跳转至

安全资讯日报 2026-05-09

每日安全简报:2026-05-09

高危漏洞

  1. CVE-2026-42208 BerriAI LiteLLM SQL注入漏洞
  2. 风险:high / 分数:90
  3. 来源:CISA KEV
  4. 摘要:BerriAI LiteLLM 包含一个 SQL 注入漏洞,允许攻击者从代理的数据库读取数据并可能对其进行修改,从而导致对代理及其管理的凭据进行未经授权的访问。
  5. 命中:CVE, Auth bypass/Unauth, High priority source, CISA KEV

  6. 链接:https://www.cisa.gov/known-exploited-vulnerabilities-catalog

  7. [webapps] FUXA 1.2.8 - 身份验证绕过 + RCE 漏洞

  8. 风险:high / 分数:85
  9. 来源:Exploit-DB
  10. 摘要:FUXA 1.2.8 - 身份验证绕过 + RCE 漏洞
  11. 命中:RCE, PoC/Exploit, Auth bypass/Unauth, High priority source
  12. 链接:https://www.exploit-db.com/exploits/52544

PoC / Exploit

  1. [webapps] Bludit CMS 3.18.4 - RCE
  2. 风险:medium / 分数:40
  3. 来源:Exploit-DB
  4. 摘要:Bludit CMS 3.18.4 - RCE
  5. 命中:RCE, High priority source

  6. 链接:https://www.exploit-db.com/exploits/52553

  7. [硬件] Linksys E1200 2.0.04 - 经过身份验证的堆栈缓冲区溢出 (RCE)

  8. 风险:medium / 分数:40
  9. 来源:Exploit-DB
  10. 摘要:Linksys E1200 2.0.04 - 经过身份验证的堆栈缓冲区溢出 (RCE)
  11. 命中:RCE, High priority source

  12. 链接:https://www.exploit-db.com/exploits/52548

  13. [webapps] HUSTOJ Zip-Slip v26.01.24 - RCE

  14. 风险:medium / 分数:40
  15. 来源:Exploit-DB
  16. 摘要:HUSTOJ Zip-Slip v26.01.24 - RCE
  17. 命中:RCE, High priority source

  18. 链接:https://www.exploit-db.com/exploits/52539

  19. [webapps] SumatraPDF 3.5.2 - 远程代码执行

  20. 风险:medium / 分数:40
  21. 来源:Exploit-DB
  22. 摘要:SumatraPDF 3.5.2 - 远程代码执行
  23. 命中:RCE, High priority source

  24. 链接:https://www.exploit-db.com/exploits/52535

  25. [webapps] Frigate NVR 0.16.3 - 远程代码执行

  26. 风险:medium / 分数:40
  27. 来源:Exploit-DB
  28. 摘要:Frigate NVR 0.16.3 - 远程代码执行
  29. 命中:RCE, High priority source

  30. 链接:https://www.exploit-db.com/exploits/52533

  31. [webapps] Js2Py 0.74 - RCE

  32. 风险:medium / 分数:40
  33. 来源:Exploit-DB
  34. 摘要:Js2Py 0.74 - 远程代码执行
  35. 命中:RCE, High priority source

  36. 链接:https://www.exploit-db.com/exploits/52532

  37. [webapps] Erugo 0.2.14 - 远程代码执行(RCE)

  38. 风险:medium / 分数:40
  39. 来源:Exploit-DB
  40. 摘要:Erugo 0.2.14 - 远程代码执行(RCE)
  41. 命中:RCE, High priority source

  42. 链接:https://www.exploit-db.com/exploits/52529

  43. [webapps] Craft CMS 5.6.16 - RCE

  44. 风险:medium / 分数:40
  45. 来源:Exploit-DB
  46. 摘要:Craft CMS 5.6.16 - RCE
  47. 命中:RCE, High priority source

  48. 链接:https://www.exploit-db.com/exploits/52525

  49. [本地] OpenWrt 23.05 - 经过身份验证的远程代码执行(RCE)

  50. 风险:medium / 分数:40
  51. 来源:Exploit-DB
  52. 摘要:OpenWrt 23.05 - 经过身份验证的远程代码执行 (RCE)
  53. 命中:RCE, High priority source

  54. 链接:https://www.exploit-db.com/exploits/52521

  55. [webapps] GUnet OpenEclass 电子学习平台 < 4.2 - 远程代码执行 (RCE)

  56. 风险:medium / 分数:40
  57. 来源:Exploit-DB
  58. 摘要:GUnet OpenEclass 电子学习平台 < 4.2 - 远程代码执行 (RCE)
  59. 命中:RCE, High priority source

  60. 链接:https://www.exploit-db.com/exploits/52519

  61. [webapps] JuzaWeb CMS 3.4.2 - 经过身份验证的远程代码执行

  62. 风险:medium / 分数:40
  63. 来源:Exploit-DB
  64. 摘要:JuzaWeb CMS 3.4.2 - 经过身份验证的远程代码执行
  65. 命中:RCE, High priority source

  66. 链接:https://www.exploit-db.com/exploits/52518

  67. [webapps] Xibo CMS 4.3.0 - 通过 SSTI 进行 RCE

  68. 风险:medium / 分数:40
  69. 来源:Exploit-DB
  70. 摘要:Xibo CMS 4.3.0 - 通过 SSTI 进行 RCE
  71. 命中:RCE, High priority source

  72. 链接:https://www.exploit-db.com/exploits/52516

  73. [webapps] LangChain Core 1.2.4 - SSTI/RCE

  74. 风险:medium / 分数:40
  75. 来源:Exploit-DB
  76. 摘要:LangChain Core 1.2.4 - SSTI/RCE
  77. 命中:RCE, High priority source

  78. 链接:https://www.exploit-db.com/exploits/52514

  79. [webapps] React Server 19.2.0 - 远程代码执行

  80. 风险:medium / 分数:40
  81. 来源:Exploit-DB
  82. 摘要:React Server 19.2.0 - 远程代码执行
  83. 命中:RCE, High priority source
  84. 链接:https://www.exploit-db.com/exploits/52506

攻防文章

  1. Pixel 9 的 0-click 漏洞利用链第 1 部分:解码杜比
  2. 风险:medium / 分数:75
  3. 来源:Project Zero
  4. 摘要:在过去的几年里,手机中添加了一些人工智能功能,使用户可以更好地搜索和理解他们的消息。此更改的一个影响是增加了零点击攻击面,因为有效的分析通常需要在用户打开消息之前对消息媒体进行解码。其中一项功能是音频转录。 Google Messages 收到的传入 SMS 和 RCS 音频附件现在会自动解码,无需用户交互。因此,音频解码器现在处于大多数 Android 手机的 0-click 攻击面中。我花了相当多的时间研究这些解码器,首先在三星设备上的 Monkey’s Audio 编解码器中报告了 CVE-2025-49415。根据这项研究,团队审查了杜比统一解码器,我和 Ivan Fratric 报告了 CVE-2025-54957。此漏洞很可能存在于当今使用的大多数 Android 设备的 0 点击攻击面中。与此同时,Seth Jenkins 调查了可从 Pixel 9 上运行解码器的沙箱访问的驱动程序,并报告了 CVE-2025-36934。
  5. 命中:CVE, PoC/Exploit, Key product, High priority source

  6. 链接:https://projectzero.google/2026/01/pixel-0-click-part-1.html

  7. Pixel 9 的 0-click 漏洞利用链第 2 部分:大波破解沙盒

  8. 风险:medium / 分数:65
  9. 来源:Project Zero
  10. 摘要:随着潜在的杜比统一解码器 RCE 漏洞的出现,明智的做法是查看可以从生成的用户区上下文(即媒体编解码器上下文)访问哪种 Linux 内核驱动程序。根据 AOSP 文档,mediacodec SELinux 上下文旨在成为使用非安全软件解码器的受限(也称为沙箱)上下文。尽管如此,使用我的 DriverCartographer 工具,我发现了一个有趣的设备驱动程序,/dev/bigwave,可以从 mediacodec SELinux 上下文访问它。 BigWave 是 Pixel SOC 上的硬件,可加速 AV1 解码任务,这解释了为什么可以从媒体编解码器上下文访问它。正如之前的研究充分证实的那样,硬件设备的 Android 驱动程序是发现强大的本地权限升级错误的主要场所。 BigWave 驱动程序也不例外 - 经过几个小时的代码审核,我发现了三个独立的错误,其中一个错误足以逃脱媒体编解码器沙箱并在 Pixel 9 上实现内核任意读/写。
  11. 命中:RCE, PoC/Exploit, High priority source

  12. 链接:https://projectzero.google/2026/01/pixel-0-click-part-2.html

  13. 论变异语法模糊测试的有效性

  14. 风险:medium / 分数:60
  15. 来源:Project Zero
  16. 摘要:突变语法模糊测试是一种模糊测试技术,其中模糊器使用描述样本结构的预定义语法。当样本发生突变时,突变的发生方式使得任何生成的样本仍然遵守语法规则,因此样本的结构通过突变过程得以维持。在覆盖引导的语法模糊测试中,如果生成的样本(突变后)触发了以前未见过的代码覆盖率,则该样本将保存到样本语料库中并用作未来突变的基础。事实证明,该技术能够发现复杂的问题,并且我过去曾成功地使用过它,包括发现 Web 浏览器中的 XSLT 实现中的问题,甚至是 JIT 引擎错误。然而,尽管该方法很有效,但它并非没有缺陷,对于临时模糊器用户来说,这些缺陷可能并不明显。在这篇博文中,我将介绍我认为突变覆盖引导的语法模糊测试方法的缺陷。我还将描述我在模糊测试中使用的一种非常简单但有效的技术来应对这些缺陷。
  17. 命中:RCE, Key product, High priority source

  18. 链接:https://projectzero.google/2026/03/mutational-grammar-fuzzing.html

  19. 在 Java 源代码字符串中隐藏有效负载

  20. 风险:medium / 分数:60
  21. 来源:PortSwigger Research
  22. 摘要:在这篇文章中,我们将向您展示 Java 如何以您可能会感到惊讶的方式处理源代码字符串中的 unicode 转义,以及如何滥用它们来隐藏有效负载。我们最近发布了一个强大的
  23. 命中:RCE, Key product, High priority source

  24. 链接:https://portswigger.net/research/hiding-payloads-in-java-source-code-strings

  25. 打破音障,第二部分:利用 CVE-2024-54529

  26. 风险:medium / 分数:55
  27. 来源:Project Zero
  28. 摘要:在本系列的第一部分中,我详细介绍了 macOS 安全研究之旅,通过我称之为知识驱动模糊测试的过程,在 coreaudiod 系统守护程序中发现了类型混淆漏洞 (CVE-2024-54529) 和双重释放漏洞 (CVE-2025-31235)。第一篇文章重点介绍了发现漏洞的过程,而这篇文章则深入探讨了利用类型混淆漏洞的复杂过程。我将解释将潜在可利用的崩溃转变为有效利用的技术细节:充满死胡同的旅程,创造性地解决问题,并最终取得成功。漏洞:快速回顾 如果您还没有阅读过,我强烈建议您先阅读我关于此漏洞的详细文章,然后再继续。回顾一下,CVE-2024-54529 是 coreaudiod 进程使用的 CoreAudio 框架中 com.apple.audio.audiohald Mach 服务中的类型混淆漏洞。多个 Mach 消息处理程序(例如 _XIOContext_Fetch_Workgroup_Port)将根据 Mach 消息中的 ID 从对象映射中获取 HALS_Object,然后对其执行操作,假设它是未经适当验证的特定类型 (ioct)。
  29. 命中:CVE, PoC/Exploit, High priority source

  30. 链接:https://projectzero.google/2026/01/sound-barrier-2.html

  31. Pixel 9 的零点击漏洞利用链第 3 部分:我们该何去何从?

  32. 风险:medium / 分数:55
  33. 来源:Project Zero
  34. 摘要:虽然我们的前两篇博客文章提供了技术建议,以增加攻击者开发 0 点击漏洞利用链所需的努力,但我们发现、报告和利用这些漏洞的经验凸显了 Android 生态系统中的一些更广泛的问题。这篇文章描述了我们遇到的问题以及改进的建议。音频攻击面 由于 Google Messages 应用程序中的音频转录,杜比 UDC 是大多数 Android 设备的 0-click 攻击面的一部分。传入的音频消息在用户与消息交互之前被转录。在 Pixel 9 上,第二个进程 com.google.android.tts 也会解码传入的音频。其目的尚不完全清楚,但似乎与使传入消息可搜索有关。
  35. 命中:PoC/Exploit, Key product, High priority source

  36. 链接:https://projectzero.google/2026/01/pixel-0-click-part-3.html

  37. 脆弱的锁:SAML 身份验证的新颖绕过方法

  38. 风险:medium / 分数:55
  39. 来源:PortSwigger Research
  40. 摘要:TLDR 这篇文章展示了如何通过利用多个解析器级别的不一致,在 Ruby 和 PHP SAML 生态系统中实现完全身份验证绕过:包括属性污染、命名空间混淆
  41. 命中:PoC/Exploit, Auth bypass/Unauth, High priority source

  42. 链接:https://portswigger.net/research/the-fragile-lock

  43. SAML 轮盘赌:黑客总是赢家

  44. 风险:medium / 分数:55
  45. 来源:PortSwigger Research
  46. 摘要:简介 在这篇文章中,我们将准确展示如何通过利用 ruby​​-saml 库来链接往返攻击和名称空间混淆,以在 GitLab Enterprise 上实现未经身份验证的管理员访问
  47. 命中:PoC/Exploit, Auth bypass/Unauth, High priority source

  48. 链接:https://portswigger.net/research/saml-roulette-the-hacker-always-wins

  49. 必须缓存所有内容:打破网络缓存利用的规则

  50. 风险:medium / 分数:55
  51. 来源:PortSwigger Research
  52. 摘要:多年来,我们看到许多攻击利用网络缓存来劫持敏感信息或存储恶意负载。然而,随着 CDN 变得越来越流行,专有技术之间出现了新的差异
  53. 命中:PoC/Exploit, Key product, High priority source
  54. 链接:https://portswigger.net/research/gotta-cache-em-all

工具更新

  1. Nuclei 模板 v10.4.3 - 发行说明
  2. 风险:high / 分数:100
  3. 来源:nuclei-templates releases
  4. 摘要:

    New Templates Added: 105 | CVEs Added: 62 | First-time contributions: 12

🔥 Release Highlights 🔥

What's Changed

Bug Fixes

  • CI: migrated nuclei GitHub action to native Node.js runtime (PR #16061, PR #16049).
  • Removed duplicate template for BeyondTrust (PR #16024).
  • Removed duplicate matcher line in roundcube-log-disclosure.yaml (PR #16042).
  • Corrected invalid cve-id classification field values across templates (PR #16023).
  • Fixed invalid CPE format strings across templates (PR #15991, PR #15828).
  • Fixed tag formatting in CVE-2024-57727, CVE-2023-38875, CVE-2023-24322 (PR #15989, PR #15897, PR #15899).
  • Corrected YAML formatting in Retool postMessage XSS template (PR #15952).
  • Fixed file path for CVE-2026-2262 (PR #15998).
  • Renamed joomla-htaccess.yaml → joomla-htaccess-file.yaml for clarity (PR #15987).
  • Renamed contrastapi-domain-recon.yaml to correct directory (PR #16025).
  • Renamed and updated superset-default-login.yaml (PR #15822).
  • Release preparation for Nuclei Templates v10.4.2 (PR #15920).

