINK EX1800T - Command Injection (@pussycat0x) [high]
• [CVE-2024-32238] H3C ER8300G2-X - Password Disclosure (@s4e-garage) [critical]
• [CVE-2024-6746] EasySpider 0.6.2 - Arbitrary File Read (@s4e-garage) [medium]
• [CVE-2024-6646] Netgear-WN604 downloadFile.php - Information Disclosure (@pussycat0x) [medium]
• [CVE-2024-6587] LiteLLM - Server-Side Request Forgery (@pdresearch, @iamnoooob, @rootxharsh, @lambdasawa) [high]
• [CVE-2024-6289] WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure (@s4e-garage) [medium]
• [CVE-2024-5315] Dolibarr ERP CMS list.php - SQL Injection (@rootxharsh, @iamnoooob, @pdresearch) [critical]
• [CVE-2024-5217] ServiceNow - Incomplete Input Validation (@dhiyaneshdk, @ritikchaddha) [critical] 🔥
• [CVE-2024-4885] Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - RCE (@sinsinology,@iamnoooob,@rootxharsh,@pdresearch) [critical] 🔥
• [CVE-2024-4879] ServiceNow UI Macros - Template Injection (@dhiyaneshdk, @ritikchaddha) [unknown] 🔥
• [CVE-2024-4295] Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash (@iamnoooob, @rootxharsh, @pdresearch) [critical]
• [CVE-2024-4257] BlueNet Technology Clinical Browsing System 1.2.1 - Sql Injection (@s4e-garage) [medium]
• [CVE-2024-3742] Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure (@Farish) [high]
• [CVE-2024-2330] NS-ASG Application Security Gateway 6.3 - Sql Injection (@s4e-garage) [medium]
• [CVE-2024-1512] MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection (@s4e-garage) [critical]
• [CVE-2023-48728] WWBN AVideo 11.6 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-44012] mojoPortal v.2.7.0.0 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-43662] ShokoServer System - Local File Inclusion (LFI) (@pussycat0x) [high] 🔥
• [CVE-2023-29204] XWiki - Open Redirect (@ritikchaddha) [medium]
• [CVE-2023-4450] JeecgBoot JimuReport - Template injection (@sumanth Vankineni) [critical]
• [CVE-2023-4220] Chamilo LMS <= 1.11.24 - Remote Code Execution (@s4e-garage) [medium] 🔥
• [CVE-2023-2309] wpForo Forum <= 2.1.8 - Cross-Site Scripting (@s4e-garage) [medium]
• [CVE-2022-45269] Linx Sphere - Directory Traversal (@robotshell) [high]
• [CVE-2022-38322] Temenos Transact - Cross-Site Scripting (@Qotoz) [high]
• [CVE-2022-34267] RWS WorldServer - Auth Bypass (@pdresearch, @iamnoooob, @rootxharsh, @parthmalhotra) [critical] 🔥
• [CNVD-2023-72138] LiveGBS user/save - Logical Flaw (@pussycat0x) [high]
• [deluge-default-login] Deluge - Default Login (@ritikchaddha) [high]
• [gitblit-default-login] Gitblit - Default Login (@ritikchaddha) [high]
• [netflow-default-login] Netflow Analyzer - Default Login (@dhiyaneshdk) [high]
• [adguard-panel] AdGuard Panel - Detect (@ritikchaddha) [info]
• [falcosidekick-panel] Falcosidekick UI Login Panel - Detect (@righettod) [info]
• [freshrss-panel] Freshrss Panel - Detect (@ritikchaddha) [info]
• [gradle-develocity-panel] Gradle Develocity Build Cache Node Login Panel - Detect (@righettod) [info]
• [hal-management-panel] HAL Management Console Panel (@dhiyaneshdk) [info]
• [netflow-analyzer-panel] Netflow Analyzer Login - Panel (@dhiyaneshdk) [info]
• [tomcat-exposed] Tomcat Exposed - Detect (@Podalirius, @righettod) [info]
• [apache-ozone-conf] Apache Ozone - Exposure (@icarot) [info]
• [snoop-servlet] Snoop Servlet - Information Disclosure (@omranisecurity) [low]
• [adcs-certificate] Certification Authority Web Enrollment (ADCS) - Detection (@Pastaga, @DefTe) [info]
• [freshrss-unauth] Freshrss Admin Dashboard - Exposed (@ritikchaddha) [high]
• [adguard-installer] AdGuard - Installation (@ritikchaddha) [high]
• [freshrss-installer] FreshRSS - Installation (@ritikchaddha) [high]
• [mongod-exposure] MongoD Server - Exposure (@dhiyaneshdk) [low]
• [servicenow-title-injection] Service Now - Title Injection (@dhiyaneshdk) [high]
• [sftpgo-admin-setup] SFTPGo Admin - Setup (@ritikchaddha) [high]
• [ssrpm-arbitrary-password-reset] SSRPM - Arbitary Password Reset on Default Client Interface Installation (@vince-isec) [high]
• [apache-gravitino-detect] Apache Gravitino - Detect (@icarot) [info]
• [apache-ozone-detect] Apache Ozone - Detect (@icarot) [info]
• [wordpress-fluent-smtp] FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider Detection (@ricardomaia) [info]
• [wordpress-wp-crontrol] WP Crontrol Detection (@ricardomaia) [info]
• [hikvision-isecure-info-leak] HIKVISION iSecure Center - Information Leak (@adeljck) [high]
• [nextjs-middleware-cache] Next.js - Cache Poisoning (@dhiyaneshdk) [high]
• [nextjs-rsc-cache] Next.js - Cache Poisoning (@dhiyaneshdk) [high]
• [jan-file-upload] Jan - Arbitrary File Upload (@pussycat0x) [high]
• [lvs-download-lfi] LVS DownLoad.aspx - Local File Inclusion (LFI) (@pussycat0x) [high]
• [ncast-lfi] Ncast HD Intelligent Recording - Arbitrary File Reading (@pussycat0x) [high]
• [wifisky7-rce] WIFISKY-7 Layer Flow Control Router - Remote Code Execution (@pussycat0x) [high]
• [7777botnet-detect] 7777-Botnet - Detect (@johnk3r) [info]
• [thinkphp6-arbitrary-write] ThinkPHP 6.0.0~6.0.1 - Arbitrary File Write (@arliya) [critical]
• [nacos-workflow] Nacos Security Checks (@Co5mos)

New Contributors

• @kimtruth made their first contribution in #10260
• @omranisecurity made their first contribution in #10178
• @divatchyano made their first contribution in #10275
• @Sumanthsec made their first contribution in #10280
• @allendemoura made their first contribution in #10279
• @Matsue made their first contribution in #10165
• @adeljck made their first contribution in #10370

Full Changelog: v9.9.1...v9.9.2

v9.9.1

🔥 Release Highlights 🔥

• [CVE-2024-37032] Ollama - Remote Code Execution (@kaks3c) [critical] 🔥
• [CVE-2024-36991] Splunk Enterprise - Local File Inclusion (@dhiyaneshdk) [high] 🔥
• [CVE-2024-36401] GeoServer RCE in Evaluating Property Name Expressions (@dhiyaneshdk) [critical] 🔥
• [CVE-2024-34102] Adobe Commerce & Magento - CosmicSting (@dhiyaneshdk) [critical] 🔥
• [CVE-2024-33113] D-LINK DIR-845L bsc_sms_inbox.php file - Information Disclosure (@pussycat0x) [medium] 🔥
• [CVE-2024-29972] Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account (@gy741) [critical] 🔥
• [CVE-2024-6028] Quiz Maker <= 6.5.8.3 - SQL Injection (@s4e-garage) [critical] 🔥
• [CVE-2023-52251] Kafka UI 0.7.1 Command Injection (@yhy0, @iamnoooob) [high] 🔥
• [CVE-2020-10189] ManageEngine Desktop Central Java Deserialization (@king-alexander) [critical] 🔥