False Negatives

  • Fixed FN in tomcat-default-login by ordering payloads to avoid LockOutRealm shunning (PR #16053, Issue #15382).

False Positives

  • Reduced false positives and improved accuracy in the following templates:
    • ingress-nginx-valid-admission.yaml — added 200-status guard for verbose-debug PHP frameworks (PR #16046, Issue #14248).
    • CVE-2024-2473 — verify hidden login URL disclosure to avoid FP on WPS Hide Login (PR #15985, Issue #15871).
    • CVE-2019-5544 — fix FP triggered when port 427 is closed (PR #15979, Issue #15098).
    • CVE-2023-45648 — bound Tomcat version regex (PR #15459, Issue #15566).
    • ldap-anonymous-login-detect.yaml — honor Port parameter instead of forcing 389 (PR #15430, Issue #14736).
    • sentry-panel — added title check to prevent FP (PR #15984).

Enhancements

  • Added Microsoft domain to mx-service-detector (PR #16030).
  • Added registrar extractors to rdap-whois template (PR #15908).
  • Added references to CVE-2020-15718 (PR #16058).
  • Updated mitel-version-detect.yaml (PR #15839).
  • Linked CVE-2021-31589 to existing beyond-trust-xss.yaml (Issue #15273).

Templates Added

  • [CVE-2026-42167] ProFTPD mod_sql - Preauth User Backdoor (@pussycat0x) [high] 🔥
  • [CVE-2026-42031] CKAN DataStore SQL Search - SQL Injection (@theamanrawat) [high]
  • [CVE-2026-41940] cPanel & WHM - Auth Bypass via Session-File CRLF Injection (@watchtowr, @hadrian.io, @dhiyaneshdk) [critical] (kev) (vKEV) 🔥
  • [CVE-2026-41641] NocoBase - SQL Injection (@theamanrawat) [high]
  • [CVE-2026-41640] NocoBase - SQL Injection (@theamanrawat) [high]
  • [CVE-2026-41179] RClone RC - Command Injection (@theamanrawat) [critical] 🔥
  • [CVE-2026-41176] Rclone RC - Broken Access Control (@theamanrawat) [critical] 🔥
  • [CVE-2026-40887] Vendure Core - SQL Injection (@theamanrawat) [critical]
  • [CVE-2026-40466] Apache ActiveMQ - RCE via HTTP Discovery Transport Bypass (@dhiyaneshdk) [high] 🔥
  • [CVE-2026-40308] My Calendar WordPress Plugin - Information Disclosure (@theamanrawat) [high]
  • [CVE-2026-40242] Arcane <= 1.17.2 - Server-Side Request Forgery (@0x_Akoko) [high]
  • [CVE-2026-40105] XWiki - Cross-Site Scripting (@ritikchaddha) [medium] 🔥
  • [CVE-2026-39808] Fortinet FortiSandbox - Command Injection (@dhiyaneshdk) [critical] 🔥
  • [CVE-2026-39363] Vite Dev Server - Arbitrary File Read (@theamanrawat) [high] 🔥
  • [CVE-2026-39339] ChurchCRM - API Authentication Bypass via URL Injection (@AkhilShekhar) [critical]
  • [CVE-2026-35029] LiteLLM - Arbitrary File Read (@theamanrawat) [high] 🔥
  • [CVE-2026-33626] LMDeploy - Server-Side Request Forgery (@theamanrawat) [high] (kev) (vKEV) 🔥
  • [CVE-2026-33439] OpenAM <= 16.0.5 - Pre-Auth RCE via jato.clientSession Deserialization (@dhiyaneshdk) [critical] 🔥
  • [CVE-2026-33057] Mesop AI Sandbox <= 1.2.2 - Remote Code Execution (@sammiee5311, @liyander) [critical]
  • [CVE-2026-33032] Nginx UI - Broken Access Control (@dhiyaneshdk) [critical] (kev) (vKEV) 🔥
  • [CVE-2026-33017] Langflow < 1.9.0 - Remote Code Execution (@himind) [critical] (kev) (vKEV) 🔥
  • [CVE-2026-28409] WeGIA <= 3.6.4 - Remote Code Execution (@0x_Akoko) [critical]
  • [CVE-2026-27176] MajorDoMo - Cross-Site Scripting (@dhiyaneshdk) [medium]
  • [CVE-2026-27174] MajorDoMo - Unauthenticated RCE (@0x_Akoko) [critical] (kev) (vKEV) 🔥
  • [CVE-2026-24423] SmarterMail - Remote Code Execution (@jyoti369) [critical] (kev) (vKEV) 🔥
  • [CVE-2026-23486] Blinko <= 1.8.3 - User Information Leak (@0x_Akoko) [low]
  • [CVE-2026-23483] Blinko <= 1.8.3 - Path Traversal via /plugins (@tx1ee) [medium]
  • [CVE-2026-23482] Blinko < 1.8.4 - Path Traversal (@tx1ee) [high]
  • [CVE-2026-21484] AnythingLLM - Username Enumeration via Password Recovery (@dhiyaneshdk) [medium] 🔥
  • [CVE-2026-4631] Cockpit Web Console < 360 - Remote Code Execution (@dhiyaneshdk) [critical] 🔥
  • [CVE-2026-3844] Breeze <= 2.4.4 - Arbitrary File Upload (@theamanrawat, @ritikchaddha) [critical] (kev) (vKEV) 🔥
  • [CVE-2026-2262] Easy Appointments <= 3.12.21 - Information Disclosure (@0x_Akoko) [high]
  • [CVE-2026-1368] Video Conferencing with Zoom API < 4.6.6 - Unauthenticated SDK Signature Generation (@0x_Akoko) [high]
  • [CVE-2026-1314] WordPress 3D FlipBook <= 1.16.17 - Information Disclosure (@theamanrawat) [medium]
  • [CVE-2026-0560] LolLMS < 2.2.0 - Server-Side Request Forgery (@ritikchaddha) [high]
  • [CVE-2025-69411] ionCube Tester Plus <= 1.3 - Local File Inclusion (@pussycat0x) [high]
  • [CVE-2025-62039] AI ChatBot with ChatGPT by AYS <= 2.6.6 - Unauthenticated API Key Exposure (@pussycat0x) [high]
  • [CVE-2025-59582] Ajax Load More < 7.6.1 - Unauthenticated Sensitive Information Exposure (@pussycat0x) [medium]
  • [CVE-2025-59342] esm.sh <= v136 - Arbitrary File Write via Path Traversal (@0x_Akoko) [medium]
  • [CVE-2025-59341] esm.sh <= v136 - Local File Inclusion (@0x_Akoko) [high]
  • [CVE-2025-59136] WordPress Gerencianet Oficial <= 3.1.3 - Unauthenticated Order Status Disclosure (@pussycat0x) [medium]
  • [CVE-2025-58226] WordPress 3D FlipBook Plugin <= 1.16.17 - Sensitive Information Exposure (@pussycat0x) [medium]
  • [CVE-2025-49002] DataEase - Remote Code Execution (@weqi) [high]
  • [CVE-2025-41242] Spring Framework - Path Traversal (@dhiyaneshdk) [medium] 🔥
  • [CVE-2025-32395] Vite - Path Traversal (@ChrisJr404) [medium] 🔥
  • [CVE-2025-23211] Tandoor Recipes < 1.5.24 - Jinja2 SSTI RCE (@sammiee5311) [critical]
  • [CVE-2025-13801] Yoco Payments <= 3.8.8 - Path Traversal (@0x_Akoko) [high]
  • [CVE-2025-13390] WP Directory Kit <= 1.4.4 - Authentication Bypass (@maxthepm) [critical] (kev) (vKEV) 🔥
  • [CVE-2025-11693] Export WP Page to Static HTML <= 4.3.4 - Cookie Exposure (@0x_Akoko) [critical]
  • [CVE-2025-10897] WooCommerce Designer Pro <= 1.9.28 - Arbitrary File Read (@0x_Akoko) [high]
  • [CVE-2025-10162] WordPress OrderConvo < 14 - Path Traversal (@0x_Akoko) [high]
  • [CVE-2025-9209] RestroPress 3.0.0-3.2.1 - Authentication Bypass (@0x_Akoko) [critical]
  • [CVE-2025-4524] WordPress Madara Theme < 2.2.2.1 - Local File Inclusion (@0x_Akoko) [high]
  • [CVE-2025-1361] IP2Location Country Blocker < 2.38.9 - Unauthenticated Information Disclosure (@pussycat0x) [high]
  • [CVE-2024-38773] FormLift for Infusionsoft Web Forms <= 7.5.17 - SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2024-32825] Simply Static - Information Disclosure (@pussycat0x) [medium]
  • [CVE-2024-26291] Avid NEXIS Agent - Arbitrary File Read (@dhiyaneshdk) [high]
  • [CVE-2023-49438] Python Flask-Security-Too <=5.3.2 - Open Redirect (@ritikchaddha) [medium] 🔥
  • [CVE-2021-45328] Gitea < 1.4.3 - Open Redirect (@ritikchaddha) [medium] 🔥
  • [CVE-2021-26947] Odoo <= 15.0 - Cross-Site Scripting (@ritikchaddha) [medium] 🔥
  • [CVE-2021-3152] Home Assistant HACS - Local File Inclusion (@dhiyaneshdk) [high] 🔥
  • [CVE-2017-6478] MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting (@0xr2r) [medium]
  • [default-admin-account-enabled] Default Administrator Account Enabled (@boonchuan) [medium]
  • [office-macros-not-restricted] Microsoft Office Macros Not Restricted (@boonchuan) [high]
  • [windows-auto-update-disabled] Windows Automatic Updates Disabled (@boonchuan) [high]
  • [apache-casbin-mcp-gateway-default-login] Apache Casbin MCP Gateway - Default Login (@icarot) [high]
  • [avaya-phone-default-login] Avaya Phone Web Interface - Default Login (@tpierru) [high]
  • [claris-filemaker-panel] Claris FileMaker Server Admin Console - Detect (@s4e-io) [info]
  • [device42-panel] Device42 Panel - Detect (@righettod) [info]
  • [fortisandbox-panel] Fortinet FortiSandbox Panel - Detect (@umut ÖZEN) [info]
  • [fortisandbox-panel] FortiSandbox Panel - Detect (@rxerium) [info]
  • [mealie-panel] Mealie Panel - Detect (@ChrisJr404) [info]
  • [openbao-webui-detect] OpenBao Web UI Panel - Detect (@ritikchaddha) [info]
  • [outline-panel] Outline Panel - Detect (@ChrisJr404) [info]
  • [paperless-ngx-panel] Paperless-ngx Panel - Detect (@ChrisJr404) [info]
  • [supabase-studio-panel] Supabase Studio Panel - Detect (@ChrisJr404) [info]
  • [typesense-search-server] Typesense Search Server - Detect (@ChrisJr404) [info]
  • [chroma-api-exposure] ChromaDB - Unauthenticated API Exposure (@pussycat0x) [medium]
  • [weglot-api-key-exposure] Weglot API Key - Exposed (@0x_Akoko) [medium]
  • [prisma-schema-exposure] Exposed Prisma Database Schema - Exposure (@umut ÖZEN) [medium]
  • [contrastapi-domain-recon] ContrastAPI Domain Reconnaissance (@UPinar) [info]
  • [contrastapi-ip-recon] ContrastAPI IP Reconnaissance (@UPinar) [info]
  • [apache-skywalking-dashboard] Apache SkyWalking - Dashboard (@icarot) [high]
  • [chainlit-unauth-access] Chainlit - Unauthenticated Access (@pussycat0x) [low]
  • [chatwoot-installer] Chatwoot - Installation (@0x_Akoko) [high]
  • [chromadb-installer] ChromaDB Installer - Detected (@pussycat0x) [info]
  • [filestash-installer] Filestash - Installer Exposure (@dhiyaneshdk) [high]
  • [krayin-installer] Krayin CMS - Installer (@theamanrawat) [high]
  • [supabase-studio-exposure] Supabase Studio - Exposure (@theamanrawat) [high]
  • [download-monitor-unauth-log-export] Download Monitor < 1.9.7 - Unauthenticated Download Log Export (@0x_Akoko) [high]
  • [apache-casbin-mcp-gateway-detect] Apache Casbin MCP Gateway - Detection (@icarot) [info]
  • [browserless-swagger-detect] Browserless API Swagger - Detect (@theamanrawat) [info]
  • [inertiajs-detect] Inertia.js - Detect (@antonkulyk) [info]
  • [nginx-opencloudos-test-page] Nginx Test Page for OpenCloudOS (@pussycat0x) [info]
  • [vendure-detect] Vendure - Detect (@theamanrawat) [info]
  • [gitea-open-redirect-bypass] Gitea < 1.21.0 - Open Redirect (@ritikchaddha) [medium]
  • [odoo-login-redirect] Reflected Odoo - Open Redirect (@dhiyaneshdk) [low]
  • [retool-postmessage-xss] Retool Self-Hosted - postMessage XSS via Custom Component Collections (@dhiyaneshdk) [high]
  • [rabbitmq-amqp-default-login] RabbitMQ AMQP - Default Login (@dhiyaneshdk) [high]
  • [perforce-info-disclosure] Perforce Server - Information Disclosure (@morgan Robertson) [medium]
  • [perforce-user-enumeration] Perforce Server - User Enumeration (@morgan Robertson) [medium]
  • [perforce-passwordless-users] Perforce Server - Passwordless User Accounts (@morgan Robertson) [critical]
  • [perforce-remote-depot-unauth] Perforce Server - Unauthenticated Remote Depot Access (@morgan Robertson) [high]
  • [mdns-ptzoptics-detect] PTZOptics Device via mDNS - Detect (@rxerium) [info]
  • [perforce-detection] Perforce Server - Detection (@morgan Robertson) [info]

New Contributors

Full Changelog: v10.4.2...v10.4.3

  • 命中:CVE, RCE, PoC/Exploit, Auth bypass/Unauth, Key product, High priority source

  • 链接:https://github.com/projectdiscovery/nuclei-templates/releases/tag/v10.4.3

  • Nuclei 模板 v10.4.2 – 发行说明

  • 风险:high / 分数:100
  • 来源:nuclei-templates releases
  • 摘要:

    New Templates Added: 121 | CVEs Added: 61 | First-time contributions: 15

🔥 Release Highlights 🔥

What's Changed

Bug Fixes

False Negatives

  • Fixed false negatives in CVE-2024-8529 (LearnPress SQLi): body matchers were unreliable for blind SQLi responses and a randstr bypass was added to defeat DB query cache (Issue #15768, PR #15844).

False Positives

  • Reduced extremely high false positives in credentials-disclosure template caused by over-permissive [\w-]+ value regex with no minimum length enforcement, flagging short UI strings like "ClientSecret":"Client" as credential leaks (Issue #15563, PR #15845).
  • Reduced false positives in the Apache ActiveMQ Artemis Console Default Login template; tightened matcher to require a valid JSON login response with expectedartemis username (Issue #15762, PR #15861).
  • Resolved false positives in molgenis-default-login template triggered by JSESSIONID cookies on custom 404 pages (Issue #12603).
  • Removed false positive subdomain takeover detection templates for Netlify, Shopify, Azure Azurewebsites, Cloudapp, and Trafficmanager - these services are no longer vulnerable due to enforced TXT verification, deprecation, or claimed namespace blocking (PR #15724).
  • Fixed false positive webpack-config detection triggered by SPA catch-all routing (PR #15869).
  • Improved CVE-2022-3254 matchers to reduce false positives on HTML error responses (PR #15840).
  • Fixed false positives in CVE-2024-52762 (PR #15833).
  • Fixed false positives in CVE-2025-49113 (PR #15777).

Enhancements

  • Refactored matchers in CVE-2024-42009 for improved detection accuracy (PR #15835).
  • Added and normalized CWE metadata across HTTP templates (PR #15804).
  • Added additional EOL version entries to end-of-life detection templates (PR #15891).
  • Updated CVE-2025-30208 detection coverage (PR #15784).

Templates Added

  • [CVE-2026-39987] Marimo <= 0.20.4 - Pre-Auth Terminal WebSocket RCE (@ritikchaddha) [critical] 🔥 (vKEV)
  • [CVE-2026-39365] Vite Dev Server - Path Traversal in Optimized Deps .map Handling (@theamanrawat) [medium] 🔥
  • [CVE-2026-39364] Vite Dev Server - Directory Traversal (@ritikchaddha) [high] 🔥
  • [CVE-2026-35616] FortiClient EMS - Authentication Bypass (@ritikchaddha) [high] 🔥 (kev) (vKEV)
  • [CVE-2026-34885] WordPress Media Library Assistant <= 3.34 - SQL Injection (@theamanrawat) [high] 🔥
  • [CVE-2026-34605] SiYuan Note - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2026-34453] SiYuan <= v3.6.1 - Bookmark Data Disclosure (@0x_Akoko) [high]
  • [CVE-2026-34197] Apache ActiveMQ - Remote Code Execution (@dhiyaneshdk, @horizon3) [critical] 🔥
  • [CVE-2026-34156] NocoBase - VM Sandbox Escape to Remote Code Execution (@theamanrawat) [critical] 🔥
  • [CVE-2026-33478] AVideo <= 26.0 - WWBN AVideo - Remote Code Execution (@pussycat0x) [critical]
  • [CVE-2026-33340] LoLLMs WEBUI - Server-Side Request Forgery (@theamanrawat) [critical] 🔥
  • [CVE-2026-31809] SiYuan <= v3.5.9 - Cross Site Scripting (@0x_Akoko) [medium]
  • [CVE-2026-31807] SiYuan <= v3.5.9 - SVG Animate Element XSS (@0x_Akoko) [medium]
  • [CVE-2026-30824] Flowise - NVIDIA NIM Endpoints Missing Authentication (@dhiyaneshdk) [high] 🔥
  • [CVE-2026-29183] SiYuan Note - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2026-29066] TinaCMS - Path Traversal (@theamanrawat) [medium]
  • [CVE-2026-29014] MetInfo CMS <= 8.1 - Remote Code Execution (@0x_Akoko) [critical]
  • [CVE-2026-28414] Gradio - Absolute Path Traversal (@0x_Akoko) [high] 🔥
  • [CVE-2026-28358] NocoDB - User Enumeration (@dhiyaneshdk) [medium] 🔥
  • [CVE-2026-26980] Ghost CMS Content API - SQL Injection (@domwhewell-sage) [critical] 🔥
  • [CVE-2026-25616] Blesta <= 5.13.1 - Cross-Site Scripting (@0x_Akoko) [medium]
  • [CVE-2026-21643] Fortinet FortiClientEMS 7.4.4 - SQL Injection (@ritikchaddha) [critical] 🔥 (kev) (vKEV)
  • [CVE-2026-20079] Cisco Secure Firewall Management Center - Authentication Bypass (@theamanrawat) [critical] 🔥
  • [CVE-2026-6203] User Registration & Membership WordPress plugin - Open Redirect (@theamanrawat) [medium] 🔥
  • [CVE-2026-6118] AstrBot <= 4.22.1 - Command Injection (@jyoti369) [high]
  • [CVE-2026-5615] VvvebJs <= 2.0.5 - Cross-Site Scripting (@theamanrawat) [medium]
  • [CVE-2026-4257] WordPress Contact Form by Supsystic - Server-Side Template Injection (@theamanrawat) [critical] 🔥
  • [CVE-2026-4106] HT Mega < 3.0.7 - Sensitive Information Disclosure (@efetr) [high] 🔥
  • [CVE-2026-4020] Gravity SMTP WordPress Plugin - Sensitive Information Exposure (@theamanrawat) [high] 🔥 (vKEV)
  • [CVE-2026-3584] WordPress Kali Forms <= 2.4.9 - Remote Code Execution (@pussycat0x) [critical] 🔥 (vKEV)
  • [CVE-2026-3396] WCAPF WooCommerce Ajax Product Filter - SQL Injection (@theamanrawat) [high] 🔥
  • [CVE-2026-2699] Progress ShareFile Storage Zones Controller - Authentication Bypass (@dhiyaneshdk) [critical] 🔥
  • [CVE-2026-2416] Geo Mashup <= 1.13.17 - SQL Injection (@Shivam Kamboj) [high]
  • [CVE-2025-67303] ComfyUI-Manager < 3.38 - Configuration Overwrite (@maciejklimek) [critical] 🔥
  • [CVE-2025-64500] Symfony HttpFoundation - Access Control Bypass via PATH_INFO (@dhiyaneshdk) [high] 🔥
  • [CVE-2025-59528] Flowise - Remote Code Execution (@xtr0nix) [critical] 🔥 (vKEV)
  • [CVE-2025-55150] Stirling-PDF < 1.1.0 - Server-Side Request Forgery (@weqi) [high] 🔥
  • [CVE-2025-54597] Heimdall Application Dashboard < 2.7.3 - Reflected XSS (@0x_Akoko) [medium]
  • [CVE-2025-53533] Pi-hole Reflected XSS in 404-Error Page (@dhiyaneshdk) [medium] 🔥
  • [CVE-2025-50578] Heimdall - Host Header Injection & Open Redirect (@dhiyaneshdk) [medium]
  • [CVE-2025-32614] EventON Lite <= 2.4 - Authenticated Local File Inclusion (@pussycat0x) [high] 🔥
  • [CVE-2025-14340] Payara Server - Cross-Site Scripting (@0x_Akoko, @0xr2r) [high] 🔥
  • [CVE-2025-14124] Team WordPress Plugin (TLP Team) <= 5.0.9 - SQL Injection (@neosmith1, @0x_Akoko) [high] 🔥
  • [CVE-2025-13652] WordPress CBX Bookmark & Favorite Plugin <= 2.0.4 - SQL Injection (@neosmith1) [critical] 🔥
  • [CVE-2025-12536] SureForms <= 1.13.1 - Sensitive Information Exposure (@pussycat0x) [medium] 🔥
  • [CVE-2025-5350] WSO2 - Server Side Request Forgery (@sourabh Grover) [medium] 🔥
  • [CVE-2025-2558] WordPress The Wound Theme <= 0.0.1 - Local File Inclusion (@pussycat0x) [high]
  • [CVE-2025-2221] WordPress WPCOM Member <= 1.7.6 - SQL Injection (@neosmith1, @0x_Akoko) [high] 🔥
  • [CVE-2024-49357] ZimaOS <= v1.2.4 - Sensitive Information Disclosure (@dhiyaneshdk) [high]
  • [CVE-2024-38819] Spring Framework Path Traversal in Functional Web Frameworks (@dhiyaneshdk) [high] 🔥
  • [CVE-2024-28752] Apache CXF < 4.0.4 - Aegis DataBinding SSRF / Local File Read (@maciejklimek) [high] 🔥
  • [CVE-2024-8252] WordPress Clean Login <= 1.14.5 Authenticated (Contributor+) - Local File Inclusion (@pussycat0x) [high] 🔥
  • [CVE-2023-49293] Vite dev server - Cross-Site Scripting (@ritikchaddha) [medium] 🔥
  • [CVE-2023-40924] SolarView Compact < 6.00 - Directory Traversal (@dhiyaneshdk) [high]
  • [CVE-2023-7165] JetBackup <= 2.0.9.7 - Sensitive Information Exposure via Directory Listing (@pussycat0x) [high] 🔥
  • [CVE-2023-6825] WordPress File Manager <= 7.2.1 - Directory Traversal (@pussycat0x) [critical] 🔥
  • [CVE-2023-6750] WordPress WP Clone <= 2.4.2 - Database Backup Exposure (@pussycat0x) [critical] 🔥
  • [CVE-2023-6592] WordPress FastDup <= 2.1.9 Sensitive Information Exposure - Directory Listing (@pussycat0x) [medium] 🔥
  • [CVE-2022-41678] Apache ActiveMQ < 5.16.5/5.17.3 - Remote Code Execution (@maciejklimek) [high] 🔥
  • [CVE-2021-46371] AntD Admin - Sensitive Information Disclosure (@ritikchaddha) [high]
  • [CVE-2021-23337] Lodash Template - Server-Side Template Injection (RCE) (@dhiyaneshdk) [high] 🔥
  • [apache-sling-default-login] Apache Sling - Default Login (@icarot) [high]
  • [astrbot-default-login] AstrBot - Default Login (@theamanrawat) [high]
  • [checkmk-default-login] Checkmk - Default Login (@0xBassia) [high]
  • [freepbx-default-login] FreePBX - Default Admin Credentials (@0x_Akoko) [high]
  • [graylog-default-login] Graylog - Default Login (@0x_Akoko, @0xBassia) [high]
  • [grocy-default-login] Grocy - Default Admin Credentials (@0x_Akoko) [high]
  • [mirth-connect-default-login] Mirth Connect - Default Admin Credentials (@0x_Akoko) [high]
  • [netbox-default-login] NetBox - Default Admin Credentials (@0x_Akoko) [high]
  • [owncast-default-login] Owncast - Default Credentials (@0x_Akoko) [high]
  • [superset-default-login] Apache Superset - Default Login (@theamanrawat) [high]
  • [activepieces-panel] Activepieces Panel - Detect (@rxerium) [info]
  • [agentgpt-panel] AgentGPT Panel - Detect (@rxerium) [info]
  • [anythingllm-panel] AnythingLLM Panel - Detect (@rxerium) [info]
  • [astrbot-panel-detect] AstrBot WebUI Login Panel - Detect (@theamanrawat) [info]
  • [clearml-panel] ClearML Panel - Detect (@rxerium) [info]
  • [cvat-panel] CVAT Computer Vision Annotation Tool - Detect (@rxerium) [info]
  • [devtron-panel] Devtron Panel Login Panel - Detect (@johnk3r) [info]
  • [easydiffusion-panel] Easy Diffusion Panel - Detect (@rxerium) [info]
  • [flowise-panel] Flowise Panel - Detect (@rxerium) [info]
  • [h2o-wave-panel] H2O Wave ML Application Server - Detect (@rxerium) [info]
  • [koboldai-panel] KoboldAI Panel - Detect (@rxerium) [info]
  • [openclaw-control-detect] OpenClaw Control - Detect (@pbuff07) [info]
  • [openhands-panel] OpenHands Panel - Detect (@rxerium) [info]
  • [showdoc-panel] ShowDoc Panel Detection (@rxerium) [info]
  • [sillytavern-panel] SillyTavern Panel - Detect (@rxerium) [info]
  • [superagi-panel] SuperAGI Panel - Detect (@rxerium) [info]
  • [devtron-env-config-js] Devtron JavaScript Environment Configuration - Exposure (@johnk3r) [low]
  • [argo-workflows-unauth] Argo Workflows - Unauthenticated Dashboard (@0xBassia) [high]
  • [baget-exposure] BaGet - Exposure (@dhiyaneshdk) [medium]
  • [blockchain-rpc-debug-exposure] Blockchain RPC Debug Trace Methods - Exposure (@0xBassia) [medium]
  • [blockchain-rpc-txpool-exposed] Blockchain RPC - txpool_content Exposed (@0xBassia) [high]
  • [dbgate-anonymous-access] DbGate Anonymous Access - Detection (@benharvey-sage) [high]
  • [glitchtip-public-signup] Gitea Public Registration Enabled (@dhiyaneshdk) [medium]
  • [heimdall-dashboard-exposure] Heimdall Application Dashboard - Unauthenticated Access (@0x_Akoko) [medium]
  • [3cx-installer] 3CX Phone System - Installer Page Exposure (@dhiyaneshdk) [high]
  • [azuracast-installer] AzuraCast - Unfinished Installation (@dhiyaneshdk) [high]
  • [freescout-installer] FreeScout Installer Exposure (@dhiyaneshdk) [high]
  • [icinga-installer] Icinga Web 2 Installer Exposure (@pussycat0x) [high]
  • [leantime-install-page-exposed] Leantime - Unfinished Installation (@0x_Akoko) [high]
  • [modx-installer] ModX CMS - Unfinished Installation (@dhiyaneshdk) [high]
  • [revive-adserver-installer] Revive Adserver - Exposed Installer (@dhiyaneshdk) [high]
  • [node-red-unauth] Node-RED - Unauthenticated Access (@0xBassia) [high]
  • [opentext-filr-guest-access] OpenText Filr - Guest Access Enabled (@pussycat0x) [medium]
  • [photoprism-unauth-exposure] PhotoPrism - Unauthenticated Exposure (@pussycat0x) [high]
  • [piwik-unauthenticated-access] Piwik/Matomo - Unauthenticated Access (@0x_Akoko) [high]
  • [sabnzbd-unauth-access] SABnzbd - Unauthenticated Web Interface Access (@0x_Akoko) [high]
  • [weak-hsts-detect] Weak HTTP Strict-Transport-Security - Detect (@saint_orion) [info]
  • [apache-sling-detect] Apache Sling - Detect (@icarot) [info]
  • [chromadb-detect] ChromaDB Vector Database - Detect (@rxerium) [info]
  • [langflow-detect] Langflow - Detect (@rxerium) [info]
  • [llamacpp-detect] llama.cpp - Detect (@rxerium) [info]
  • [marqo-detect] Marqo Vector Search Engine - Detect (@rxerium) [info]
  • [nicegui-detect] NiceGUI Detection (@theamanrawat) [info]
  • [sdwebui-detect] Stable Diffusion WebUI - Detect (@rxerium) [info]
  • [weights-biases-detect] Weights & Biases - Detect (@rxerium) [info]
  • [xinference-detect] Xinference - Detect (@rxerium) [info]
  • [chanjet-crm-sqli] Chanjet CRM - SQL Injection (@luckying1314@139.com) [high]
  • [magento-polyshell-rce] Magento PolyShell – Unauthenticated File Upload to RCE (@slcyber, @dhiyaneshdk) [critical]
  • [marimo-proxy-abuse] Marimo > 0.9.20 - Proxy Abuse (@ritikchaddha) [medium]
  • [zqnb-educationcloud-exposure] ZhongQing Education Cloud Platform - Information Exposure (@ritikchaddha) [high]

New Contributors

Full Changelog: v10.4.1...v10.4.2

  • 命中:CVE, RCE, PoC/Exploit, Auth bypass/Unauth, Key product, High priority source

  • 链接:https://github.com/projectdiscovery/nuclei-templates/releases/tag/v10.4.2

  • Nuclei 模板 v10.4.1 – 发行说明

  • 风险:high / 分数:100
  • 来源:nuclei-templates releases
  • 摘要:

    New Templates Added: 76 | CVEs Added: 42 | First-time contributions: 10

🔥 Release Highlights 🔥

What's Changed

Bug Fixes

False Negatives

  • Improved detection in FTP Service - Credential Weakness template, reducing underreporting (PR #15726, Issue
    #15681).
  • Addressed false negative in CVE-2024-3273 detection (Issue #15654).
  • Addressed false negative in CVE-2021-25032 detection (Issue #13647).