What's Changed

New Templates Added: 75 | CVEs Added: 29 | First-time contributions: 5

• [CVE-2024-37881] SiteGuard WP Plugin <= 1.7.6 - Login Page Disclosure (@s4e-garage) [medium]
• [CVE-2024-37152] Argo CD Unauthenticated Access to sensitive setting (@dhiyaneshdk) [medium]
• [CVE-2024-37032] Ollama - Remote Code Execution (@kaks3c) [critical] 🔥
• [CVE-2024-36991] Splunk Enterprise - Local File Inclusion (@dhiyaneshdk) [high] 🔥
• [CVE-2024-36401] GeoServer RCE in Evaluating Property Name Expressions (@dhiyaneshdk) [critical] 🔥
• [CVE-2024-34102] Adobe Commerce & Magento - CosmicSting (@dhiyaneshdk) [critical] 🔥
• [CVE-2024-33610] Sharp Multifunction Printers - Cookie Exposure (@gy741) [medium]
• [CVE-2024-33605] Sharp Multifunction Printers - Directory Listing (@gy741) [high]
• [CVE-2024-33113] D-LINK DIR-845L bsc_sms_inbox.php file - Information Disclosure (@pussycat0x) [medium] 🔥
• [CVE-2024-32709] WP-Recall <= 16.26.5 - SQL Injection (@s4e-garage) [critical]
• [CVE-2024-29972] Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account (@gy741) [critical] 🔥
• [CVE-2024-27292] Docassemble - Local File Inclusion (@johnk3r) [high]
• [CVE-2024-25852] Linksys RE7000 - Command Injection (@s4e-garage) [high]
• [CVE-2024-6188] TrakSYS 11.x.x - Sensitive Data Exposure (@s4e-garage) [medium]
• [CVE-2024-6028] Quiz Maker <= 6.5.8.3 - SQL Injection (@s4e-garage) [critical] 🔥
• [CVE-2024-5947] Deep Sea Electronics DSE855 - Authentication Bypass (@s4e-garage) [medium]
• [CVE-2024-5522] WordPress HTML5 Video Player < 2.5.27 - SQL Injection (@JohnDoeAnonITA) [critical]
• [CVE-2024-5084] Hash Form <= 1.1.0 - Arbitrary File Upload (@s4e-garage) [critical]
• [CVE-2024-4836] Edito CMS - Sensitive Data Leak (@s4e-garage) [high]
• [CVE-2024-4434] LearnPress WordPress LMS Plugin <= 4.2.6.5 - SQL Injection (@s4e-garage) [critical]
• [CVE-2023-52251] Kafka UI 0.7.1 Command Injection (@yhy0, @iamnoooob) [high] 🔥
• [CVE-2023-47117] Label Studio - Sensitive Information Exposure (@iamnoooob, @rootxharsh, @pdresearch) [high]
• [CVE-2023-41599] JFinalCMS v5.0.0 - Directory Traversal (@pussycat0x) [medium]
• [CVE-2023-35161] XWiki >= 6.2-milestone-1 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-35160] XWiki >= 2.5-milestone-2 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-35159] XWiki >= 3.4-milestone-1 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-35156] XWiki >= 6.0-rc-1 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-3380] WAVLINK WN579X3 - Remote Command Execution (@pussycat0x) [critical]
• [CVE-2020-10189] ManageEngine Desktop Central Java Deserialization (@king-alexander) [critical] 🔥
• [CNVD-2023-03903] EduSoho < v22.4.7 - Local File Inclusion (@s4e-garage) [high]
• [CNVD-2021-64035] Leadsec VPN - Arbitrary File Read (@xiaoWangSec) [high]
• [spring4shell-CVE-2022-22965] Spring Framework RCE via Data Binding on JDK 9+ (@dhiyaneshdk, @ritikchaddha) [critical] 🔥
• [csv-injection] CSV Injection Detection (@dhiyaneshdk, @ritikchaddha) [medium]
• [xinclude-injection] XInclude Injection - Detection (@dhiyaneshdk, @ritikchaddha) [high]
• [apache-apollo-default-login] Apache Apollo - Default Login (@ritikchaddha) [high]
• [caprover-default-login] Caprover - Default Login (@ritikchaddha) [high]
• [dialogic-xms-default-login] Dialogic XMS Admin Console - Default Login (@ritikchaddha) [high]
• [jeedom-default-login] Jeedom - Default Login (@ritikchaddha) [high]
• [ruijie-nbr-default-login] Ruijie NBR Series Routers - Default Login (@pussycat0x) [high]
• [apache-apollo-panel] Apache Apollo Panel - Detect (@ritikchaddha) [info]
• [dialogic-xms-console] Dialogic XMS Admin Console - Detect (@ritikchaddha) [info]
• [endpoint-protector-panel] Endpoint Protector Login Panel - Detect (@pussycat0x) [info]
• [label-studio-panel] Label Studio - Login Panel (@dhiyaneshdk) [info]
• [sql-server-dump] SQL Server - Dump Files (@userdehghani) [medium]
• [apache-pinot-config] Apache Pinot - Exposure (@icarot) [medium]
• [filestash-admin-config] Filestash Admin Password Configuration (@dhiyaneshdk) [high]
• [neo4j-neodash-config] Neo4j Neodash Config - Exposure (@icarot) [medium]
• [jwk-json-leak] JSON Web Key File - Exposure (@mohsen Yaghoubi) [low]
• [coolify-register-account] Coolify Register User Account - Enabled (@dhiyaneshdk) [medium]
• [forgejo-repo-exposure] Forgejo Repositories - Exposure (@dhiyaneshdk) [medium]
• [kodbox-installer] Kodbox Installation Page - Exposure (@dhiyaneshdk) [high]
• [piwigo-installer] Piwigo Installation Page - Exposure (@dhiyaneshdk) [high]
• [poste-io-installer] Poste.io - Installer (@dhiyaneshdk) [high]
• [subrion-installer] Subrion CMS Web Installer - Exposure (@ritikchaddha) [high]
• [label-studio-signup] Label Studio - Sign-up Detect (@dhiyaneshdk) [unknown]
• [laragon-phpinfo] Laragon - phpinfo Disclosure (@dhiyaneshdk) [low]
• [seq-dashboard-unauth] Seq Dashboard - Unauthenticated (@dhiyaneshdk) [high]
• [apache-cloudstack-detect] Apache CloudStack - Detect (@pussycat0x) [info]
• [apache-pinot-detect] Apache Pinot - Detect (@icarot) [info]
• [neo4j-neodash-detect] Neo4j Neodash - Detect (@icarot) [info]
• [wordpress-chaty] Floating Chat Widget' Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty Detection (@ricardomaia) [info]
• [polyfill-backdoor] Polyfill.io - Detection (@kazet) [low]
• [hjsoft-hcm-lfi] Hongjing HCM - Local File Inclusion (@s4e-garage) [high]
• [hjsoft-hcm-sqli] Hongjing HCM - Sql Injection (@s4e-garage) [high]
• [hjsoft-hcm-tb-sqli] Hongjing HCM - Time-Based Sql Injection (@s4e-garage) [high]
• [jinhe-oa-c6-upload-lfi] Jinhe OA_C6_UploadFileDownLoadnew - Arbitrary File Read (@pussycat0x) [high]
• [next-js-cache-poisoning] Next.js Cache Poisoning (@Ice3man543) [high]
• [azon-dominator-sqli] Azon Dominator - SQL Injection (@s4e-garage) [high]
• [bagisto-csti] Bagisto 2.1.2 Client-Side Template Injection (@s4e-garage) [medium]
• [crocus-lfi] Crocus system Service.do - Arbitrary File Read (@pussycat0x) [high]
• [enjoyrmis-sqli] EnjoyRMIS - SQL Injection (@s4e-garage) [high]
• [h3c-cnsss-arbitrary-file-upload] H3C CNSSS - Arbitrary File Upload (@s4e-garage) [critical]
• [pingsheng-electronic-sqli] Pingsheng Electronic Reservoir Supervision Platform - Sql Injection (@s4e-garage) [high]
• [sharp-printers-lfi] Sharp Multifunction Printers - Local File Inclusion (@gy741) [high]
• [ldap-metadata] LDAP Metadata - Enumeration (@pussycat0x) [info]

New Contributors

• @yhy0 made their first contribution in #9345
• @JohnDoeAnonITA made their first contribution in #10137
• @zeroc00I made their first contribution in #10171
• @IPv4v6 made their first contribution in #10212
• @BitThr3at made their first contribution in #10224

Full Changelog: v9.9.0...v9.9.1

v9.9.0 - Kubernetes Cluster Security 🎉

🔥 Release Highlights 🔥

We are expanding the Nuclei Templates to include a specialized set of security checks dedicated to Kubernetes environments. This initiative will cover various Kubernetes components such as Pods, Deployments, StatefulSets, Services, and Network Policies. The new templates will focus on common misconfigurations, compliance issues, and adherence to industry best practices, utilizing the enhanced capabilities like flow, code & javascript protocol.

The addition of these Kubernetes-specific templates will enable security teams to perform in-depth security assessments of Kubernetes clusters, identifying critical misconfigurations and vulnerabilities. Additionally, this update will support customizable checks that align with unique operational needs, helping teams efficiently detect and address security gaps in their Kubernetes setups.

We invite contributors and reviewers to offer their insights and suggestions to refine and advance the development of these Kubernetes security templates. You can read more about it in this blog post.

Other Highlights

• [CVE-2024-32113] Apache OFBiz Directory Traversal - Remote Code Execution (@dhiyaneshdk) [high] 🔥
• [CVE-2024-31982] XWiki < 4.10.20 - Remote code execution (@ritikchaddha) [critical] 🔥
• [CVE-2024-29973] Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection (@ritikchaddha) [critical] 🔥
• [CVE-2024-29895] Cacti cmd_realtime.php - Command Injection (@pussycat0x) [critical] 🔥
• [CVE-2024-29824] Ivanti EPM - Remote Code Execution (@dhiyaneshdk) [critical] 🔥
• [CVE-2024-28995] SolarWinds Serv-U - Directory Traversal (@dhiyaneshdk) [high] 🔥
• [CVE-2024-23692] Rejetto HTTP File Server - Template injection (@johnk3r) [critical] 🔥
• [CVE-2023-51449] Gradio Hugging Face - Local File Inclusion (@nvn1729) [high] 🔥
• [CVE-2023-50719] XWiki < 4.10.15 - Sensitive Information Disclosure (@ritikchaddha) [high] 🔥
• [CVE-2023-43472] MLFlow < 2.8.1 - Sensitive Information Disclosure (@ritikchaddha) [high] 🔥