False Positives

Enhancements

Templates Added

  • [CVE-2026-33868] Mastodon - Open Redirect (@theamanrawat) [medium] 🔥
  • [CVE-2026-32596] Glances - Information Disclosure (@theamanrawat) [high] 🔥
  • [CVE-2026-32583] Webnus Inc. Modern Events Calendar - Broken Access Control (@theamanrawat) [medium] 🔥
  • [CVE-2026-31816] Budibase - Authentication Bypass (@theamanrawat) [critical] 🔥
  • [CVE-2026-30928] Glances - Information Disclosure (@theamanrawat) [high] 🔥
  • [CVE-2026-28288] Dify User Enumeration via Observable Response Discrepancy (@dhiyaneshdk) [medium] 🔥
  • [CVE-2026-27483] MindsDB - Remote Code Execution (@thewhiteh4t) [high] 🔥
  • [CVE-2026-24477] AnythingLLM - Information Disclosure (@dhiyaneshdk) [high] 🔥
  • [CVE-2026-22739] Spring Cloud Config Server - Path Traversal (@0x_Akoko, @vulnh0lic) [high] 🔥
  • [CVE-2026-21445] Langflow - Broken Access Control (@dhiyaneshdk) [critical] 🔥
  • [CVE-2026-3055] Citrix NetScaler SAML IDP - Memory Overread (@watchtowr, @shaikhyaser, @dhiyaneshdk) [critical] (kev) (vKEV) 🔥
  • [CVE-2026-2025] Mail Mint < 1.19.5 - Unauthenticated Email Disclosure (@0x_Akoko) [high]
  • [CVE-2026-1581] wpForo Forum <= 2.4.14 - SQL Injection (@Shivam Kamboj) [critical] (kev) (vKEV) 🔥
  • [CVE-2026-1557] WP Responsive Images <= 1.0 - Arbitrary File Read (@Shivam Kamboj) [high]
  • [CVE-2026-1405] WordPress Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload (@pussycat0x) [critical]
  • [CVE-2026-1306] WordPress midi-Synth <= 1.1.0 - Unauthenticated Arbitrary File Upload (@pussycat0x) [critical]
  • [CVE-2026-1296] Frontend Post Submission Manager Lite <= 1.2.7 - Open Redirect (@Shivam Kamboj) [medium]
  • [CVE-2026-1277] URL Shortify <= 1.12.1 - Open Redirect (@Shivam Kamboj) [medium]
  • [CVE-2026-0926] Prodigy Commerce <= 3.3.0 - Local File Inclusion (@Shivam Kamboj) [critical]
  • [CVE-2025-71260] BMC FootPrints - Deserialization of Untrusted Data (RCE) (@watchtowr, @dhiyaneshdk) [critical] 🔥
  • [CVE-2025-71259] BMC FootPrints 'feedUrl' - Server-Side Request Forgery (@watchtowr, @dhiyaneshdk) [high] 🔥
  • [CVE-2025-71258] BMC FootPrints 'searchWeb' - Server-Side Request Forgery (@watchtowr, @dhiyaneshdk) [high] 🔥
  • [CVE-2025-71257] BMC FootPrints - Authentication Bypass (@watchtowr, @dhiyaneshdk) [medium] 🔥
  • [CVE-2025-68602] Accept Donations with PayPal <= 1.5.2 - Open Redirect (@Shivam Kamboj) [medium]
  • [CVE-2025-68043] LottieFiles WordPress Plugin <= 3.0.0 - Missing Authorization (@pussycat0x) [high] 🔥
  • [CVE-2025-62512] Piwigo - User Enumeration via Password Reset (@dhiyaneshdk) [medium] 🔥
  • [CVE-2025-62126] WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure (@pussycat0x) [medium]
  • [CVE-2025-59716] ownCloud Guests - User Enumeration (@dhiyaneshdk) [medium] 🔥
  • [CVE-2025-58044] JumpServer - Open Redirect via Referer Header (@dhiyaneshdk) [medium] 🔥
  • [CVE-2025-54793] Astro SSR - Open Redirect (@dhiyaneshdk) [medium] 🔥
  • [CVE-2025-46565] Vite Dev Server - Information Exposure (@ritikchaddha) [medium] 🔥
  • [CVE-2025-32463] Sudo - Local Privilege Escalation via chroot (@SeungAh-Hong) [critical] (kev) (vKEV) 🔥
  • [CVE-2025-14437] WordPress Hummingbird <= 3.18.0 - Sensitive Information Exposure via Log File (@pussycat0x) [high] 🔥
  • [CVE-2025-13920] WP Directory Kit < 1.5.0 - Unauthenticated Email Exposure (@0x_Akoko) [medium]
  • [CVE-2025-6984] langchain-ai langchain - XML External Entity Injection (@nukunga) [high] 🔥
  • [CVE-2025-5947] Service Finder Bookings - Authentication Bypass (@sedat4ras) [critical] (kev) (vKEV) 🔥
  • [CVE-2025-4576] Liferay Portal & DXP - Cross-Site Scripting (@xtr0nix) [medium] 🔥
  • [CVE-2024-57241] DedeCMS - Open Redirect via download.php (@0x_Akoko) [medium]
  • [CVE-2024-43144] Cost Calculator Builder <= 3.2.15 - SQL Injection (@Shivam Kamboj) [critical] 🔥
  • [CVE-2023-34092] Vite Dev Server - Information Exposure (@ritikchaddha) [high] 🔥
  • [CVE-2022-1692] CP Image Store with Slideshow <= 1.0.67 - SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2020-15718] RosarioSIS 6.7.2 - Cross-Site Scripting (@0xr2r, @jarvis-survives) [medium]
  • [unquoted-service-paths] Unquoted Service Paths (@domwhewell-sage) [high]
  • [alfresco-default-login] Alfresco - Default Admin Credentials (@0x_Akoko) [high]
  • [apache-polaris-default-login] Apache Polaris - Default Login (@icarot) [high]
  • [brickcom-camera-default-login] Brickcom Camera - Default Login (@0x_Akoko) [high]
  • [casdoor-default-login] Casdoor - Default Admin Credentials (@0x_Akoko) [high]
  • [doccano-default-login] Doccano - Default Login (@0x_Akoko) [high]
  • [harbor-default-login] Harbor Registry - Default Admin Credentials (@0x_Akoko) [high]
  • [homebridge-default-login] Homebridge - Default Admin Credentials (@0x_Akoko) [high]
  • [ilias-default-login] ILIAS LMS - Default Admin Credentials (@0x_Akoko) [high]
  • [limesurvey-default-login] LimeSurvey - Default Admin Credentials (@0x_Akoko) [high]
  • [ntopng-default-login] ntopng - Default Login (@0x_Akoko) [high]
  • [openproject-default-login] OpenProject - Default Admin Credentials (@0x_Akoko) [high]
  • [pfsense-default-login] pfSense - Default Admin Credentials (@0x_Akoko) [high]
  • [redmine-default-login] Redmine - Default Admin Credentials (@0x_Akoko) [high]
  • [xerox-default-login] Xerox Fuji/VersaLink - Default Login (@dhiyaneshdk) [high]
  • [arcane-login-panel] Arcane Login Panel - Detect (@Kazgangap) [info]
  • [budibase-login-detect] Budibase Login Panel - Detect (@theamanrawat) [info]
  • [odoo-website-info-exposure] Odoo Website - Information Disclosure (@aushack) [info]
  • [xerox-panel] Xerox Fuji/VersaLink Login - Panel (@dhiyaneshdk) [info]
  • [apache-polaris-metrics-exposure] Apache Polaris - Information Disclosure (@icarot) [medium]
  • [remote-spark-gateway-config] Remote Spark Gateway Configuration/Credentials - Exposure (@domwhewell-sage) [medium]
  • [google-gemini-key-exposure] Google Gemini API Key - Exposure (@mestizo) [high]
  • [brickcom-camera-unauth-snapshot] Brickcom Camera - Unauthenticated Snapshot Access (@0xr2r) [high]
  • [graphiql-exposure] GraphiQL - Exposure (@vincent Olagbemide) [low]
  • [ghost-cms-installer] Ghost CMS Installation Setup - Exposure (@0x_Akoko) [high]
  • [mistserver-installer] MistServer Installation Wizard - Exposure (@dhiyaneshdk) [high]
  • [synology-dsm-system-info] Synology DSM System Info - Detect (@dhiyaneshdk) [info]
  • [confluence-eol] Atlassian Confluence End-of-Life - Detect (@Shivam Kamboj) [info]
  • [forgejo-eol] Forgejo End-of-Life - Detect (@Shivam Kamboj) [info]
  • [leantime-detect] Leantime - Detect (@icarot) [info]
  • [litellm-swagger-detect] LiteLLM API - Swagger UI Detection (@rxerium) [info]
  • [rustfs-detect] Rustfs - Detect (@icarot) [info]
  • [wyse-devicegroup-register] Dell Wyse Management Suite - Unauthenticated Device Registration (@dhiyaneshdk) [high]
  • [sanhuismg-radius-rce] Synway SMG Gateway 9-2radius.php - Remote Command Execution (@chenkh) [critical]

New Contributors

Full Changelog: v10.4.0...v10.4.1

  • 命中:CVE, RCE, PoC/Exploit, Auth bypass/Unauth, Key product, High priority source

  • 链接:https://github.com/projectdiscovery/nuclei-templates/releases/tag/v10.4.1

  • Nuclei 模板 v10.3.8 – 发行说明

  • 风险:high / 分数:100
  • 来源:nuclei-templates releases
  • 摘要:

    New Templates Added: 457 | CVEs Added: 43 | First-time contributions: 13

🔥 Release Highlights 🔥

What's Changed

Bug Fixes

False Negatives

  • Fixed multiple regex-based templates triggering incorrectly on valid CSS (Issue #13131)

False Positives

Enhancements

  • Updated detect-sentry.yaml with new matchers (PR #14955)

Templates Added

  • [CVE-2026-23760] SmarterTools SmarterMail - Admin Password Reset (@watchtowr, @dhiyaneshdk) [critical] (vKEV) 🔥
  • [CVE-2026-23550] Modular DS - Broken Access Control (@dhiyaneshdk) [high] (vKEV) 🔥
  • [CVE-2026-22200] osTicket - Arbitrary File Read (@dhiyaneshdk) [high] 🔥
  • [CVE-2026-21859] Mailpit < 1.28.3 - Server-Side Request Forgery (@omarkurt) [high]
  • [CVE-2026-21858] n8n Webhooks - Remote Code Execution (@rxerium) [critical] (vKEV) 🔥
  • [CVE-2025-66516] Apache Tika - XML External Entity Injection (@MathematicianGoat) [high] 🔥
  • [CVE-2025-66472] XWiki DeleteApplication - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2025-56520] Dify v1.6.0 - Server-Side Request Forgery (@0x_Akoko) [high] 🔥
  • [CVE-2025-56132] LiquidFiles < 4.2 - User Enumeration via Password Reset (@dhiyaneshdk) [high]
  • [CVE-2025-55303] Astro - Unauthorized Third-Party Image Access (@theamanrawat) [medium]
  • [CVE-2025-52694] Advantech WISE-IoTSuite/SaaS - SQL Injection (@Loi Nguyen Thang) [critical] 🔥
  • [CVE-2025-46550] YesWiki < 4.5.4 - Cross-Site Scripting (@MuhammadWaseem) [medium]
  • [CVE-2025-46549] YesWiki <= 4.5.1 - Cross-Site Scripting (@MuhammadWaseem) [medium]
  • [CVE-2025-46349] YesWiki Reflected XSS via File Upload (@mahmoud Gamal) [high]
  • [CVE-2025-36845] Eveo URVE Web Manager - Server-Side Request Forgery (@dhiyaneshdk) [high]
  • [CVE-2025-27817] Apache Kafka Client - Arbitrary File Read (@0x_Akoko) [high] 🔥
  • [CVE-2025-25570] Vue Vben Admin - Default Credentials (@0x_Akoko) [critical] 🔥
  • [CVE-2025-13418] Responsive Pricing Table <= 5.1.12 - Cross-Site Scripting (@Shivam Kamboj, @jay Jani) [medium]
  • [CVE-2025-11580] PowerJob List - Authorization Bypass (@dhiyaneshdk) [medium]
  • [CVE-2025-8110] Gogs <= 0.13.3 - Remote Code Execution (@rxerium) [high] (kev) 🔥
  • [CVE-2025-4210] Casdoor - Authorization Bypass (@theamanrawat) [high] (vKEV) 🔥
  • [CVE-2025-3472] Ocean Extra <= 2.4.6 - Unauthenticated Shortcode Execution (@theamanrawat) [medium]
  • [CVE-2024-56159] Astro - Information Disclosure (@theamanrawat) [medium]
  • [CVE-2024-29137] WordPress Tourfic Plugin <= 2.11.7 - Cross-Site Scripting (@Shivam Kamboj) [high] 🔥
  • [CVE-2024-23055] Plone Docker - Host Header Injection (@theamanrawat) [medium]
  • [CVE-2023-52163] Digiever DS-2105 Pro - Command Injection (@rajesh-social-tech) [high] (kev) 🔥
  • [CVE-2023-33960] OpenProject < 12.5.4 - Project Identifiers Exposure (@0x_Akoko) [medium]
  • [CVE-2022-41697] Ghost CMS - User Enumeration (@ritikchaddha) [medium] 🔥
  • [CVE-2022-4223] pgAdmin < 6.17 - Unauthenticated Remote Code Execution (@0x_Akoko) [critical] 🔥
  • [CVE-2022-0188] CMP WordPress < 4.0.19 - Broken Access Control (@pussycat0x) [medium]
  • [CVE-2021-37598] WP Cerber < 8.9.3 - Broken Access Control (@theamanrawat) [medium]
  • [CVE-2021-22881] Ruby on Rails - Open Redirect via Host Header Injection (@theamanrawat) [medium] 🔥
  • [CVE-2021-21246] OneDev < 4.0.3 - User Access Token Leak (@dhiyaneshdk) [high]
  • [CVE-2020-26935] phpMyAdmin < 5.0.3 - SQL Injection (@0x_Akoko) [critical] 🔥
  • [CVE-2020-19363] Vtiger CRM v7.2.0 - Directory Listing (@0x_Akoko) [medium] 🔥
  • [CVE-2020-16248] Prometheus Blackbox Exporter - Server-Side Request Forgery (SSRF) (@dhiyaneshdk) [medium] 🔥
  • [CVE-2020-15081] PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory (@0x_Akoko) [low] 🔥
  • [CVE-2020-9314] Oracle iPlanet Web Server 7.0.x - Image Injection (@dhiyaneshdk) [medium]
  • [CVE-2020-9039] Couchbase Server - Broken Access Control (@pussycat0x) [critical] 🔥
  • [CVE-2020-5722] Grandstream UCM6200 - SQL Injection (@theamanrawat) [critical] (kev) 🔥
  • [CVE-2019-14206] Nevma Adaptive Images - Arbitrary File Deletion (@riteshs4hu) [high]
  • [CVE-2019-12935] Shopware < 5.5.8 - Cross-Site Scripting (@pussycat0x) [high] 🔥
  • [CVE-2018-7765] Schneider Electric U.motion Builder - SQL Injection (@daffainfo) [high]
  • [clawdbot-gw-exposure] Clawdbot Gateway - Detect (@rxerium) [info]
  • [pendo-api-key-exposure] Pendo API Key Exposure (@0x_Akoko) [medium]
  • [jhipster-default-login] JHipster Platform - Default Login (@ritikchaddha) [high]
  • [openlitespeed-default-login] OpenLiteSpeed WebAdmin - Default Login (@0x_Akoko) [high]
  • [cgit-detect] cgit Web Interface - Detection (@ritikchaddha) [info]
  • [cheatsh-detect] cheat.sh Instance - Detection (@ritikchaddha) [info]
  • [cisco-webex-meetings-panel] Cisco Webex Meetings - Panel (@Eyonn) [info]
  • [dagster-webserver-ui-exposure] Dagster - Webserver UI Exposure (@0x_Akoko) [medium]
  • [orbeon-forms-exposure] Orbeon Forms Exposure (@ritikchaddha) [info]
  • [polycom-hdx-web-exposure] Polycom HDX - Web Interface Exposure (@0x_Akoko) [low]
  • [sanity-studio-panel] Sanity Studio Panel - Detect (@Shivam Kamboj) [info]
  • [theia-ide-panel] Eclipse Theia IDE Panel - Detect (@0x_Akoko) [info]
  • [xymon-exposure] Xymon - Exposure (@theamanrawat) [low]
  • [freshrss-api] FreshRSS Google Reader API Exposure (@dhiyaneshdk) [low]
  • [frigate-api-exposure] Frigate NVR - API Exposure (@0x_Akoko) [medium]
  • [batflat-sqlite-exposure] Batflat SQLite Database - Exposure (@dhiyaneshdk) [high]
  • [azure-functions-hostjson-exposure] Azure Functions host.json Configuration Exposure (@pussycat0x) [medium]
  • [jakefile-disclosure] Jakefile Build Configuration - Disclosure (@0x_Akoko) [info]
  • [netlify-headers-config-exposure] Netlify Headers Configuration - Exporsure (@theamanrawat) [low]
  • [ovhcloud-backup-config] OVHcloud Backup Configuration - Exposure (@pussycat0x) [high]
  • [php-prober-exposure] PHP Prober - Exposure (@ritikchaddha) [medium]
  • [selenium-grid-exposure] Selenium Grid Exposure (@0x_Akoko) [high]
  • [symfony-lock-exposure] Symfony Lock File - Exposure (@ritikchaddha) [low]
  • [wordpress-wp-env-exposure] WordPress Configuration wp-env - Exposure (@0x_Akoko) [low]
  • [zipkin-config-exposure] Zipkin Configuration - Exposure (@theamanrawat) [low]
  • [aspnet-launchsettings-exposure] ASP.NET Launch Settings - Exposure (@theamanrawat) [medium]
  • [aws-buildspec-exposure] AWS CodeBuild Build Spec - Exposure (@theamanrawat) [low]
  • [dot-credentials-exposure] Dot Credentials - Exposure (@theamanrawat) [high]
  • [gcloudignore-file-exposure] Google Cloud Ignore File Exposure (@dhiyaneshdk) [low]
  • [gitpod-dockerfile-exposure] Gitpod Dockerfile - Exposure (@theamanrawat) [info]
  • [joe-deadjoe-file-exposure] Joe Editor DEADJOE File - Exposure (@0x_Akoko) [low]
  • [pear-registry-exposed] PEAR Registry Files Exposed (@pussycat0x) [low]
  • [postgres-history-exposure] PostgreSQL History - Exposure (@theamanrawat, @0x_Akoko) [low]
  • [redmine-issues-exposure] Redmine Issues - Exposure (@theamanrawat) [medium]
  • [rubygems-credentials-exposure] Ruby Gem::ConfigFile Credential - Exposure (@theamanrawat) [high]
  • [sqlite-history-exposure] SQLite History - Exposure (@theamanrawat) [medium]
  • [testignore-disclosure] Testignore - File Disclosure (@0x_Akoko) [info]
  • [vscode-mcp-json] Visual Studio Code MCP Configuration ("mcp.json") Exposure (@dhiyaneshdk) [low]
  • [vscode-settings] Visual Studio Code Settings - Credential Exposure (@dhiyaneshdk) [low]
  • [cacti-log-exposure] Cacti Log - Exposure (@theamanrawat) [medium]
  • [magento-debug-log-exposure] Magento Debug Log - Exposure (@0x_Akoko) [medium]
  • [opencart-error-log] OpenCart Error Log Disclosure (@dhiyaneshdk) [medium]
  • [servicestack-requestlogs] ServiceStack Request Logs - Unauthenticated Access (@dhiyaneshdk) [high]
  • [wp-wpstatistics-log] WordPress Plugin WP Statistics Error Log Disclosure (@dhiyaneshdk) [medium]
  • [zen-cart-log-exposure] Zen Cart Log File Exposure (@0x_Akoko) [medium]
  • [azure-instrumentation-key-exposure] Azure Instrumentation Key - Exposure (@pussycat0x) [medium]
  • [firebase-fcm-server-key-disclosure] Firebase Cloud Messaging - Server Key Disclosure (@0x_Akoko) [medium]
  • [adminbro-dashboard-exposure] AdminBro Dashboard - Unauthenticated Access (@0x_Akoko) [high]
  • [administrate-dashboard] Administrate Dashboard Exposure (@dhiyaneshdk) [high]
  • [coldfusion-cfide-dir-listing] Adobe ColdFusion CFIDE - Directory Listing (@0x_Akoko) [medium]
  • [alibaba-bucket-listing] Alibaba Cloud OSS Bucket - Public Listing Enabled (@0x_Akoko) [unknown]
  • [apache-spark-env] Apache Spark Environment - Exposure (@0x_Akoko) [medium]
  • [cacti-fpd] Cacti - Full Path Disclosure (@theamanrawat) [low]
  • [cakephp-debugkit-exposure] CakePHP - Debug Kit Toolbar Exposure (@0x_Akoko) [medium]
  • [chroma-db-unauth] Chroma DB - Information Disclosure (@Shay Ben Tikva) [high]
  • [flask-debug-toolbar] Flask Debug Toolbar - Exposure (@0x_Akoko) [medium]
  • [drupal-source-code-disclosure] Drupal - Source Code Disclosure (@pussycat0x) [medium]
  • [envoy-metadata-disclosure] Envoy Proxy - Metadata Disclosure (@theamanrawat) [info]
  • [exist-db-dashboard-access] eXist-DB Dashboard Access (@ritikchaddha) [high]
  • [ezservermonitor-exposure] eZ Server Monitor - Exposure (@pussycat0x) [low]
  • [fastly-backend-info-disclosure] Fastly Backend Server Information Disclosure (@0x_Akoko) [low]
  • [fastly-debug-headers] Fastly CDN Debug Headers Exposure (@pussycat0x) [info]
  • [fortra-filecatalyst-anonymous-access] Fortra FileCatalyst - Anonymous Access (@ritikchaddha) [low]
  • [gerrit-account-enum] Gerrit Code Review - Account Enumeration (@dhiyaneshdk) [medium]
  • [gitea-public-repo-exposure] Gitea Public Repository - Exposure (@theamanrawat) [low]
  • [google-calendar-exposure] Google Calendar - Exposure (@dhiyaneshdk) [low]
  • [homebridge-unfinished-install] Homebridge - Unfinished Installation (@theamanrawat) [high]
  • [ibm-cloud-bucket-exposure] IBM Cloud Object Storage - Bucket Exposure (@0x_Akoko) [unknown]
  • [info-cgi-env-leak] info.cgi Environment Variable - Disclosure (@pussycat0x) [medium]
  • [beszel-unfinished-installation] Beszel Unfinished Installation (@0x_Akoko) [high]
  • [fork-installer] Fork CMS - Installer (@dhiyaneshdk) [critical]
  • [itflow-unfinished-installation] ITFlow Unfinished Installation (@0x_Akoko) [high]
  • [rancher-incomplete-setup] Rancher - Incomplete Setup Exposure (@0x_Akoko) [low]
  • [intermapper-exposure] InterMapper - Exposure (@pussycat0x) [high]
  • [jellyfin-public-users-exposure] Jellyfin Public Users - Exposure (@theamanrawat) [medium]
  • [kanboard-database-exposure] Kanboard - SQLite Database Exposure (@0x_Akoko) [high]
  • [laravel-sessions-exposure] Laravel Sessions Folder Exposure (@dhiyaneshdk) [high]
  • [laravel-terminal-exposure] Laravel Terminal - Exposed (@pussycat0x) [high]
  • [lightstreamer-dashboard-exposure] Lightstreamer Dashboard Exposure (@dhiyaneshdk) [medium]
  • [sharepoint-exposed-login-endpoint] Microsoft SharePoint - Exposed Login Endpoint (@pussycat0x) [info]
  • [mongodb-exposure] MongoDB Exposure (@dhiyaneshdk) [info]
  • [mybb-full-path-disclosure] MyBB - Full Path Disclosure (@0x_Akoko) [low]
  • [nocodb-public-registration-enabled] NocoDB Public Registration Enabled (@pussycat0x) [medium]
  • [ollama-improper-authorization] Ollama - Improper Authorization (@0x_Akoko) [medium]
  • [opennms-dashboard-exposure] OpenNMS Dashboard - Exposure Detection (@ritikchaddha) [medium]
  • [perforce-repository] Perforce Repository Disclosure (@dhiyaneshdk) [low]
  • [remotely-registration-enabled] Remotely Registration Enabled (@ritikchaddha) [high]
  • [s3-username-disclosure] x-amz-meta-s3cmd-attrs Header Username Disclosure (@dhiyaneshdk) [low]
  • [seafile-public-registration] Seafile - Public Registration Enabled (@theamanrawat) [info]
  • [sendmail-forward-exposure] Sendmail .forward File - Exposure (@ritikchaddha) [low]
  • [springboot-x-application-context] Spring Boot X-Application-Context Header Exposure (@dhiyaneshdk) [low]
  • [stylelint-ignore-disclosure] Stylelint - Ignore File Disclosure (@ritikchaddha) [info]
  • [typo3-directory-listing] Typo3 Directory Listing (@theamanrawat) [low]
  • [umbraco-directory-listing] Umbraco CMS - Directory Listing Exposure (@dhiyaneshdk) [medium]
  • [umbraco-miniprofiler-exposure] Umbraco Mini Profiler - Exposure (@theamanrawat) [low]
  • [weblate-public-project-exposure] Weblate Public Project - Exposure (@ritikchaddha) [info]
  • [wekan-signup-page] Wekan Sign Up Page - Exposure (@dhiyaneshdk) [medium]
  • [wp-a3-lazy-load-top-fpd] WordPress a3 Lazy Load - Full Path Disclosure (@dhiyaneshdk) [low]
  • [wp-add-search-to-menu-fpd] WordPress Ivory Search - Full Path Disclosure (@dhiyaneshdk) [low]
  • [wp-advanced-iframe-fpd] WordPress Advanced iFrame - Full Path Disclosure (@dhiyaneshdk) [low]
  • [wp-advanced-responsive-video-embedder-fpd] WP Advanced Responsive Video Embedder - FPD (@dhiyaneshdk) [low]
  • [wp-ajax-load-more-anything-fpd] WordPress Load More Anything - Full Path Disclosure (@dhiyaneshdk) [low]
  • [wp-ajax-search-lite-fpd] WordPress Ajax Search Lite - Full Path Disclosure (@dhiyaneshdk) [low]
  • [wp-breadcrumb-navxt-fpd] WordPress Breadcrumb NavXT - Full Path Disclosure (@theamanrawat) [low]
  • [wp-call-now-button-fpd] WordPress Call Now Button - Full Path Disclosure (@dhiyaneshdk) [low]
  • [wp-cf7-data-source-fpd] WordPress Data Source for Contact Form 7 - Full Path Disclosure (@dhiyaneshdk) [low]
  • [wp-duplicate-page-fpd] WordPress Duplicate Page - Full Path Disclosure (@dhiyaneshdk) [low]
  • [wp-header-footer-elementor-fpd] WordPress Header Footer Elementor - Full Path Disclosure (@ritikchaddha) [low]
  • [wp-hostinger-fpd] WordPress Hostinger Tools - Full Path Disclosure (@dhiyaneshdk) [low]
  • [wp-really-simple-captcha-fpd] WordPress Plugin Really Simple CAPTCHA - Full Path Disclosure (@pussycat0x) [low]
  • [wp-updraftplus-fpd] WordPress UpdraftPlus - Full Path Disclosure (@dhiyaneshdk) [low]
  • [wp-w3-total-cache-fpd] WordPress W3 Total Cache - Full Path Disclosure (@dhiyaneshdk) [low]
  • [wp-wpforms-lite-fpd] WordPress WPForms - Full Path Disclosure (@dhiyaneshdk) [low]
  • [wp-wpfront-scroll-top-fpd] WordPress WPFront Scroll Top - Full Path Disclosure (@dhiyaneshdk) [low]
  • [wp-gravity-forms-log-disclosure] WordPress Gravity Forms - Log File Disclosure (@ritikchaddha) [low]
  • [1a-auto-phish] 1A Auto phishing Detection (@rxerium) [info]
  • [ace-hardware-phish] Ace Hardware phishing Detection (@rxerium) [info]
  • [advance-auto-phish] Advance Auto Parts phishing Detection (@rxerium) [info]
  • [affirm-phish] Affirm phishing Detection (@rxerium) [info]
  • [afterpay-phish] Afterpay phishing Detection (@rxerium) [info]
  • [airbnb-phish] Airbnb phishing Detection (@rxerium) [info]
  • [airtable-phish] Airtable phishing Detection (@rxerium) [info]
  • [ally-bank-phish] Ally Bank phishing Detection (@rxerium) [info]
  • [amc-plus-phish] AMC+ phishing Detection (@rxerium) [info]
  • [americanmuscle-phish] AmericanMuscle phishing Detection (@rxerium) [info]
  • [amplitude-phish] Amplitude phishing Detection (@rxerium) [info]
  • [anthropic-phish] Anthropic phishing Detection (@rxerium) [info]
  • [anydo-phish] Any.do phishing Detection (@rxerium) [info]
  • [anz-phish] ANZ phishing Detection (@rxerium) [info]
  • [asana-phish] Asana phishing Detection (@rxerium) [info]
  • [atlassian-phish] Atlassian phishing Detection (@rxerium) [info]
  • [audible-phish] Audible phishing Detection (@rxerium) [info]
  • [auth0-phish] Auth0 phishing Detection (@rxerium) [info]
  • [authy-phish] Authy phishing Detection (@rxerium) [info]
  • [autodesk-phish] Autodesk phishing Detection (@rxerium) [info]
  • [autozone-phish] AutoZone phishing Detection (@rxerium) [info]
  • [azure-phish] Microsoft Azure phishing Detection (@rxerium) [info]
  • [backblaze-phish] Backblaze phishing Detection (@rxerium) [info]
  • [bandcamp-phish] Bandcamp phishing Detection (@rxerium) [info]
  • [barclays-phish] Barclays phishing Detection (@rxerium) [info]
  • [bethesda-phish] Bethesda phishing Detection (@rxerium) [info]
  • [bigcommerce-phish] BigCommerce phishing Detection (@rxerium) [info]
  • [binance-phish] Binance phishing Detection (@rxerium) [info]
  • [bitbucket-phish] Bitbucket phishing Detection (@rxerium) [info]
  • [bitfinex-phish] Bitfinex phishing Detection (@rxerium) [info]
  • [bjs-phish] BJ's Wholesale Club phishing Detection (@rxerium) [info]
  • [blizzard-phish] Blizzard phishing Detection (@rxerium) [info]
  • [bmo-phish] BMO phishing Detection (@rxerium) [info]
  • [bnp-paribas-phish] BNP Paribas phishing Detection (@rxerium) [info]
  • [booking-com-phish] Booking.com phishing Detection (@rxerium) [info]
  • [brevo-phish] Brevo phishing Detection (@rxerium) [info]
  • [buymeacoffee-phish] Buy Me a Coffee phishing Detection (@rxerium) [info]
  • [cafepress-phish] CafePress phishing Detection (@rxerium) [info]
  • [calendly-phish] Calendly phishing Detection (@rxerium) [info]
  • [canva-phish] Canva phishing Detection (@rxerium) [info]
  • [capital-one-phish] Capital One phishing Detection (@rxerium) [info]
  • [caviar-phish] Caviar phishing Detection (@rxerium) [info]
  • [chatgpt-phish] ChatGPT phishing Detection (@rxerium) [info]