What's Changed

New Templates Added: 164 | CVEs Added: 41 | First-time contributions: 4

• [CVE-2024-37393] SecurEnvoy Two Factor Authentication - LDAP Injection (s4e-garage) [critical]
• [CVE-2024-36837] CRMEB v.5.2.2 - SQL Injection (@dhiyaneshdk) [high]
• [CVE-2024-36527] Puppeteer Renderer - Directory Traversal (@Stux) [medium]
• [CVE-2024-36412] SuiteCRM - SQL Injection (s4e-garage) [critical]
• [CVE-2024-34982] LyLme-Spage - Arbitary File Upload (@dhiyaneshdk) [high]
• [CVE-2024-32113] Apache OFBiz Directory Traversal - Remote Code Execution (@dhiyaneshdk) [high] 🔥
• [CVE-2024-31982] XWiki < 4.10.20 - Remote code execution (@ritikchaddha) [critical] 🔥
• [CVE-2024-31750] F-logic DataCube3 - SQL Injection (@dhiyaneshdk) [high]
• [CVE-2024-29973] Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection (@ritikchaddha) [critical] 🔥
• [CVE-2024-29895] Cacti cmd_realtime.php - Command Injection (@pussycat0x) [critical] 🔥
• [CVE-2024-29824] Ivanti EPM - Remote Code Execution (@dhiyaneshdk) [critical] 🔥
• [CVE-2024-28995] SolarWinds Serv-U - Directory Traversal (@dhiyaneshdk) [high] 🔥
• [CVE-2024-27718] Smart s200 Management Platform v.S200 - SQL Injection (@dhiyaneshdk) [high]
• [CVE-2024-24565] CrateDB Database - Arbitrary File Read (@dhiyaneshdk) [medium]
• [CVE-2024-24112] Exrick XMall - SQL Injection (@dhiyaneshdk) [critical]
• [CVE-2024-23692] Rejetto HTTP File Server - Template injection (@johnk3r) [critical] 🔥
• [CVE-2024-21650] XWiki < 4.10.20 - Remote code execution (@ritikchaddha) [critical]
• [CVE-2024-4443] Business Directory Plugin <= 6.4.2 - SQL Injection (s4e-garage) [critical]
• [CVE-2024-3922] Dokan Pro <= 3.10.3 - SQL Injection (s4e-garage) [critical]
• [CVE-2024-3552] Web Directory Free < 1.7.0 - SQL Injection (s4e-garage) [critical]
• [CVE-2024-3274] D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure (@dhiyaneshdk) [medium]
• [CVE-2024-2621] Fujian Kelixin Communication - Command Injection (@dhiyaneshdk) [medium]
• [CVE-2024-1728] Gradio > 4.19.1 UploadButton - Path Traversal (@isacaya) [high]
• [CVE-2024-0939] Smart S210 Management Platform - Arbitary File Upload (@dhiyaneshdk) [critical]
• [CVE-2024-0250] Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect (s4e-garage) [medium]
• [CVE-2023-51449] Gradio Hugging Face - Local File Inclusion (@nvn1729) [high] 🔥
• [CVE-2023-50720] XWiki < 4.10.15 - Email Disclosure (@ritikchaddha) [medium]
• [CVE-2023-50719] XWiki < 4.10.15 - Sensitive Information Disclosure (@ritikchaddha) [high] 🔥
• [CVE-2023-48241] XWiki < 4.10.15 - Information Disclosure (@ritikchaddha) [high]
• [CVE-2023-46732] XWiki < 14.10.14 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-45136] XWiki < 14.10.14 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-43472] MLFlow < 2.8.1 - Sensitive Information Disclosure (@ritikchaddha) [high] 🔥
• [CVE-2023-38194] SuperWebMailer - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-37645] EyouCms v1.6.3 - Information Disclosure (@pussycat0x) [medium]
• [CVE-2023-32068] XWiki - Open Redirect (@ritikchaddha) [medium]
• [CVE-2023-6786] Payment Gateway for Telcell < 2.0.4 - Open Redirect (s4e-garage) [medium]
• [CVE-2023-6505] Prime Mover < 1.9.3 - Sensitive Data Exposure (s4e-garage) [high]
• [CVE-2021-43831] Gradio < 2.5.0 - Arbitrary File Read (@isacaya) [high]
• [CVE-2021-38147] Wipro Holmes Orchestrator 20.4.1 - Information Disclosure (s4e-garage) [high]
• [CVE-2021-38146] Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download (s4e-garage) [high]
• [CVE-2021-4436] 3DPrint Lite < 1.9.1.5 - Arbitrary File Upload (s4e-garage) [critical]
• [sns-public-subscribe-access] Public Subscription Access of SNS Topics via Policy (@Ritesh_Gohil(#L4stPL4Y3R)) [high]
• [k8s-cpu-limits-not-set] CPU limits not set in Deployments (@princechaddha) [medium]
• [k8s-cpu-requests-not-set] CPU Requests not set in Deployments (@princechaddha) [medium]
• [k8s-default-namespace-used] Default Namespace Usage in Deployments (@princechaddha) [high]
• [k8s-host-ports-check] Host ports should not be used (@princechaddha) [medium]
• [k8s-image-pull-policy-always] Image Pull Policy set to Always (@princechaddha) [low]
• [k8s-image-tag-not-fixed] Image Tag should be fixed - not latest or blank (@princechaddha) [low]
• [k8s-liveness-probe-not-configured] Liveness Probe Not Configured in Deployments (@princechaddha) [medium]
• [k8s-memory-limits-not-set] Memory limits not set in Deployments (@princechaddha) [medium]
• [k8s-memory-requests-not-set] Memory requests not set in Deployments (@princechaddha) [medium]
• [minimize-added-capabilities] Minimize container added capabilities (@princechaddha) [high]
• [k8s-privileged-containers] Privileged Containers Found in Deployments (@princechaddha) [critical]
• [k8s-readiness-probe-not-set] Readiness Probes not set in Deployments (@princechaddha) [medium]
• [k8s-root-container-admission] Minimize the admission of root containers (@princechaddha) [critical]
• [k8s-seccomp-profile-set] Set appropriate seccomp profile (@princechaddha) [medium]
• [kubernetes-code-env] Kubernetes Cluster Validation (@princechaddha) [info]
• [k8s-netpol-egress-rules] Network policies define egress rules (@princechaddha) [medium]
• [k8s-netpol-namespace] Network Policies specify namespace (@princechaddha) [medium]
• [k8s-network-ingress-rules] Define network ingress rules (@princechaddha) [medium]
• [k8s-allow-privilege-escalation-set] Containers run with allowPrivilegeEscalation enabled (@princechaddha) [critical]
• [k8s-containers-share-host-ipc] Containers sharing host IPC namespace (@princechaddha) [critical]
• [k8s-host-network-namespace-shared] Host Network Namespace Sharing (@princechaddha) [high]
• [k8s-host-pid-namespace-sharing] Host PID Namespace Sharing (@princechaddha) [critical]
• [k8s-readonly-fs] Enforce Read-Only Filesystem for Containers (@princechaddha) [critical]
• [k8s-readonly-rootfs] Pods with read-only root filesystem (@princechaddha) [medium]
• [k8s-root-user-id] Pods run with root user ID (@princechaddha) [low]
• [audit-log-path-set] Ensure audit-log-path set (@princechaddha) [medium]
• [k8s-enc-prov-conf] Ensure that encryption providers are configured (@princechaddha) [medium]
• [k8s-etcd-cafile-set] Ensure etcd-cafile argument set (@princechaddha) [medium]
• [k8s-etcd-files-set] Ensure etcd cert and key set (@princechaddha) [medium]
• [k8s-ns-usage-check] Ensure namespaces are utilized (@princechaddha) [info]
• [k8s-svc-acct-issuer-set] Checks if service-account-issuer is correctly configured (@princechaddha) [medium]
• [k8s-svc-acct-key] Ensure service-account-key-file set (@princechaddha) [medium]
• [k8s-svc-acct-lookup-set] Ensure service-account-lookup set (@princechaddha) [medium]
• [k8s-tls-config-set] Ensure TLS config appropriately set (@princechaddha) [medium]
• [time-based-sqli] Time-Based Blind SQL Injection (@0xKayala) [critical]
• [anthem-deeppanda-malware-hash] Anthem DeepPanda Trojan Kakfum Malware Hash - Detect (@pussycat0x) [info]
• [applejeus-malware-hash] AppleJeus Malware Hash - Detect (@pussycat0x) [info]
• [avburner-malware-hash] AVBurner Malware Hash - Detect (@pussycat0x) [info]
• [backwash-malware-hash] Backwash Malware Hash - Detect (@pussycat0x) [info]
• [blackenergy-driver-amdide-hash] Blackenergy-Driver Amdide Hash - Detect (@pussycat0x) [info]
• [blackenergy-driver-malware-hash] BlackEnergy Driver USBMDM Malware Hash - Detect (@pussycat0x) [info]
• [blackenergy-killdisk-malware-hash] BlackEnergy KillDisk Malware Hash - Detect (@pussycat0x) [info]
• [blackenergy-ssh-malware-hash] BlackEnergy BackdoorPass DropBear SSH Malware Hash - Detect (@pussycat0x) [info]
• [blackenergy-vbs-malware-hash] BlackEnergy VBS Agent Malware Hash - Detect (@pussycat0x) [info]
• [bluelight-malware-hash] bluelight Malware ...

Added CVE-2024-4577 + Bug fixes

🔥 Release Highlights 🔥

[CVE-2024-4577] PHP CGI - Argument Injection (@hüseyin TINTAŞ, @sw0rk17, @s4e-garage, @pdresearch) [critical]

What's Changed

• Lorex Favicon Hash by @rxerium in #10001
• add cve-2024-4577 by @Kazgangap in #9997

Full Changelog: v9.8.8...v9.8.9

v9.8.8

🔥 Release Highlights 🔥

• [CVE-2024-27348] Apache HugeGraph-Server - Remote Command Execution (@dhiyaneshdk) [high] 🔥
• [CVE-2024-24919] Check Point Quantum Gateway - Information Disclosure (@johnk3r) [high] 🔥
• [CVE-2024-21683] Atlassian Confluence Data Center and Server - Remote Code Execution (@pdresearch) [high] 🔥
• [CVE-2024-4358] Progress Telerik Report Server - Authentication Bypass (@dhiyaneshdk) [critical] 🔥
• [CVE-2024-3495] Wordpress Country State City Dropdown <=2.7.2 - SQL Injection (@apple) [critical] 🔥