  • [chime-phish] Chime phishing Detection (@rxerium) [info]
  • [cibc-phish] CIBC phishing Detection (@rxerium) [info]
  • [citibank-phish] Citibank phishing Detection (@rxerium) [info]
  • [cj-pony-parts-phish] CJ Pony Parts phishing Detection (@rxerium) [info]
  • [clickup-phish] ClickUp phishing Detection (@rxerium) [info]
  • [cloudflare-phish] Cloudflare phishing Detection (@rxerium) [info]
  • [codesandbox-phish] CodeSandbox phishing Detection (@rxerium) [info]
  • [coinbase-phish] Coinbase phishing Detection (@rxerium) [info]
  • [comerica-phish] Comerica Bank phishing Detection (@rxerium) [info]
  • [commonwealth-bank-phish] Commonwealth Bank phishing Detection (@rxerium) [info]
  • [costco-phish] Costco phishing Detection (@rxerium) [info]
  • [credit-agricole-phish] Crédit Agricole phishing Detection (@rxerium) [info]
  • [crunchyroll-phish] Crunchyroll phishing Detection (@rxerium) [info]
  • [csgo-phish] CS:GO phishing Detection (@rxerium) [info]
  • [current-phish] Current phishing Detection (@rxerium) [info]
  • [customink-phish] CustomInk phishing Detection (@rxerium) [info]
  • [cvs-phish] CVS phishing Detection (@rxerium) [info]
  • [cyberghost-phish] CyberGhost phishing Detection (@rxerium) [info]
  • [dbs-phish] DBS Bank phishing Detection (@rxerium) [info]
  • [depop-phish] Depop phishing Detection (@rxerium) [info]
  • [deutsche-bank-phish] Deutsche Bank phishing Detection (@rxerium) [info]
  • [dhl-phish] DHL phishing Detection (@rxerium) [info]
  • [discover-phish] Discover phishing Detection (@rxerium) [info]
  • [docusign-phish] DocuSign phishing Detection (@rxerium) [info]
  • [doordash-phish] DoorDash phishing Detection (@rxerium) [info]
  • [dota2-phish] Dota 2 phishing Detection (@rxerium) [info]
  • [dribbble-phish] Dribbble phishing Detection (@rxerium) [info]
  • [ea-phish] EA phishing Detection (@rxerium) [info]
  • [edelbrock-phish] Edelbrock phishing Detection (@rxerium) [info]
  • [epic-games-phish] Epic Games phishing Detection (@rxerium) [info]
  • [etsy-phish] Etsy phishing Detection (@rxerium) [info]
  • [expedia-phish] Expedia phishing Detection (@rxerium) [info]
  • [expressvpn-phish] ExpressVPN phishing Detection (@rxerium) [info]
  • [fanatical-phish] Fanatical phishing Detection (@rxerium) [info]
  • [fastmail-phish] Fastmail phishing Detection (@rxerium) [info]
  • [fedex-phish] FedEx phishing Detection (@rxerium) [info]
  • [fifth-third-bank-phish] Fifth Third Bank phishing Detection (@rxerium) [info]
  • [footlocker-phish] Foot Locker phishing Detection (@rxerium) [info]
  • [fortnite-phish] Fortnite phishing Detection (@rxerium) [info]
  • [framer-phish] Framer phishing Detection (@rxerium) [info]
  • [freshworks-phish] Freshworks phishing Detection (@rxerium) [info]
  • [fubo-phish] FuboTV phishing Detection (@rxerium) [info]
  • [fullstory-phish] FullStory phishing Detection (@rxerium) [info]
  • [g2a-phish] G2A phishing Detection (@rxerium) [info]
  • [gamestop-phish] GameStop phishing Detection (@rxerium) [info]
  • [gcp-phish] Google Cloud Platform phishing Detection (@rxerium) [info]
  • [gemini-phish] Gemini phishing Detection (@rxerium) [info]
  • [gitlab-phish] GitLab phishing Detection (@rxerium) [info]
  • [gitpod-phish] Gitpod phishing Detection (@rxerium) [info]
  • [goat-phish] GOAT phishing Detection (@rxerium) [info]
  • [godaddy-phish] GoDaddy phishing Detection (@rxerium) [info]
  • [gog-phish] GOG phishing Detection (@rxerium) [info]
  • [grailed-phish] Grailed phishing Detection (@rxerium) [info]
  • [grammarly-phish] Grammarly phishing Detection (@rxerium) [info]
  • [green-man-gaming-phish] Green Man Gaming phishing Detection (@rxerium) [info]
  • [grubhub-phish] Grubhub phishing Detection (@rxerium) [info]
  • [gumroad-phish] Gumroad phishing Detection (@rxerium) [info]
  • [harbor-freight-phish] Harbor Freight phishing Detection (@rxerium) [info]
  • [hbo-max-phish] HBO Max phishing Detection (@rxerium) [info]
  • [heroku-phish] Heroku phishing Detection (@rxerium) [info]
  • [hetzner-phish] Hetzner phishing Detection (@rxerium) [info]
  • [holley-phish] Holley phishing Detection (@rxerium) [info]
  • [homeaway-phish] HomeAway phishing Detection (@rxerium) [info]
  • [hotels-phish] Hotels.com phishing Detection (@rxerium) [info]
  • [hotjar-phish] Hotjar phishing Detection (@rxerium) [info]
  • [hsbc-phish] HSBC phishing Detection (@rxerium) [info]
  • [hubspot-phish] HubSpot phishing Detection (@rxerium) [info]
  • [hulu-phish] Hulu phishing Detection (@rxerium) [info]
  • [humble-bundle-phish] Humble Bundle phishing Detection (@rxerium) [info]
  • [huntington-bank-phish] Huntington Bank phishing Detection (@rxerium) [info]
  • [icbc-phish] ICBC phishing Detection (@rxerium) [info]
  • [ing-phish] ING phishing Detection (@rxerium) [info]
  • [instacart-phish] Instacart phishing Detection (@rxerium) [info]
  • [intercom-phish] Intercom phishing Detection (@rxerium) [info]
  • [irs-phish] IRS phishing Detection (@rxerium) [info]
  • [itch-io-phish] itch.io phishing Detection (@rxerium) [info]
  • [jegs-phish] JEGS phishing Detection (@rxerium) [info]
  • [jetbrains-phish] JetBrains phishing Detection (@rxerium) [info]
  • [jitsi-phish] Jitsi phishing Detection (@rxerium) [info]
  • [keybank-phish] KeyBank phishing Detection (@rxerium) [info]
  • [kinguin-phish] Kinguin phishing Detection (@rxerium) [info]
  • [klarna-phish] Klarna phishing Detection (@rxerium) [info]
  • [ko-fi-phish] Ko-fi phishing Detection (@rxerium) [info]
  • [kraken-phish] Kraken phishing Detection (@rxerium) [info]
  • [latemodel-restoration-phish] Late Model Restoration phishing Detection (@rxerium) [info]
  • [league-of-legends-phish] League of Legends phishing Detection (@rxerium) [info]
  • [line-phish] LINE phishing Detection (@rxerium) [info]
  • [linear-phish] Linear phishing Detection (@rxerium) [info]
  • [linode-phish] Linode phishing Detection (@rxerium) [info]
  • [lloyds-phish] Lloyds Bank phishing Detection (@rxerium) [info]
  • [loaded-phish] Loaded phishing Detection (@rxerium) [info]
  • [loom-phish] Loom phishing Detection (@rxerium) [info]
  • [lowes-phish] Lowe's phishing Detection (@rxerium) [info]
  • [lyft-phish] Lyft phishing Detection (@rxerium) [info]
  • [magento-phish] Magento phishing Detection (@rxerium) [info]
  • [mailchimp-phish] Mailchimp phishing Detection (@rxerium) [info]
  • [mastercard-phish] Mastercard phishing Detection (@rxerium) [info]
  • [mattermost-phish] Mattermost phishing Detection (@rxerium) [info]
  • [medium-phish] Medium phishing Detection (@rxerium) [info]
  • [menards-phish] Menards phishing Detection (@rxerium) [info]
  • [mercari-phish] Mercari phishing Detection (@rxerium) [info]
  • [midjourney-phish] Midjourney phishing Detection (@rxerium) [info]
  • [miro-phish] Miro phishing Detection (@rxerium) [info]
  • [mixpanel-phish] Mixpanel phishing Detection (@rxerium) [info]
  • [monday-phish] Monday.com phishing Detection (@rxerium) [info]
  • [monzo-phish] Monzo phishing Detection (@rxerium) [info]
  • [mpix-phish] MPIX phishing Detection (@rxerium) [info]
  • [mt-bank-phish] M&T Bank phishing Detection (@rxerium) [info]
  • [mullvad-phish] Mullvad VPN phishing Detection (@rxerium) [info]
  • [n26-phish] N26 phishing Detection (@rxerium) [info]
  • [nab-phish] NAB phishing Detection (@rxerium) [info]
  • [namecheap-phish] Namecheap phishing Detection (@rxerium) [info]
  • [napa-phish] NAPA Auto Parts phishing Detection (@rxerium) [info]
  • [natwest-phish] NatWest phishing Detection (@rxerium) [info]
  • [netlify-phish] Netlify phishing Detection (@rxerium) [info]
  • [newegg-phish] Newegg phishing Detection (@rxerium) [info]
  • [nike-phish] Nike phishing Detection (@rxerium) [info]
  • [nintendo-phish] Nintendo phishing Detection (@rxerium) [info]
  • [nordvpn-phish] NordVPN phishing Detection (@rxerium) [info]
  • [obsidian-phish] Obsidian phishing Detection (@rxerium) [info]
  • [ocbc-phish] OCBC Bank phishing Detection (@rxerium) [info]
  • [okta-phish] Okta phishing Detection (@rxerium) [info]
  • [onlyfans-phish] OnlyFans phishing Detection (@rxerium) [info]
  • [oracle-cloud-phish] Oracle Cloud phishing Detection (@rxerium) [info]
  • [oreilly-phish] O'Reilly Auto Parts phishing Detection (@rxerium) [info]
  • [origin-phish] Origin phishing Detection (@rxerium) [info]
  • [overstock-phish] Overstock phishing Detection (@rxerium) [info]
  • [ovh-phish] OVHcloud phishing Detection (@rxerium) [info]
  • [pandora-phish] Pandora phishing Detection (@rxerium) [info]
  • [paramount-plus-phish] Paramount+ phishing Detection (@rxerium) [info]
  • [partsgeek-phish] PartsGeek phishing Detection (@rxerium) [info]
  • [patreon-phish] Patreon phishing Detection (@rxerium) [info]
  • [peacock-phish] Peacock phishing Detection (@rxerium) [info]
  • [pepboys-phish] Pep Boys phishing Detection (@rxerium) [info]
  • [philo-phish] Philo phishing Detection (@rxerium) [info]
  • [pia-phish] Private Internet Access phishing Detection (@rxerium) [info]
  • [playstation-phish] PlayStation phishing Detection (@rxerium) [info]
  • [pnc-bank-phish] PNC Bank phishing Detection (@rxerium) [info]
  • [poshmark-phish] Poshmark phishing Detection (@rxerium) [info]
  • [postmates-phish] Postmates phishing Detection (@rxerium) [info]
  • [priceline-phish] Priceline phishing Detection (@rxerium) [info]
  • [printful-phish] Printful phishing Detection (@rxerium) [info]
  • [printify-phish] Printify phishing Detection (@rxerium) [info]
  • [protonvpn-phish] ProtonVPN phishing Detection (@rxerium) [info]
  • [pubg-phish] PUBG phishing Detection (@rxerium) [info]
  • [puma-phish] Puma phishing Detection (@rxerium) [info]
  • [rabobank-phish] Rabobank phishing Detection (@rxerium) [info]
  • [rbc-phish] RBC phishing Detection (@rxerium) [info]
  • [redbubble-phish] Redbubble phishing Detection (@rxerium) [info]
  • [regions-bank-phish] Regions Bank phishing Detection (@rxerium) [info]
  • [revolut-phish] Revolut phishing Detection (@rxerium) [info]
  • [ring-phish] Ring phishing Detection (@rxerium) [info]
  • [riot-games-phish] Riot Games phishing Detection (@rxerium) [info]
  • [rite-aid-phish] Rite Aid phishing Detection (@rxerium) [info]
  • [roam-research-phish] Roam Research phishing Detection (@rxerium) [info]
  • [robinhood-phish] Robinhood phishing Detection (@rxerium) [info]
  • [rockauto-phish] RockAuto phishing Detection (@rxerium) [info]
  • [rocketchat-phish] Rocket.Chat phishing Detection (@rxerium) [info]
  • [rockstar-phish] Rockstar Games phishing Detection (@rxerium) [info]
  • [rockstar-social-club-phish] Rockstar Social Club phishing Detection (@rxerium) [info]
  • [roku-phish] Roku phishing Detection (@rxerium) [info]
  • [salesforce-phish] Salesforce phishing Detection (@rxerium) [info]
  • [sams-club-phish] Sam's Club phishing Detection (@rxerium) [info]
  • [santander-phish] Santander Bank phishing Detection (@rxerium) [info]
  • [scaleway-phish] Scaleway phishing Detection (@rxerium) [info]
  • [scotiabank-phish] Scotiabank phishing Detection (@rxerium) [info]
  • [scribd-phish] Scribd phishing Detection (@rxerium) [info]
  • [seamless-phish] Seamless phishing Detection (@rxerium) [info]
  • [segment-phish] Segment phishing Detection (@rxerium) [info]
  • [shein-phish] Shein phishing Detection (@rxerium) [info]
  • [shopify-phish] Shopify phishing Detection (@rxerium) [info]
  • [shutterfly-phish] Shutterfly phishing Detection (@rxerium) [info]
  • [sketch-phish] Sketch phishing Detection (@rxerium) [info]
  • [sling-phish] Sling TV phishing Detection (@rxerium) [info]
  • [snapchat-phish] Snapchat phishing Detection (@rxerium) [info]
  • [snapfish-phish] Snapfish phishing Detection (@rxerium) [info]
  • [societe-generale-phish] Société Générale phishing Detection (@rxerium) [info]
  • [society6-phish] Society6 phishing Detection (@rxerium) [info]
  • [sofi-phish] SoFi phishing Detection (@rxerium) [info]
  • [soundcloud-phish] SoundCloud phishing Detection (@rxerium) [info]
  • [spreadshirt-phish] Spreadshirt phishing Detection (@rxerium) [info]
  • [square-phish] Square phishing Detection (@rxerium) [info]
  • [squarespace-phish] Squarespace phishing Detection (@rxerium) [info]
  • [standard-chartered-phish] Standard Chartered phishing Detection (@rxerium) [info]
  • [starz-phish] Starz phishing Detection (@rxerium) [info]
  • [stockx-phish] StockX phishing Detection (@rxerium) [info]
  • [stripe-phish] Stripe phishing Detection (@rxerium) [info]
  • [substack-phish] Substack phishing Detection (@rxerium) [info]
  • [sumitomo-mitsui-phish] Sumitomo Mitsui Bank phishing Detection (@rxerium) [info]
  • [summit-racing-phish] Summit Racing phishing Detection (@rxerium) [info]
  • [suntrust-phish] SunTrust phishing Detection (@rxerium) [info]
  • [surfshark-phish] Surfshark phishing Detection (@rxerium) [info]
  • [td-bank-phish] TD Bank phishing Detection (@rxerium) [info]
  • [teepublic-phish] TeePublic phishing Detection (@rxerium) [info]
  • [teespring-phish] Teespring phishing Detection (@rxerium) [info]
  • [threadless-phish] Threadless phishing Detection (@rxerium) [info]
  • [tidal-phish] Tidal phishing Detection (@rxerium) [info]
  • [todoist-phish] Todoist phishing Detection (@rxerium) [info]
  • [tractor-supply-phish] Tractor Supply phishing Detection (@rxerium) [info]
  • [trello-phish] Trello phishing Detection (@rxerium) [info]
  • [tripadvisor-phish] TripAdvisor phishing Detection (@rxerium) [info]
  • [truist-phish] truist phishing Detection (@rxerium) [info]
  • [tutanota-phish] Tutanota phishing Detection (@rxerium) [info]
  • [twilio-phish] Twilio phishing Detection (@rxerium) [info]
  • [twitter-phish] Twitter/X phishing Detection (@rxerium) [info]
  • [typeform-phish] Typeform phishing Detection (@rxerium) [info]
  • [ubs-phish] UBS phishing Detection (@rxerium) [info]
  • [under-armour-phish] Under Armour phishing Detection (@rxerium) [info]
  • [unicredit-phish] UniCredit phishing Detection (@rxerium) [info]
  • [uob-phish] UOB phishing Detection (@rxerium) [info]
  • [uplay-phish] Uplay phishing Detection (@rxerium) [info]
  • [us-bank-phish] US Bank phishing Detection (@rxerium) [info]
  • [usps-phish] USPS phishing Detection (@rxerium) [info]
  • [valorant-phish] VALORANT phishing Detection (@rxerium) [info]
  • [varo-phish] Varo phishing Detection (@rxerium) [info]
  • [venmo-phish] Venmo phishing Detection (@rxerium) [info]
  • [vercel-phish] Vercel phishing Detection (@rxerium) [info]
  • [viber-phish] Viber phishing Detection (@rxerium) [info]
  • [visa-phish] Visa phishing Detection (@rxerium) [info]
  • [vistaprint-phish] Vistaprint phishing Detection (@rxerium) [info]
  • [vrbo-phish] VRBO phishing Detection (@rxerium) [info]
  • [vudu-phish] Vudu phishing Detection (@rxerium) [info]
  • [walgreens-phish] Walgreens phishing Detection (@rxerium) [info]
  • [wasabi-phish] Wasabi phishing Detection (@rxerium) [info]
  • [wayfair-phish] Wayfair phishing Detection (@rxerium) [info]
  • [webex-phish] Webex phishing Detection (@rxerium) [info]
  • [webflow-phish] Webflow phishing Detection (@rxerium) [info]
  • [wechat-phish] WeChat phishing Detection (@rxerium) [info]
  • [wells-fargo-phish] Wells Fargo phishing Detection (@rxerium) [info]
  • [westpac-phish] Westpac phishing Detection (@rxerium) [info]
  • [whereby-phish] Whereby phishing Detection (@rxerium) [info]
  • [wise-phish] Wise phishing Detection (@rxerium) [info]
  • [wish-phish] Wish phishing Detection (@rxerium) [info]
  • [wix-phish] Wix phishing Detection (@rxerium) [info]
  • [xbox-phish] Xbox phishing Detection (@rxerium) [info]
  • [youtube-music-phish] YouTube Music phishing Detection (@rxerium) [info]
  • [zapier-phish] Zapier phishing Detection (@rxerium) [info]
  • [zazzle-phish] Zazzle phishing Detection (@rxerium) [info]
  • [zelle-phish] Zelle phishing Detection (@rxerium) [info]
  • [zoho-phish] Zoho phishing Detection (@rxerium) [info]
  • [bulma-detect] Bulma CSS Framework - Detect (@Shivam Kamboj) [info]
  • [firstpromoter-detect] FirstPromoter - Detect (@Shivam Kamboj) [info]
  • [fullstory-rum-detect] FullStory RUM - Detect (@Shivam Kamboj) [info]
  • [hotjar-rum-detect] Hotjar RUM - Detect (@Shivam Kamboj) [info]
  • [logrocket-rum-detect] LogRocket RUM - Detect (@Shivam Kamboj) [info]
  • [matomo-rum-detect] Matomo (Piwik) RUM - Tech Detect (@Shivam Kamboj) [info]
  • [openreplay-rum-detect] OpenReplay RUM - Tech Detect (@Shivam Kamboj) [info]
  • [payloadcms-detect] PayloadCMS - Detect (@Shivam Kamboj) [info]
  • [raygun-rum-detect] Raygun RUM - Detect (@Shivam Kamboj) [info]
  • [sailsjs-detect] Sails.js Framework - Detect (@Shivam Kamboj) [info]
  • [vaadin-detect] Vaadin Framework - Detect (@Shivam Kamboj) [info]
  • [ektron-blog-xmlrpc-xxe] Ektron CMS Blogs xmlrpc.aspx - XML External Entity Injection (@pussycat0x) [high]
  • [theia-lfi-to-rce] Eclipse Theia IDE - LFI to RCE (@0x_Akoko) [critical]
  • [tinytiny-rss-redirect] TinyTiny RSS Open Redirect (@dhiyaneshdk) [low]
  • [wp-easy-wp-smtp-log-exposure] WordPress Easy WP SMTP - Log Exposure (@0x_Akoko) [medium]

New Contributors

Full Changelog: v10.3.7...v10.3.8

  • 命中:CVE, RCE, PoC/Exploit, Auth bypass/Unauth, Key product, High priority source

  • 链接:https://github.com/projectdiscovery/nuclei-templates/releases/tag/v10.3.8

  • Nuclei 模板 v10.3.5 - 发行说明

  • 风险:high / 分数:100
  • 来源:nuclei-templates releases
  • 摘要:

    New Templates Added: 57 | CVEs Added: 33

🔥 Release Highlights 🔥

What's Changed

Bug Fixes

False Negatives

False Positives

Enhancements

Templates Added

  • [CVE-2025-55182] React Server Components - Remote Code Execution (@dhiyaneshdk, @princechaddha, @assetnote, @lachlan2k, @maple3142, @Iamnooob) [critical] 🔥 (vKEV)
  • [CVE-2025-51586] PrestaShop - Information Disclosure (@mastercho) [medium] 🔥
  • [CVE-2025-47445] WordPress Eventin (Themewinter) ≤ 4.0.26 - Arbitrary File Download (@hnd3884) [high] 🔥 (vKEV)
  • [CVE-2025-11307] WP Google Maps < 9.0.48 - Cross-Site Scripting (@0x_Akoko) [high] 🔥
  • [CVE-2025-10211] ChanCMS <= 3.3.0 - Server-Side Request Forgery (@Yu_Bao) [medium]
  • [CVE-2025-10210] ChanCMS <= 3.3.0 - SQL Injection (@Yu_Bao) [medium]
  • [CVE-2025-5301] ONLYOFFICE Docs (DocumentServer) - Reflected Cross-Site Scripting (@theamanrawat) [medium]
  • [CVE-2024-47308] Templately <= 3.1.2 - Broken Access Control (@popcorn94) [medium] 🔥 (vKEV)
  • [CVE-2024-9161] Rank Math SEO < 1.0.229 - Unauthenticated User and Term Metadata Insert/Update/Deletion (@Kazgangap) [medium] 🔥 (vKEV)
  • [CVE-2024-6555] WP Popups - Information Disclosure (@theamanrawat) [medium]
  • [CVE-2024-6220] WordPress Keydatas ≤ 2.5.2 - Arbitrary File Upload (@hnd3884) [critical] 🔥 (vKEV)
  • [CVE-2023-41954] ProfilePress <= 4.13.1 — Unauthenticated Privilege Escalation (@daffainfo) [high] 🔥 (vKEV)
  • [CVE-2023-40211] Post Grid <= 2.2.50 - Information Exposure via REST API (@daffainfo) [high]
  • [CVE-2023-38875] PHP Login System 2.0.1 - Cross-Site Scripting (@0x_Akoko) [medium]
  • [CVE-2023-37999] HT Mega – Absolute Addons for Elementor <= 2.2.0 - Missing Authorization to Privilege Escalation (@daffainfo) [critical] 🔥 (vKEV)
  • [CVE-2023-30869] Easy Digital Downloads - Privilege Escalation (@daffainfo) [critical] 🔥 (vKEV)
  • [CVE-2023-5815] News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Local File Inclusion (@daffainfo) [high]
  • [CVE-2023-3277] MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation (@daffainfo) [critical] 🔥 (vKEV)
  • [CVE-2023-2734] MStore API <= 3.9.1 - Authentication Bypass (@daffainfo) [critical] 🔥 (vKEV)
  • [CVE-2022-34487] ShortCode Addons - Unauthenticated Options Update (@Sourabh-Sahu) [critical] 🔥 (vKEV)
  • [CVE-2022-33198] WordPress Accordions - Unauthenticated Settings Update (@riteshs4hu) [critical] 🔥 (vKEV)
  • [CVE-2022-31101] Prestashop Blockwishlist 2.1.0 SQL Injection (@mastercho) [high] 🔥
  • [CVE-2022-28666] Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update (@Sourabh-Sahu) [medium]
  • [CVE-2022-0879] Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting (@0x_Akoko) [medium]
  • [CVE-2021-36888] WordPress Image Hover Ultimate - Unauthenticated Settings Update (@riteshs4hu) [critical] 🔥 (vKEV)
  • [CVE-2021-23394] elFinder < 2.1.58 - Remote Code Execution (@0xanis) [high]
  • [CVE-2021-4073] RegistrationMagic <= 5.0.1.7 - Authentication Bypass (@daffainfo) [critical] 🔥 (vKEV)
  • [CVE-2020-11732] Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion (@Sourabh-Sahu) [high]
  • [CVE-2019-25213] WordPress Advanced Access Manager - Path Traversal (@riteshs4hu) [critical] 🔥 (vKEV)
  • [CVE-2019-17671] WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts (@0x_Akoko) [medium]
  • [CVE-2019-14950] WP Live Chat Support <= 8.0.27 — Stored Cross-Site Scripting (@daffainfo) [medium]
  • [CVE-2019-10647] ZZZCMS ZZZPHP 1.6.3 – Remote PHP Code Execution (RCE) (@Sourabh-Sahu) [critical]
  • [CVE-2018-17082] Apache2 - Transfer-Encoding Chunked XSS (@dhiyaneshdk) [medium]
  • [google-storage-csp-bypass] Content-Security-Policy Bypass - Google Storage (@0x_Akoko) [medium]
  • [spf-limit-lookup] SPF record DNS lookup limit (@theamanrawat) [info]
  • [redis-commander-default-login] Redis Commander - Default Login (@dhiyaneshdk) [high]
  • [ship-manager-dnv] Ship Manager DNV - Panel (@rxerium) [info]
  • [apache-hive-config] Apache Hive Configuration - Exposure (@icarot) [medium]
  • [codeclimate-config-exposure] CodeClimate Configuration File - Exposure (@0x_Akoko) [info]
  • [deprecated-feature-policy] Deprecated Feature-Policy Header - Detection (@ritikchaddha) [info]
  • [expect-ct-misconfigured] Expect-CT Header - Misconfigured (@theamanrawat) [info]
  • [jenkins-users-exposure] Jenkins Users - Exposure (@theamanrawat) [info]
  • [kafka-api-cluster] Kafka Operation API - Cluster (@dhiyaneshdk) [high]
  • [unauth-munin] Munin Monitoring Dashboard - Exposure (@0x_Akoko) [medium]
  • [weak-csp-detect] Weak Content Security Policy - Detect (@pussycat0x) [low]
  • [apache-hive-detect] Apache Hive - Detect (@icarot) [info]
  • [apache-httpd-eol] Apache HTTP Server End-of-Life - Detect (@Shivam Kamboj) [info]
  • [laravel-eol] Laravel End-of-Life Detection (@Shivam Kamboj) [info]
  • [nginx-eol] Nginx End-of-Life - Detect (@Shivam Kamboj) [info]
  • [php-eol] PHP End-of-Life - Detect (@Shivam Kamboj) [info]
  • [sharepoint-lists-api-disclosure] Microsoft SharePoint - List API Disclosure (@theamanrawat) [low]
  • [wp-bbpress-fpd] WordPress bbPress Plugin - Full Path Disclosure (@0x_Akoko) [info]
  • [wp-fastest-cache-fpd] WordPress WP Fastest Cache Plugin - Full Path Disclosure (@0x_Akoko) [info]
  • [wp-mailchimp-for-wp-fpd] WordPress Mailchimp for WordPress Plugin - Full Path Disclosure (@0x_Akoko) [info]
  • [wp-twentyfifteen-fpd] WordPress Twenty Fifteen Theme - Full Path Disclosure (@0x_Akoko) [info]
  • [dameng-detect] Dameng Database - Detect (@pussycat0x) [info]
  • [vnc-workflow] VNC Security Checks (@pussycat0x) [unknown]

New Contributors

Full Changelog: v10.3.4...v10.3.5

  • 命中:CVE, RCE, PoC/Exploit, Auth bypass/Unauth, Key product, High priority source

  • 链接:https://github.com/projectdiscovery/nuclei-templates/releases/tag/v10.3.5

  • Nuclei 模板 v10.3.4 - 发行说明

  • 风险:high / 分数:100
  • 来源:nuclei-templates releases
  • 摘要:

    New Templates Added: 68 | CVEs Added: 27 | First-time contributions: 11 | Bounties rewarded: 3

🔥 Release Highlights 🔥

What's Changed

💰 Bounties Rewarded 💰

Bug Fixes

False Negatives

  • FIX [FALSE-NEGATIVE] error-logs template fails to detect exposed log files without Content-Type header (PR #14025).
  • chore: remove redundant condition in CVE-2024-9047.yaml (PR #13496).
  • [FALSE-NEGATIVE] error-logs template fails to detect exposed log files without Content-Type header (Issue #13519).