What's Changed

New Templates Added: 77 | CVEs Added: 17 | First-time contributions: 8

• [CVE-2024-34470] HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion (@topscoder) [high]
• [CVE-2024-27348] Apache HugeGraph-Server - Remote Command Execution (@dhiyaneshdk) [high] 🔥
• [CVE-2024-25723] ZenML ZenML Server - Improper Authentication (@david Botelho Mariano) [critical]
• [CVE-2024-24919] Check Point Quantum Gateway - Information Disclosure (@johnk3r) [high] 🔥
• [CVE-2024-21683] Atlassian Confluence Data Center and Server - Remote Code Execution (@pdresearch) [high] 🔥
• [CVE-2024-5230] FleetCart 4.1.1 - Information Disclosure (@SecurityForEveryone) [medium]
• [CVE-2024-4358] Progress Telerik Report Server - Authentication Bypass (@dhiyaneshdk) [critical] 🔥
• [CVE-2024-3822] Base64 Encoder/Decoder <= 0.9.2 - Cross-Site Scripting (@omranisecurity) [medium]
• [CVE-2024-3495] Wordpress Country State City Dropdown <=2.7.2 - SQL Injection (@apple) [critical] 🔥
• [CVE-2024-1380] Relevanssi (A Better Search) <= 4.22.0 - Query Log Export (@flx) [medium]
• [CVE-2023-48084] Nagios XI < 5.11.3 - SQL Injection (@ritikchaddha) [critical]
• [CVE-2023-35162] XWiki < 14.10.5 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-3077] MStore API < 3.9.8 - SQL Injection (@dhiyaneshdk) [critical]
• [CVE-2023-2059] DedeCMS 5.7.87 - Directory Traversal (@pussycat0x) [medium]
• [CVE-2022-34534] Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure (@ritikchaddha) [high]
• [CVE-2022-1580] Site Offline WP Plugin < 1.5.3 - Authorization Bypass (@Kazgangap) [medium]
• [CVE-2022-0666] Microweber < 1.2.11 - CRLF Injection (@ritikchaddha) [high]
• [sns-topic-public-accessible] Public Access of SNS Topics via Policy (@Ritesh_Gohil(#L4stPL4Y3R)) [high]
• [webpack-sourcemap] Webpack Sourcemap (@Lucky0x0D, @PulseSecurity.co.nz) [low]
• [CNVD-2024-15077] AJ-Report Open Source Data Screen - Remote Code Execution (@pussycat0x) [high]
• [ampjuke-default-login] AmpJuke - Default Login (@ritikchaddha) [high]
• [cambium-networks-default-login] Canopy 5.7GHz Access Point - Default Login (@defektive) [high]
• [digital-watchdog-default-login] Digital Watchdog - Default Login (@omranisecurity) [high]
• [busybox-repository-browser] Busybox Repository Browser - Detect (@ritikchaddha) [info]
• [cisco-firepower-panel] Cisco Firepower Management Center login - Detect (@charles D) [info]
• [cox-business-panel] Cox Business Dominion Gateway Login Panel - Detect (@dhiyaneshdk) [info]
• [digital-watchdog-panel] Digital Watchdog - Detect (@ritikchaddha) [info]
• [f5-admin-interface] F5 Admin Interface - Detect (@drewvravick) [info]
• [fortisiem-panel] FortiSIEM Login Panel - Detect (@pussycat0x) [info]
• [oracle-access-management] Oracle Access Management Login Panel - Detect (@righettod) [info]
• [oracle-peoplesoft-panel] Oracle PeopleSoft Login Panel - Detect (@idealphase, @righettod) [info]
• [vrealize-hyperic-panel] vRealize Hyperic Login Panel - Detect (@charles D) [info]
• [wechat-corpsecret-key] Enterprise WeChat Corpsecret Key (@N0el4kLs) [info]
• [netgear-boarddataww-rce] Netgear Devices boardDataWW.php - Unauth RCE (@pussycat0x) [critical]
• [directory-listing] Directory Listing Enabled (@themiddle) [low]
• [dont-panic-traceback] DON'T PANIC Traceback (@ritikchaddha) [low]
• [cowboy-detect] Cowboy - Detect (@Sechunt3r) [info]
• [gabia-server-detect] Gabia Server - Detection (@jadu101) [info]
• [gotweb-detect] GotWeb Detect (@lu4nx) [info]
• [sparklighter-detect] Spark Lighter Detection (@icarot) [info]
• [aquatronica-info-leak] Aquatronica Control System 5.1.6 - Information Disclosure (@SecurityForEveryone) [high]
• [array-vpn-lfi] Array VPN - Arbitrary File Reading Vulnerability (@pussycat0x) [high]
• [cerio-dt-rce] CERIO-DT Interface - Command Execution (@pussycat0x) [critical]
• [easycvr-info-leak] EasyCVR video management - Users Information Exposure (@pussycat0x) [high]
• [proftpd-backdoor] ProFTPd-1.3.3c - Backdoor Command Execution (@pussycat0x) [critical]
• [samba-detect] Samba - Detection (@pussycat0x) [info]
• [rsync-list-modules] Rsync List Modules - Enumeration (@pussycat0x) [low]
• [bitvise-detect] SSH Bitvise Service - Detect (@abdullahisik) [info]
• [activecollab-installer] ActiveCollab Installation Page - Exposure (@dhiyaneshdk) [high]
• [call-com-installer] Call.com Setup Page - Exposure (@dhiyaneshdk) [high]
• [cms-made-simple-installer] CMS Made Simple Installation Page - Exposure (@dhiyaneshdk) [high]
• [confluence-installer] Confluence Installation Page - Exposure (@dhiyaneshdk) [high]
• [cubebackup-setup-installer] CubeBackup Setup Page - Exposure (@dhiyaneshdk) [high]
• [easy-wi-installer] Easy-WI Installation Page - Exposure (@dhiyaneshdk) [high]
• [ejbca-enterprise-installer] EJBCA Enterprise Cloud Configuration Wizard - Exposure (@dhiyaneshdk) [high]
• [flarum-installer] Flarum Installation Page - Exposure (@dhiyaneshdk) [high]
• [fleetcart-installer] FleetCart Installation Page - Exposure (@dhiyaneshdk) [high]
• [glpi-installer] GLPI Installation Page - Exposure (@dhiyaneshdk) [high]
• [invicti-enterprise-installer] Invicti Enterprise Installation Page - Exposure (@dhiyaneshdk) [high]
• [invoice-ninja-installer] Invoice Ninja Setup Page - Exposure (@dhiyaneshdk) [high]
• [jfa-go-installer] jfa-go Setup Page - Exposure (@dhiyaneshdk) [high]
• [justfans-installer] JustFans Installation Page - Exposure (@dhiyaneshdk) [high]
• [librenms-installer] LibreNMS Installation Page - Exposure (@dhiyaneshdk) [high]
• [mura-cms-setup-installer] Mura CMS Setup Page - Exposure (@dhiyaneshdk) [high]
• [onlyoffice-installer] OnlyOffice Wizard Page - Exposure (@dhiyaneshdk) [high]
• [openemr-setup-installer] OpenEMR Setup Installation Page - Exposure (@dhiyaneshdk) [high]
• [orchard-installer] Orchard Setup Wizard - Exposure (@dhiyaneshdk) [high]
• [pandora-fms-installer] Pandora FMS Installation Page - Exposure (@dhiyaneshdk) [high]
• [profittrailer-installer] ProfitTrailer Setup Page - Exposure (@dhiyaneshdk) [high]
• [projectsend-installer] ProjectSend Installation Page - Exposure (@dhiyaneshdk) [high]
• [snipe-it-installer] Snipe-IT Setup Page - Exposure (@dhiyaneshdk) [high]
• [stackposts-installer] StackPosts Installation Page - Exposure (@dhiyaneshdk) [high]
• [tastyigniter-installer] TastyIgniter Setup Page - Exposure (@dhiyaneshdk) [high]
• [ubersmith-installer] Ubersmith Setup Page - Exposure (@dhiyaneshdk) [high]
• [uvdesk-helpdesk-installer] UVDesk Helpdesk Installation Page - Exposure (@dhiyaneshdk) [high]
• [virtual-smartzone-installer] Virtual SmartZone Setup Wizard - Exposure (@dhiyaneshdk) [high]
• [wowonder-installer] WoWonder Installation Page - Exposure (@dhiyaneshdk) [high]

New Contributors

• @defektive made their first contribution in #9845
• @N0el4kLs made their first contribution in #9867
• @moyue83 made their first contribution in #9929
• @isikabdullah44 made their first contribution in #9850
• @Dev0psSec made their first contribution in #9967
• @icarot made their first contribution in #9827
• @pdteamx made their first contribution in #9978
• @L4stPL4Y3R made their first contribution in #9988

Full Changelog: v9.8.7...v9.8.8

v9.8.7

🔥 Release Highlights 🔥

• [CVE-2024-0200] Github Enterprise - Authenticated RCE (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2024-4956] Sonatype Nexus Repository Manager 3 - Local File Inclusion (@ritikchaddha) [high] 🔥
• [CVE-2024-0195] SpiderFlow Crawler Platform - Remote Code Execution (@pussycat0x) [critical] 🔥
• [CVE-2023-43374] Hoteldruid v3.0.5 - SQL Injection (@ritikchaddha) [critical] 🔥

What's Changed

New Templates Added: 62 | CVEs Added: 16 | First-time contributions: 3

• [CVE-2024-33288] Prison Management System - SQL Injection Authentication Bypass (@Kazgangap) [high]
• [CVE-2024-4956] Sonatype Nexus Repository Manager 3 - Local File Inclusion (@ritikchaddha) [high] 🔥
• [CVE-2024-3097] NextGEN Gallery <= 3.59 - Missing Authorization to Unauth Information Disclosure (@DhiyanesDK) [medium]
• [CVE-2024-1561] Gradio Applications - Local File Read (@diablo) [high]
• [CVE-2024-0200] Github Enterprise - Authenticated RCE (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2024-0195] SpiderFlow Crawler Platform - Remote Code Execution (@pussycat0x) [critical] 🔥
• [CVE-2023-45855] qdPM 9.2 - Directory Traversal (@dhiyaneshdk) [high]
• [CVE-2023-44813] mooSocial v.3.1.8 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-43374] Hoteldruid v3.0.5 - SQL Injection (@ritikchaddha) [critical] 🔥
• [CVE-2023-36347] POS Codekop v2.0 - Broken Authentication (@princechaddha) [high]
• [CVE-2023-36284] QloApps 1.6.0 - SQL Injection (@ritikchaddha) [high]
• [CVE-2023-35158] XWiki - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-29827] Embedded JavaScript(EJS) 3.1.6 - Template Injection (@ritikchaddha) [critical]
• [CVE-2023-6065] Quttera Web Malware Scanner <= 3.4.1.48 - Sensitive Data Exposure (@Kazgangap) [medium]
• [CVE-2023-5991] Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion (@Kazgangap) [critical]
• [CVE-2023-4542] D-Link DAR-8000-10 - Command Injection (@pussycat0x) [critical]
• [CNVD-2017-06001] Dahua DSS - SQL Injection (@napgh0st, @ritikchaddha) [high]
• [softether-vpn-default-login] SoftEther VPN Admin Console - Default Login (@bhutch) [high]
• [ackee-panel] Ackee Panel - Detect (@userdehghani) [info]
• [craftercms-panel] CrafterCMS Login Panel - Detect (@righettod) [info]
• [easyvista-panel] EasyVista Login Panel - Detect (@righettod) [info]
• [f5-next-central-manager] F5 Next Central Manager Panel - Detect (@EgemenKochisarli) [info]
• [ghost-panel] Ghost Panel - Detect (@userdehghani) [info]
• [matomo-panel] Matomo Panel - Detect (@Arr0way, @userdehghani) [info]
• [microfocus-lifecycle-panel] Micro Focus Application Lifecycle Management - Panel (@righettod) [info]
• [n8n-panel] n8n Panel - Detect (@userdehghani) [info]
• [nocodb-panel] NocoDB Panel - Detect (@userdehghani) [info]
• [oracle-ebusiness-panel] Oracle E-Business Suite Login Panel - Detect (@righettod) [info]
• [pocketbase-panel] PocketBase Panel - Detect (@userdehghani) [info]
• [qlikview-accesspoint-panel] QlikView AccessPoint Login Panel - Detect (@righettod) [info]
• [tiny-rss-panel] Tiny RSS Panel - Detect (@userdehghani) [info]
• [unleash-panel] Unleash Panel - Detect (@userdehghani) [info]
• [tpot-honeypot-detect] T-Pot Honeypot - Detect (@rxerium) [info]
• [imgproxy-unauth] Imgproxy Unauthorized Access (@userdehghani) [low]
• [custom-xoops-installer] XOOPS Custom - Installation (@dhiyaneshdk) [high]
• [easy-viserlabs-installer] Easy Installer by ViserLab - Exposure (@dhiyaneshdk) [high]
• [forgejo-installer] Forgejo Installation Page - Exposure (@dhiyaneshdk) [high]
• [froxlor-installer] Froxlor Server Management - Installer (@dhiyaneshdk) [high]
• [growi-installer] GROWI Installer - Exposure (@dhiyaneshdk) [high]
• [ids-skills-installer] IDP Skills Installer - Exposure (@dhiyaneshdk) [high]
• [moosocial-installer] mooSocial Installation - Exposure (@ritikchaddha) [high]
• [octoprint-installer] OctoPrint Installation Page - Exposure (@dhiyaneshdk) [high]
• [openfire-setup] Openfire Setup - Exposure (@dhiyaneshdk) [high]
• [phpmyfaq-installer] phpMyFAQ Installation - Exposure (@ritikchaddha) [high]
• [qloapps-installer] QloApps - Installation (@ritikchaddha) [high]
• [trilium-notes-installer] Trilium Notes Installer - Exposure (@dhiyaneshdk) [high]
• [wiki-js-installer] Wiki.js Setup - Exposure (@dhiyaneshdk) [high]
• [xbackbone-installer] XBackBone Installer - Exposure (@dhiyaneshdk) [high]
• [unigui-server-monitor-exposure] UniGUI Server Monitor Panel - Exposure (@serrapa) [low]
• [apache-answer-detect] Apache Answer - Detection (@omranisecurity) [info]
• [boa-web-server] Boa Web Server - Detect (@johnk3r) [info]
• [craftercms-detect] CrafterCMS - Detect (@righettod) [info]
• [imgproxy-detect] Imgproxy Detect (@userdehghani) [info]
• [meilisearch-detect] Meilisearch - Detect (@userdehghani) [info]
• [microfocus-iprint-detect] Micro Focus iPrint Appliance - Detect (@righettod) [info]
• [statamic-detect] Statamic - Detect (@geeknik) [info]
• [tinyproxy-detect] Tinyproxy - Detect (@bhutch) [info]
• [uni-gui-framework] UniGUI Framework - Detect (@serrapa) [info]
• [wp-bricks-builder-theme] WordPress Bricks Builder Theme Version (@Anonymous) [info]
• [castel-digital-sqli] Castel Digital - Authentication Bypass (@Kazgangap) [high]
• [tendat-credential] Tendat Router Credential - Exposure (@pussycat0x) [high]
• [checkpoint-firewall-enum] Check Point Firewall - Detect (@pussycat0x) [info]

New Contributors

• @x676f64 made their first contribution in #9690
• @Ahsraeisi made their first contribution in #9793
• @jmac774 made their first contribution in #9844

Full Changelog: v9.8.6...v9.8.7

v9.8.6

🔥 Release Highlights 🔥

• http/cves/2024/CVE-2024-23917.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
• http/cves/2024/CVE-2024-27956.yaml by @dhiyaneshdk 🔥
• http/cves/2024/CVE-2024-2876.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
• http/cves/2024/CVE-2024-3136.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
• http/cves/2024/CVE-2024-31848.yaml by @pussycat0x 🔥
• http/cves/2024/CVE-2024-4040.yaml by @dhiyaneshdk,@pussycat0x 🔥
• http/cves/2023/CVE-2023-2227.yaml by @ritikchaddha,@princechaddha 🔥
• http/cves/2023/CVE-2023-31446.yaml by @dhiyaneshdk 🔥
• http/cves/2023/CVE-2023-43208.yaml by @princechaddha 🔥
• http/cves/2023/CVE-2023-6989.yaml by @Kazgangap 🔥
• http/cves/2019/CVE-2019-7139.yaml by @mastercho 🔥

What's Changed

New Templates Added: 65 | CVEs Added: 41 | First-time contributions: 3

• http/cves/2024/CVE-2024-0235.yaml by @princechaddha
• http/cves/2024/CVE-2024-0881.yaml by @Kazgangap
• http/cves/2024/CVE-2024-1183.yaml by @dhiyaneshdk
• http/cves/2024/CVE-2024-22927.yaml by @ritikchaddha
• http/cves/2024/CVE-2024-2340.yaml by @t3l3machus
• http/cves/2024/CVE-2024-23917.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
• http/cves/2024/CVE-2024-24131.yaml by @dhiyaneshdk
• http/cves/2024/CVE-2024-27956.yaml by @dhiyaneshdk 🔥
• http/cves/2024/CVE-2024-2876.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
• http/cves/2024/CVE-2024-3136.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
• http/cves/2024/CVE-2024-31621.yaml by @dhiyaneshdk
• http/cves/2024/CVE-2024-31848.yaml by @pussycat0x 🔥
• http/cves/2024/CVE-2024-31849.yaml by @dhiyaneshdk
• http/cves/2024/CVE-2024-31850.yaml by @dhiyaneshdk
• http/cves/2024/CVE-2024-31851.yaml by @dhiyaneshdk
• http/cves/2024/CVE-2024-32399.yaml by @dhiyaneshdk
• http/cves/2024/CVE-2024-32640.yaml by @iamnoooob,@rootxharsh,@pdresearch
• http/cves/2024/CVE-2024-32651.yaml by @edoardottt
• http/cves/2024/CVE-2024-33575.yaml by @Kazgangap
• http/cves/2024/CVE-2024-33724.yaml by @Kazgangap
• http/cves/2024/CVE-2024-4040.yaml by @dhiyaneshdk,@pussycat0x 🔥
• http/cves/2024/CVE-2024-4348.yaml by @Kazgangap
• http/cves/2023/CVE-2023-1892.yaml by @ritikchaddha,@princechaddha
• http/cves/2023/CVE-2023-2227.yaml by @ritikchaddha,@princechaddha 🔥
• http/cves/2023/CVE-2023-27032.yaml by @mastercho
• http/cves/2023/CVE-2023-2948.yaml by @ritikchaddha,@princechaddha
• http/cves/2023/CVE-2023-2949.yaml by @ritikchaddha,@princechaddha
• http/cves/2023/CVE-2023-31446.yaml by @dhiyaneshdk 🔥
• http/cves/2023/CVE-2023-32077.yaml by @iamnoooob,@rootxharsh,@pdresearch
• http/cves/2023/CVE-2023-38964.yaml by @ritikchaddha
• http/cves/2023/CVE-2023-43208.yaml by @princechaddha 🔥
• http/cves/2023/CVE-2023-44812.yaml by @ritikchaddha
• http/cves/2023/CVE-2023-4521.yaml by @princechaddha
• http/cves/2023/CVE-2023-45375.yaml by @mastercho
• http/cves/2023/CVE-2023-46347.yaml by @mastercho
• http/cves/2023/CVE-2023-4973.yaml by @ritikchaddha,@princechaddha
• http/cves/2023/CVE-2023-5003.yaml by @Kazgangap
• http/cves/2023/CVE-2023-6389.yaml by @Kazgangap
• http/cves/2023/CVE-2023-6989.yaml by @Kazgangap 🔥
• http/cves/2019/CVE-2019-7139.yaml by @mastercho 🔥
• http/cves/2015/CVE-2015-4455.yaml by @mastercho
• http/vulnerabilities/citrix/citrix-oob-memory-read.yaml by @Ice3man
• http/vulnerabilities/prestashop/prestashop-cartabandonmentpro-file-upload.yaml by @mastercho
• http/vulnerabilities/titan/titannit-web-rce.yaml by @dhiyaneshdk
• http/vulnerabilities/vbulletin/vbulletin-search-sqli.yaml by @mastercho
• http/default-logins/crushftp/crushftp-anonymous-login.yaml by @pussycat0x
• http/default-logins/crushftp/crushftp-default-login.yaml by @pussycat0x
• http/default-logins/soplanning/soplanning-default-login.yaml by @Kazgangap
• http/misconfiguration/installer/eyoucms-installer.yaml by @ritikchaddha
• http/misconfiguration/installer/sabnzbd-installer.yaml by @dhiyaneshdk
• http/misconfiguration/microsoft/ms-exchange-local-domain.yaml by @userdehghani
• http/misconfiguration/titannit-web-exposure.yaml by @dhiyaneshdk
• http/takeovers/squadcast-takeover.yaml by @philippedelteil
• http/exposed-panels/bmc/bmc-remedy-sso-panel.yaml by @righettod
• http/exposed-panels/bonobo-server-panel.yaml by @bhutch
• http/exposed-panels/cassia-bluetooth-gateway-panel.yaml by @dhiyaneshdk
• http/exposed-panels/cyberchef-panel.yaml by @rxerium
• http/exposed-panels/femtocell-panel.yaml by @dhiyaneshdk
• http/exposed-panels/monitorr-panel.yaml by @ritikchaddha
• http/exposed-panels/openwebui-panel.yaml by @rxerium
• http/exposed-panels/teamforge-panel.yaml by @lstatro
• http/exposed-panels/tixeo-panel.yaml by @righettod
• http/exposed-panels/umami-panel.yaml by @userdehghani
• network/detection/aix-websm-detect.yaml by @righettod
• network/detection/bluecoat-telnet-proxy-detect.yaml by @righettod

New Contributors

• @theMiddleBlue made their first contribution in #9637
• @userdehghani made their first contribution in #9666
• @jason3e7 made their first contribution in #9731

Full Changelog: v9.8.5...v9.8.6

v9.8.5 - AWS Cloud Config Review

🔥 Release Highlights 🔥

We're excited to share about Nuclei-Templates v9.8.5! This new version includes newly added AWS cloud config review templates.
These templates can be used by companies or pentesters for identifying misconfigurations in the AWS cloud environment.

Similarly by leveraging aws code templates, security teams will be able to write their own checks for identifying misconfigurations that are specific to their particular workflows. This will enable them to effectively identify and remediate potential security issues within AWS environments.

To use cloud configuration review templates, first we need set up the environment. This setup is similar to using the aws-cli, where you either add aws_access_key_id and aws_secret_access_key to the ~/.aws/credentials file or export them as environment variables.

nuclei -id aws-code-env -code

We've also introduced the concept of profiles, which allow users to run a specific set of templates tailored for a particular use case. For running AWS templates, we have a profile named aws-cloud-config.

Now you're all set to run the templates!

nuclei -config ~/nuclei-templates/profiles/aws-cloud-config.yml -cloud-upload

What's Changed

New Templates Added: 142 | CVEs Added: 10 | First-time contributions: 6

• http/cves/2024/CVE-2024-26331.yaml by @carsonchan12345 🔥
• http/cves/2024/CVE-2024-3400.yaml by @Salts,@parthmalhotra 🔥
• http/cves/2024/CVE-2024-3273.yaml by @pussycat0x 🔥
• code/cves/2024/CVE-2024-3094.yaml by @pdteam 🔥
• http/cves/2024/CVE-2024-2879.yaml by @d4ly 🔥
• http/cves/2024/CVE-2024-2389.yaml by @pdresearch,@parthmalhotra 🔥
• http/cves/2024/CVE-2024-0337.yaml by @Kazgangap
• javascript/cves/2023/CVE-2023-48795.yaml by @pussycat0x
• http/cves/2022/CVE-2022-24627.yaml by @geeknik
• http/cves/2022/CVE-2022-0424.yaml by @Kazgangap
• http/vulnerabilities/other/opencart-core-sqli.yaml by @Kazgangap
• http/vulnerabilities/other/quick-cms-sqli.yaml by @Kazgangap
• http/vulnerabilities/other/user-management-system-sqli.yaml by @f0xy
• cloud/aws/acm/acm-cert-expired.yaml by @princechaddha
• cloud/aws/acm/acm-cert-renewal-30days.yaml by @princechaddha
• cloud/aws/acm/acm-cert-renewal-45days.yaml by @princechaddha
• cloud/aws/acm/acm-cert-validation.yaml by @princechaddha
• cloud/aws/acm/acm-wildcard-cert.yaml by @princechaddha
• cloud/aws/aws-code-env.yaml by @princechaddha
• cloud/aws/cloudtrail/cloudtrail-data-events.yaml by @princechaddha
• cloud/aws/cloudtrail/cloudtrail-disabled.yaml by @princechaddha
• cloud/aws/cloudtrail/cloudtrail-dup-logs.yaml by @princechaddha
• cloud/aws/cloudtrail/cloudtrail-global-disabled.yaml by @princechaddha
• cloud/aws/cloudtrail/cloudtrail-integrated-cloudwatch.yaml by @princechaddha
• cloud/aws/cloudtrail/cloudtrail-log-integrity.yaml by @princechaddha
• cloud/aws/cloudtrail/cloudtrail-logs-not-encrypted.yaml by @princechaddha
• cloud/aws/cloudtrail/cloudtrail-mfa-delete.yaml by @princechaddha
• cloud/aws/cloudtrail/cloudtrail-mgmt-events.yaml by @princechaddha
• cloud/aws/cloudtrail/cloudtrail-public-buckets.yaml by @princechaddha
• cloud/aws/cloudtrail/cloudtrail-s3-bucket-logging.yaml by @princechaddha
• cloud/aws/cloudtrail/s3-object-lock-not-enabled.yaml by @princechaddha
• cloud/aws/cloudwatch/cw-alarm-action-set.yaml by @princechaddha
• cloud/aws/cloudwatch/cw-alarms-actions.yaml by @princechaddha
• cloud/aws/ec2/ec2-imdsv2.yaml by @princechaddha
• cloud/aws/ec2/ec2-public-ip.yaml by @princechaddha
• cloud/aws/ec2/ec2-sg-egress-open.yaml by @princechaddha
• cloud/aws/ec2/ec2-sg-ingress.yaml by @princechaddha
• cloud/aws/ec2/ec2-unrestricted-cifs.yaml by @princechaddha
• cloud/aws/ec2/ec2-unrestricted-dns.yaml by @princechaddha
• cloud/aws/ec2/ec2-unrestricted-ftp.yaml by @princechaddha
• cloud/aws/ec2/ec2-unrestricted-http.yaml by @princechaddha
• cloud/aws/ec2/ec2-unrestricted-https.yaml by @princechaddha
• cloud/aws/ec2/ec2-unrestricted-icmp.yaml by @princechaddha
• cloud/aws/ec2/ec2-unrestricted-memcached.yaml by @princechaddha
• cloud/aws/ec2/ec2-unrestricted-mongodb.yaml by @princechaddha
• cloud/aws/ec2/ec2-unrestricted-mssql.yaml by @princechaddha
• cloud/aws/ec2/ec2-unrestricted-mysql.yaml by @princechaddha
• cloud/aws/ec2/ec2-unrestricted-netbios.yaml by @princechaddha
• cloud/aws/ec2/ec2-unrestricted-opensearch.yaml by @princechaddha
• cloud/aws/ec2/ec2-unrestricted-oracle.yaml by @princechaddha
• cloud/aws/ec2/ec2-unrestricted-pgsql.yaml by @princechaddha
• cloud/aws/ec2/ec2-unrestricted-rdp.yaml by @princechaddha
• cloud/aws/ec2/ec2-unrestricted-redis.yaml by @princechaddha
• cloud/aws/ec2/ec2-unrestricted-smtp.yaml by @princechaddha
• cloud/aws/ec2/ec2-unrestricted-ssh.yaml by @princechaddha
• cloud/aws/ec2/ec2-unrestricted-telnet.yaml by @princechaddha
• cloud/aws/ec2/publicly-shared-ami.yaml by @princechaddha
• cloud/aws/ec2/unencrypted-aws-ami.yaml by @princechaddha
• cloud/aws/iam/iam-access-analyzer.yaml by @princechaddha
• cloud/aws/iam/iam-expired-ssl.yaml by @princechaddha
• cloud/aws/iam/iam-full-admin-privileges.yaml by @princechaddha
• cloud/aws/iam/iam-key-rotation-90days.yaml by @princechaddha
• cloud/aws/iam/iam-mfa-enable.yaml by @princechaddha
• cloud/aws/iam/iam-password-policy.yaml by @princechaddha
• cloud/aws/iam/iam-root-mfa.yaml by @princechaddha
• cloud/aws/iam/iam-ssh-keys-rotation.yaml by @princechaddha
• cloud/aws/iam/iam-unapproved-policy.yaml by @princechaddha
• cloud/aws/iam/iam-user-password-change.yaml by @princechaddha
• cloud/aws/iam/ssl-cert-renewal.yaml by @princechaddha
• cloud/aws/rds/aurora-copy-tags-snap.yaml by @princechaddha
• cloud/aws/rds/aurora-delete-protect.yaml by @princechaddha
• cloud/aws/rds/iam-db-auth.yaml by @princechaddha
• cloud/aws/rds/rds-backup-enable.yaml by @princechaddha
• cloud/aws/rds/rds-deletion-protection.yaml by @princechaddha
• cloud/aws/rds/rds-encryption-check.yaml by @princechaddha
• cloud/aws/rds/rds-event-notify.yaml by @princechaddha
• cloud/aws/rds/rds-event-sub-enable.yaml by @princechaddha
• cloud/aws/rds/rds-event-sub.yaml by @princechaddha
• cloud/aws/rds/rds-gp-ssd-usage.yaml by @princechaddha
• cloud/aws/rds/rds-public-snapshot.yaml by @princechaddha
• cloud/aws/rds/rds-public-subnet.yaml by @princechaddha
• cloud/aws/rds/rds-ri-payment-fail.yaml by @princechaddha
• cloud/aws/rds/rds-snapshot-encryption.yaml by @princechaddha
• cloud/aws/s3/s3-access-logging.yaml by @princechaddha
• cloud/aws/s3/s3-auth-fullcontrol.yaml by @princechaddha
• cloud/aws/s3/s3-bucket-key.yaml by @princechaddha
• cloud/aws/s3/s3-bucket-policy-public-access.yaml by @princechaddha
• cloud/aws/s3/s3-mfa-delete-check.yaml by @princechaddha
• cloud/aws/s3/s3-public-read-acp.yaml by @princechaddha
• cloud/aws/s3/s3-public-read.yaml by @princechaddha
• cloud/aws/s3/s3-public-write-acp.yaml by @princechaddha
• cloud/aws/s3/s3-public-write.yaml by @princechaddha
• cloud/aws/s3/s3-server-side-encryption.yaml by @princechaddha
• cloud/aws/s3/s3-versioning.yaml by @princechaddha
• cloud/aws/vpc/nacl-open-inbound.yaml by @princechaddha
• cloud/aws/vpc/nacl-outbound-restrict.yaml by @princechaddha
• cloud/aws/vpc/nat-gateway-usage.yaml by @princechaddha
• cloud/aws/vpc/unrestricted-admin-ports.yaml by @princechaddha
• cloud/aws/vpc/vpc-endpoint-exposed.yaml by @princechaddha
• cloud/aws/vpc/vpc-endpoints-not-deployed.yaml by @princechaddha
• cloud/aws/vpc/vpc-flowlogs-not-enabled.yaml by @princechaddha
• cloud/aws/vpc/vpn-tunnel-down.yaml by @princechaddha
• http/misconfiguration/apple-cups-exposure.yaml by @dhiyaneshdk
• http/misconfiguration/dlink-unauth-cgi-script.yaml by @pussycat0x
• http/misconfiguration/helm-dashboard-exposure.yaml by @dhiyaneshdk
• http/misconfiguration/installer/phpipam-installer.yaml by @dhiyaneshdk
• http/misconfiguration/intelbras-dvr-unauth.yaml by @pussycat0x
• http/misconfiguration/sentinel-license-monitor.yaml by @dhiyaneshdk
• http/misconfiguration/thanos-prometheus-exposure.yaml by @dhiyaneshdk
• http/default-logins/allnet/allnet-default-login.yaml by @ritikchaddha
• http/default-logins/asus/asus-rtn16-default-login.yaml by @ritikchaddha
• http/default-logins/asus/asus-wl500g-default-login.yaml by @ritikchaddha
• http/default-logins/asus/asus-wl520GU-default-login.yaml by @ritikchaddha
• http/default-logins/barco-clickshare-default-login.yaml by @ritikchaddha
• http/exposed-panels/akhq-panel.yaml by @dhiyaneshdk
• http/exposed-panels/algonomia-panel.yaml by @righettod
• http/exposed-panels/beyondtrust-priv-panel.yaml by @righettod
• http/exposed-panels/chemotargets-clarityvista-panel.yaml by @righettod
• http/exposed-panels/mitel-micollab-panel.yaml by @righettod
• http/exposed-panels/mitric-checker-panel.yaml by @righettod
• http/exposed-panels/ni-web-based-panel.yaml by @dhiyaneshdk
• http/exposed-panels/ollama-llm-panel.yaml by @pbuff07
• http/exposed-panels/outsystems-servicecenter-panel.yaml by @righettod
• http/exposed-panels/powerchute-network-panel.yaml by @dhiyaneshdk
• http/exposed-panels/rtm-web-panel.yaml by @dhiyaneshdk
• http/exposed-panels/suprema-biostar-panel.yaml by @ritikchaddha
• http/exposed-panels/tibco-spotfire-panel.yaml by @righettod
• http/exposed-panels/uipath-orchestrator-panel.yaml by @righettod
• http/exposed-panels/urbackup-panel.yaml by @dhiyaneshdk
• http/exposed-panels/zenml-dashboard-panel.yaml by @dhiyaneshdk
• http/exposures/apis/aspnet-soap-webservices-asmx.yaml by @righettod
• http/exposures/apis/redfish-api.yaml by @righettod
• http/exposures/files/ht-deployment.yaml by @Michal-Mikolas
• http/takeovers/gohire-takeover.yaml by @philippedelteil
• http/takeovers/helpdocs-takeover.yaml by @philippedelteil
• http/takeovers/softr-takeover.yaml by @philippedelteil
• http/takeovers/uptime-takeover.yaml by @philippedelteil
• http/technologies/citrix-xenmobile-version.yaml by @pu...

v9.8.1

What's Changed

New Templates Added: 77 | CVEs Added: 29 | First-time contributions: 6

• http/cves/2024/CVE-2024-20767.yaml by @iamnoooob,@rootxharsh,@pdresearch
• http/cves/2024/CVE-2024-27564.yaml by @dhiyaneshdk
• http/cves/2024/CVE-2024-28255.yaml by @dhiyaneshdk,@Iamnooob
• http/cves/2024/CVE-2024-28734.yaml by @Kazgangap
• http/cves/2024/CVE-2024-29059.yaml by @iamnoooob,@rootxharsh,@dhiyaneshdk,@pdresearch
• http/cves/2024/CVE-2024-29269.yaml by @ritikchaddha
• http/cves/2023/CVE-2023-0159.yaml by @c4sper0
• http/cves/2023/CVE-2023-0678.yaml by @princechaddha,@ritikchaddha
• http/cves/2023/CVE-2023-34993.yaml by @dwisiswant0
• http/cves/2023/CVE-2023-47218.yaml by @ritikchaddha
• http/cves/2022/CVE-2022-29013.yaml by @dhiyaneshdk
• http/cves/2022/CVE-2022-32430.yaml by @dhiyaneshdk
• http/cves/2022/CVE-2022-41412.yaml by @null_hypothesis
• http/cves/2021/CVE-2021-46418.yaml by @dhiyaneshdk
• http/cves/2021/CVE-2021-46419.yaml by @dhiyaneshdk
• http/cves/2019/CVE-2019-9632.yaml by @pdteam
• http/cves/2018/CVE-2018-10735.yaml by @dhiyaneshdk
• http/cves/2018/CVE-2018-10736.yaml by @dhiyaneshdk
• http/cves/2018/CVE-2018-10737.yaml by @dhiyaneshdk
• http/cves/2018/CVE-2018-10738.yaml by @dhiyaneshdk
• http/cves/2018/CVE-2018-6605.yaml by @dhiyaneshdk
• http/cves/2018/CVE-2018-7314.yaml by @dhiyaneshdk
• http/cves/2016/CVE-2016-5674.yaml by @dhiyaneshdk
• dast/cves/2018/CVE-2018-19518.yaml by @princechaddha
• dast/cves/2021/CVE-2021-45046.yaml by @princechaddha
• dast/cves/2022/CVE-2022-34265.yaml by @princechaddha
• dast/cves/2022/CVE-2022-42889.yaml by @MorDavid,@princechaddha
• dast/vulnerabilities/cmdi/blind-oast-polyglots.yaml by @pdteam,@geeknik
• dast/vulnerabilities/cmdi/ruby-open-rce.yaml by @pdteam
• dast/vulnerabilities/crlf/cookie-injection.yaml by @pdteam
• dast/vulnerabilities/crlf/crlf-injection.yaml by @pdteam
• dast/vulnerabilities/csti/angular-client-side-template-injection.yaml by @theamanrawat
• dast/vulnerabilities/lfi/lfi-keyed.yaml by @pwnhxl
• dast/vulnerabilities/lfi/linux-lfi-fuzz.yaml by @dhiyaneshdk
• dast/vulnerabilities/lfi/windows-lfi-fuzz.yaml by @pussycat0x
• dast/vulnerabilities/redirect/open-redirect.yaml by @princechaddha
• dast/vulnerabilities/rfi/generic-rfi.yaml by @m4lwhere
• dast/vulnerabilities/sqli/sqli-error-based.yaml by @geeknik,@pdteam
• dast/vulnerabilities/ssrf/blind-ssrf.yaml by @pdteam
• dast/vulnerabilities/ssrf/response-ssrf.yaml by @pdteam,@pwnhxl,@j4vaovo
• dast/vulnerabilities/ssti/reflection-ssti.yaml by @pdteam
• dast/vulnerabilities/xss/dom-xss.yaml by @theamanrawat
• dast/vulnerabilities/xss/reflected-xss.yaml by @pdteam
• dast/vulnerabilities/xxe/generic-xxe.yaml by @pwnhxl
• http/vulnerabilities/dahua/dahua-eims-rce.yaml by @dhiyaneshdk
• http/vulnerabilities/huatian/huatian-oa-sqli.yaml by @ritikchaddha
• http/vulnerabilities/landray/landray-eis-sqli.yaml by @dhiyaneshdk
• http/vulnerabilities/other/voyager-lfi.yaml by @mammad_rahimzada
• javascript/cves/2012/CVE-2012-2122.yaml by @pussycat0x
• javascript/cves/2019/CVE-2019-9193.yaml by @pussycat0x
• javascript/enumeration/minecraft-enum.yaml by @pussycat0x
• javascript/enumeration/pgsql/pgsql-default-db.yaml by @pussycat0x
• javascript/enumeration/pgsql/pgsql-file-read.yaml by @pussycat0x
• javascript/enumeration/pgsql/pgsql-list-database.yaml by @pussycat0x
• javascript/enumeration/pgsql/pgsql-list-password-hashes.yaml by @pussycat0x
• javascript/enumeration/pgsql/pgsql-list-users.yaml by @pussycat0x
• javascript/enumeration/pgsql/pgsql-version-detect.yaml by @pussycat0x
• javascript/misconfiguration/pgsql/pgsql-extensions-rce.yaml by @pussycat0x
• javascript/misconfiguration/pgsql/postgresql-empty-password.yaml by @pussycat0x
• javascript/udp/detection/tftp-detect.yaml by @pussycat0x
• http/default-logins/3com/3Com-wireless-default-login.yaml by @ritikchaddha
• http/default-logins/3ware-default-login.yaml by @ritikchaddha
• http/default-logins/next-terminal/next-terminal-default-login.yaml by @ritikchaddha
• http/exposed-panels/amprion-gridloss-panel.yaml by @righettod
• http/exposed-panels/safenet-authentication-panel.yaml by @righettod
• http/exposed-panels/syfadis-xperience-panel.yaml by @righettod
• http/exposures/configs/deployment-ini.yaml by @michal Mikolas (nanuqcz)
• http/miscellaneous/form-detection.yaml by @pdteam
• http/misconfiguration/https-to-http-redirect.yaml by @kazet
• http/technologies/celebrus-detect.yaml by @righettod
• http/technologies/privatebin-detect.yaml by @righettod
• http/technologies/simplesamlphp-detect.yaml by @righettod
• http/technologies/yourls-detect.yaml by @lstatro
• network/c2/darkcomet-trojan.yaml by @pussycat0x
• network/c2/darktrack-rat-trojan.yaml by @pussycat0x
• network/c2/orcus-rat-trojan.yaml by @pussycat0x
• network/c2/xtremerat-trojan.yaml by @pussycat0x

New Contributors

• @omkar7505 made their first contribution in #9407
• @lstatro made their first contribution in #9473
• @null-hyp0thesis made their first contribution in #9497
• @memmedrehimzade made their first contribution in #9463
• @denandz made their first contribution in #9480
• @hossamshady11 made their first contribution in #9514

Full Changelog: v9.8.0...v9.8.1

v9.8.0 - Catch 'Em All: Network Vulnerabilities

🔥 Release Highlights 🔥

We're thrilled to share that with the launch of Nuclei Templates version 9.8.0, we've broadened our scope in network security checks. Our template library now boasts over 8,000 entries, encompassing more than 7,202 templates for web applications. This collection includes 2,200 web-related CVEs and features more than 850 templates aimed at identifying web vulnerabilities.

With the help of active community contributions, we have been adding all the latest web CVEs and vulnerabilities in the wild. While we continue to do so, we are focused on expanding our template offerings to include network vulnerabilities, providing the most comprehensive scanning.

With this release, we're inviting contributors to aid us in enriching our network vulnerability detection, facilitated by the new JS protocol. This makes it simpler to incorporate network checks through the newly introduced JS modules. For guidance on crafting JS templates, check out our documentation here.

Next, we are aiming to expand coverage of LDAP and Kerberos related checks. We are looking forward to getting more contributions from the community

What's Changed

New Templates Added: 85 | CVEs Added: 8 | First-time contributions: 5

• http/cves/2023/CVE-2023-49785.yaml by @high 🔥
• http/cves/2023/CVE-2023-5830.yaml by @mbb5546
• http/cves/2023/CVE-2023-5914.yaml by @dhiyaneshdk
• http/cves/2023/CVE-2023-6114.yaml by @dhiyaneshdk
• http/cves/2023/CVE-2023-6567.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
• http/cves/2024/CVE-2024-1212.yaml by @dhiyaneshdk 🔥
• http/cves/2024/CVE-2024-1698.yaml by @dhiyaneshdk
• http/cves/2024/CVE-2024-27954.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
• javascript/audit/mysql/mysql-load-file.yaml by @pussycat0x
• javascript/enumeration/mysql/mysql-default-login.yaml by @dhiyaneshdk,@pussycat0x,@ritikchaddha
• javascript/enumeration/mysql/mysql-info.yaml by @pussycat0x
• javascript/enumeration/mysql/mysql-show-databases.yaml by @dhiyaneshdk
• javascript/enumeration/mysql/mysql-show-variables.yaml by @dhiyaneshdk
• javascript/enumeration/mysql/mysql-user-enum.yaml by @pussycat0x
• javascript/enumeration/pop3/pop3-capabilities-enum.yaml by @pussycat0x
• javascript/enumeration/redis/redis-info.yaml by @dhiyaneshdk
• javascript/enumeration/redis/redis-require-auth.yaml by @dhiyaneshdk
• javascript/enumeration/rsync/rsync-version.yaml by @dhiyaneshdk
• javascript/enumeration/smb/smb-default-creds.yaml by @pussycat0x
• javascript/enumeration/smb/smb-enum-domains.yaml by @dhiyaneshdk
• javascript/enumeration/smb/smb-os-detect.yaml by @pussycat0x
• javascript/enumeration/smb/smb-version-detect.yaml by @pussycat0x
• javascript/enumeration/smb/smb2-server-time.yaml by @dhiyaneshdk
• javascript/misconfiguration/mysql/mysql-empty-password.yaml by @dhiyaneshdk
• http/vulnerabilities/esafenet/esafenet-mysql-fileread.yaml by @dhiyaneshdk
• http/vulnerabilities/idoc/idocview-2word-fileupload.yaml by @dhiyaneshdk
• http/vulnerabilities/idoc/idocview-lfi.yaml by @dhiyaneshdk
• http/vulnerabilities/landray/landray-eis-ws-infoleak.yaml by @fur1na
• http/vulnerabilities/other/office365-indexs-fileread.yaml by @dhiyaneshdk
• http/vulnerabilities/other/ups-network-lfi.yaml by @Kazgangap
• http/default-logins/ispconfig-default-login.yaml by @pussycat0x
• http/misconfiguration/installer/posteio-installer.yaml by @ritikchaddha
• http/exposures/files/generic-db.yaml by @michal Mikolas (nanuqcz)
• http/exposed-panels/bynder-panel.yaml by @righettod
• http/exposed-panels/c2/ares-rat-c2.yaml by @pussycat0x
• http/exposed-panels/c2/caldera-c2.yaml by @pussycat0x
• http/exposed-panels/c2/hack5-cloud-c2.yaml by @pussycat0x
• http/exposed-panels/c2/pupyc2.yaml by @pussycat0x
• http/exposed-panels/c2/supershell-c2.yaml by @pussycat0x
• http/exposed-panels/cisco/cisco-expressway-panel.yaml by @righettod
• http/exposed-panels/emqx-panel.yaml by @righettod
• http/exposed-panels/fortinet/forticlientems-panel.yaml by @h4sh5
• http/exposed-panels/fortinet/fortiwlm-panel.yaml by @EgemenKochisarli
• http/exposed-panels/neocase-hrportal-panel.yaml by @righettod
• http/exposed-panels/osnexus-panel.yaml by @charles D.
• http/exposed-panels/posteio-admin-panel.yaml by @ritikchaddha
• http/exposed-panels/skeepers-panel.yaml by @righettod
• http/exposed-panels/softether-vpn-panel.yaml by @bhutch
• network/detection/wing-ftp-detect.yaml by @ritikchaddha
• ssl/c2/venomrat.yaml by @pussycat0x
• http/osint/phishing/kakao-login-phish.yaml by @hahwul
• http/osint/phishing/naver-login-phish.yaml by @hahwul
• http/technologies/directus-detect.yaml by @ricardomaia
• http/technologies/microsoft/aspnet-version-detect.yaml by @Lucky0x0D,@PulseSecurity.co.nz
• http/technologies/microsoft/aspnetmvc-version-disclosure.yaml by @Lucky0x0D,@PulseSecurity.co.nz
• http/technologies/wing-ftp-service-detect.yaml by @ritikchaddha
• dns/soa-detect.yaml by @rxerium
• dns/spf-record-detect.yaml by @rxerium
• dns/txt-service-detect.yaml by @rxerium
• file/keys/dependency/dependency-track.yaml by @dhiyaneshdk
• file/keys/docker/dockerhub-pat.yaml by @dhiyaneshdk
• file/keys/doppler/doppler-audit.yaml by @dhiyaneshdk
• file/keys/doppler/doppler-cli.yaml by @dhiyaneshdk
• file/keys/doppler/doppler-scim.yaml by @dhiyaneshdk
• file/keys/doppler/doppler-service-account.yaml by @dhiyaneshdk
• file/keys/doppler/doppler-service.yaml by @dhiyaneshdk
• file/keys/dropbox/dropbox-access.yaml by @dhiyaneshdk
• file/keys/huggingface/huggingface-user-access.yaml by @dhiyaneshdk
• file/keys/linkedin/linkedin-client.yaml by @dhiyaneshdk
• file/keys/linkedin/linkedin-secret.yaml by @dhiyaneshdk
• file/keys/newrelic/newrelic-api-service.yaml by @dhiyaneshdk
• file/keys/newrelic/newrelic-license-non.yaml by @dhiyaneshdk
• file/keys/newrelic/newrelic-license.yaml by @dhiyaneshdk
• file/keys/odbc/odbc-connection.yaml by @dhiyaneshdk
• file/keys/okta/okta-api.yaml by @dhiyaneshdk
• file/keys/particle/particle-access.yaml by @dhiyaneshdk
• file/keys/react/reactapp-password.yaml by @dhiyaneshdk
• file/keys/react/reactapp-username.yaml by @dhiyaneshdk
• file/keys/salesforce/salesforce-access.yaml by @dhiyaneshdk
• file/keys/thingsboard/thingsboard-access.yaml by @dhiyaneshdk
• file/keys/truenas/truenas-api.yaml by @dhiyaneshdk
• file/keys/twitter/twitter-client.yaml by @dhiyaneshdk
• file/keys/twitter/twitter-secret.yaml by @dhiyaneshdk,@gaurang,@daffainfo
• file/keys/wireguard/wireguard-preshared.yaml by @dhiyaneshdk
• file/keys/wireguard/wireguard-private.yaml by @dhiyaneshdk

B636160776167737022757F6025667965636562702C6C6967702275667275637024627F636379644022757F602E6F602C656E6E61686360237564716C607D65647D29656C63657E60256864702E6960222C6C61402D654720286364716342202567616373756D602F64702E6F63727560702473727966602568645 🐛

New Contributors

• @EgemenKochisarli made their first contribution in #9353
• @s-kali made their first contribution in #9357
• @Facucuervo87 made their first contribution in #9254
• @h4sh5 made their first contribution in #9350
• @Kazgangap made their first contribution in #9395

Full Changelog: v9.7.8...v9.8.0