False Positives

Enhancements

Templates Added

  • [CVE-2025-64764] Astro - Reflected XSS via server islands feature (@dhiyaneshdk, @zhero___) [high] 🔥
  • [CVE-2025-64525] Astro - Broken Access Control (@zhero___, @dhiyaneshdk) [medium] 🔥
  • [CVE-2025-61757] Oracle Identity Manager REST WebServices - Authentication Bypass (@ritikchaddha) [critical] 🔥 (vKEV)
  • [CVE-2025-58360] GeoServer - XML External Entity Injection (@lbb, @xbow, @darses) [high] 🔥
  • [CVE-2025-55523] Agent-Zero 0.8.0 - 0.9.4 - Arbitrary File Download (@0x_Akoko) [high]
  • [CVE-2025-49706] Microsoft SharePoint Server - Authentication Bypass (@daffainfo) [medium] 🔥 (vKEV)
  • [CVE-2025-27915] Zimbra - Cross-Site Scripting via ICS Files (@Snbig, @EhsanCreator, @eliotworkspac-max) [medium] 🔥 (vKEV)
  • [CVE-2025-13315] Twonky Server 8.5.2 on Linux and Windows - Log File Exposure (@pussycat0x) [critical]
  • [CVE-2025-12055] MPDV Mikrolab GmbH HYDRA X, MIP 2 & FEDRA 2 - Path Traversal (@theamanrawat) [high]
  • [CVE-2025-11833] Post SMTP <= 3.6.0 - Email Log Disclosure (@Kazgangap) [critical] 🔥 (vKEV)
  • [CVE-2025-11700] N-central - XML External Entities Injection (@dhiyaneshdk, @horizon3ai) [high]
  • [CVE-2025-10204] AC Smart II - Authentication Bypass (@theeldruin) [high]
  • [CVE-2025-9316] N-central - Authentication Bypass (@dhiyaneshdk, @horizon3ai) [medium]
  • [CVE-2025-7901] yangzongzhuan RuoYi - DOM Based XSS (@nikhil Patidar) [medium]
  • [CVE-2024-53995] SickChill - Open Redirect (@omarkurt) [low]
  • [CVE-2024-20404] Cisco Finesse - Server-Side Request Forgery (SSRF) (@0x_Akoko) [medium] 🔥
  • [CVE-2022-29081] Zoho ManageEngine - Access Control Bypass (@0xanis) [critical] 🔥 (vKEV)
  • [CVE-2021-34427] Eclipse BIRT Viewer - Remote Code Execution (@us3r777, @synacktiv) [critical] 🔥
  • [CVE-2021-4462] Employee Records System 1.0 - Unauthenticated File Upload RCE (@JosephTTD) [critical] 🔥 (vKEV)
  • [CVE-2021-4449] ZoomSounds Plugin - Unauthenticated Arbitrary File Upload (@0xnemian) [critical] 🔥 (vKEV)
  • [CVE-2019-19825] TOTOLINK/Realtek Routers - CAPTCHA Bypass (@ritikchaddha) [critical]
  • [CVE-2019-19823] TOTOLINK/Realtek Routers - Information Disclosure (@ritikchaddha) [high]
  • [CVE-2019-19822] TOTOLINK/Realtek Routers - Information Disclosure (@ritikchaddha) [high]
  • [CVE-2018-13317] TOTOLINK A3002RU 1.0.8 - Information Disclosure (@ritikchaddha) [medium]
  • [CVE-2017-17092] WordPress < 4.9.1 - Authenticated JavaScript File Upload (@0x_Akoko) [medium]
  • [CVE-2017-14725] WordPress < 4.8.2 - Authenticated Open Redirect (@0x_Akoko) [medium]
  • [CVE-2017-5983] JIRA Workflow Designer Plugin in Atlassian JIRA Server > 6.3.0 - Remote Code Execution (XXE) (@us3r777, @synacktiv) [critical] 🔥
  • [jquery-cdn-csp-bypass] Content-Security-Policy Bypass - jQuery CDN (@0x_Akoko) [medium]
  • [shai-hulud-supply-chain] Shai Hulud 2.0 - Supply Chain Malware Detection (@princechaddha, @wiz-research) [critical]
  • [traggo-default-login] Traggo - Default Login (@0x_Akoko) [high]
  • [vtigercrm-default-login] Vtiger CRM - Default Login (@icarot) [high]
  • [cluster-trino-panel] Cluster Overview Trino - Panel (@dhiyaneshdk) [info]
  • [vtigercrm-exposed-directory] Vtiger CRM - Exposed Directory (@icarot) [low]
  • [crypto-address-detect] Exposed Cryptocurrency Wallet Address (@rxerium) [info]
  • [aem-anonymous-write] Adobe Experience Manager (AEM) - Anonymous JCR Node Creation (@dhiyaneshdk, @0ang3el) [high]
  • [blackbox-exporter-exposure] Blackbox Exporter - Exposure (@dhiyaneshdk) [high]
  • [cluster-trino-admin-login] Cluster Overview Trino - Admin Login (@dhiyaneshdk) [high]
  • [csp-script-src-wildcard] Content-Security-Policy "script-src" Wildcard Detected (@prithiv) [medium]
  • [memtracker-exposure] MemTracker - Exposure (@dhiyaneshdk) [high]
  • [sharepoint-files-disclosure] Microsoft SharePoint Files Disclosure (@pussycat0x) [info]
  • [sharepoint-layouts-disclosure] Microsoft SharePoint - Layouts Disclosure (@dhiyaneshdk) [low]
  • [sharepoint-masterpage-disclosure] Microsoft SharePoint - Master Page Disclosure (@dhiyaneshdk) [low]
  • [sharepoint-site-metadata-disclosure] Microsoft SharePoint - Site Metadata Disclosure (@0x_Akoko) [low]
  • [sharepoint-sitepages-disclosure] Microsoft SharePoint - Site Pages Disclosure (@pussycat0x) [low]
  • [nginx-status-403-bypass] Nginx Status Page - 403 Bypass (@pussycat0x) [low]
  • [postgresql-cluster-config] PostgreSQL Cluster - Configuration (@dhiyaneshdk) [high]
  • [postrest-api-exposure] PostgREST API Server - Exposure (@dhiyaneshdk) [high]
  • [unauth-akhq-dashboard] AKHQ Dashboard - Unauthenticated Access (@dhiyaneshdk) [high]
  • [unauth-hawkeye-dashboard] Unauth Hawkeye Dashboard - Detect (@dhiyaneshdk) [high]
  • [unauth-kafka-config-editor] Kafka Config Editor - Unauthenticated Access (@dhiyaneshdk) [high]
  • [unauth-phoenix-dashboard] Unauth Phoenix Dashboard - Detect (@dhiyaneshdk) [high]
  • [unauth-qdrantui] Qdrant UI - Unauthenticated Access (@dhiyaneshdk) [high]
  • [unauth-supervisor-dashboard] Unauth Supervisor Dashboard - Detect (@dhiyaneshdk) [high]
  • [agent-zero-detect] Agent-Zero Application - Detect (@0x_Akoko) [info]
  • [cisco-finesse-detect] Cisco Finesse - Detect (@0x_Akoko) [info]
  • [flower-detect] Flower - Detect (@righettod) [info]
  • [sharepoint-web-services-discovery] Microsoft SharePoint - Web Services Discovery (@0x_Akoko) [info]
  • [nostromo-detect] Nostromo Web Server (@Shivam Kamboj) [info]
  • [odoo-detection] Odoo - Detect (@keyboard-slayer) [info]
  • [traggo-server-detect] Traggo Time Tracking Server - Detect (@0x_Akoko) [info]
  • [vtigercrm-detect] Vtiger CRM - Detect (@icarot) [info]
  • [winstone-detect] Winstone Servlet Engine (@Shivam Kamboj) [info]
  • [wp-security-hidden-login-exposure] WordPress All-in-One Security <=4.4.1 - Hidden Login Page Exposure (@theamanrawat) [medium]
  • [wp-twenty-theme-fpd] WordPress Twenty Seventeen - Full Path Disclosure (@dhiyaneshdk) [low]
  • [wp-twentysixteen-fpd] WordPress Twenty Sixteen - Full Path Disclosure (@theamanrawat) [low]
  • [wp-twentytwenty-fpd] WordPress Twenty Twenty Theme - Full Path Disclosure (@0x_Akoko) [info]
  • [functions-php-disclosure] functions.php Full Path Disclosure (@pussycat0x) [low]
  • [yonyou-u9-patchfile-upload] Yonyou U9 PatchFile.asmx - Unauthenticated Arbitrary File Upload (@Co5mos, @projectdiscoveryai) [critical]

New Contributors

Full Changelog: v10.3.2...v10.3.3

  • 命中:CVE, RCE, PoC/Exploit, Auth bypass/Unauth, Key product, High priority source

  • 链接:https://github.com/projectdiscovery/nuclei-templates/releases/tag/v10.3.4

  • Nuclei 模板 v10.4.0 – 发行说明

  • 风险:high / 分数:95
  • 来源:nuclei-templates releases
  • 摘要:

    New Templates Added: 94 | CVEs Added: 47 | First-time contributions: 12

🔥 Release Highlights 🔥

What's Changed

Bug Fixes

False Negatives

  • Fixed exposed-svn.yaml failing to detect valid SVN repositories despite receiving 200 OK responses (Issue #15060)

False Positives

Enhancements

  • Enriched classification metadata (CVE IDs, CVSS scores, CPEs, NVD references) across multiple templates (PRs #15578, #15589, #15369, #15370, #15371)
  • Updated ClawdBot Gateway exposure template with improved detection logic (PR #15548)
  • Renamed Forcepoint Login panel template to follow naming conventions (PR #15582)

Templates Added

  • [CVE-2026-27971] Qwik - Unauthenticated RCE via server$ Deserialization (@omarkurt) [critical] 🔥
  • [CVE-2026-27944] Nginx UI < 2.3.3 - Information Disclosure (@omarkurt) [critical] 🔥
  • [CVE-2026-27645] Changedetection.io RSS Single Watch - Cross-Site Scripting (@0x_Akoko) [medium]
  • [CVE-2026-25512] Group-Office < 26.0.5 - Remote Code Execution (@omarkurt) [critical]
  • [CVE-2026-23829] Mailpit < 1.28.2 - SMTP CRLF Injection (@omarkurt) [medium]
  • [CVE-2026-2413] Ally – Web Accessibility & Usability <= 4.0.3 - SQL Injection (@Shivam Kamboj) [high]
  • [CVE-2026-1603] Ivanti Endpoint Manager - Authentication Bypass (@dhiyaneshdk, @watchtowrlabs) [high] (KEV) (vKEV) 🔥
  • [CVE-2026-1492] WordPress User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation (@omarkurt) [critical] (vKEV) 🔥
  • [CVE-2026-1357] WPvivid Backup & Migration <= 0.9.123 - Arbitrary File Upload (@omarkurt) [critical] (vKEV) 🔥
  • [CVE-2026-0829] Frontend File Manager Plugin <= 23.5 - Unauthenticated Arbitrary Email Sending (@0x_Akoko) [high]
  • [CVE-2026-0770] Langflow < 1.3.0 - Remote Code Execution via validate_code() exec() (@affix) [critical] (vKEV) 🔥
  • [CVE-2025-71243] SPIP Saisies - Remote Code Execution (@omarkurt) [critical] 🔥
  • [CVE-2025-69971] FUXA <= 1.2.7 - Hardcoded JWT Secret Authentication Bypass (@trader642) [critical]
  • [CVE-2025-64328] FreePBX >= 17.0.2.36 && < 17.0.3 - Authenticated Command Injection (@_th3y) [critical] (KEV) (vKEV) 🔥
  • [CVE-2025-62780] ChangeDetection.io <= v0.50.33 - Stored XSS via Watch API (@0x_Akoko) [medium]
  • [CVE-2025-62613] VDO.Ninja - DOM-Based Cross-Site Scripting (@0x_Akoko) [medium]
  • [CVE-2025-54726] WordPress JS Archive List <= 6.1.5 - SQL Injection (@Shivam Kamboj) [high]
  • [CVE-2025-48281] MyStyle Custom Product Designer <= 3.21.1 - SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2025-40554] SolarWinds Web Help Desk - Authentication Bypass (@Bushi-gg) [critical] 🔥
  • [CVE-2025-40552] SolarWinds Web Help Desk - Authentication Bypass (@watchtowr, @dhiyaneshdk) [critical] 🔥
  • [CVE-2025-40536] SolarWinds Web Help Desk < 12.8.8 Hotfix 1 (HF1) - Security Control Bypass (@inokii) [high] (KEV) (vKEV) 🔥
  • [CVE-2025-32355] Rocket TRUfusion Enterprise - Server Side Request Forgery (@princechaddha, @rcesecurity, @dhiyaneshdk) [high]
  • [CVE-2025-27506] NocoDB < 0.258.0 - Reflected XSS in Password Reset (@0x_Akoko) [medium]
  • [CVE-2025-22785] Course Booking System <= 6.0.6 - SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2024-43965] SendGrid for WordPress <= 1.4 - SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2024-37261] WP-Lister Lite for Amazon <= 2.6.16 - Cross-Site Scripting (@Kazgangap) [medium] (vKEV) 🔥
  • [CVE-2024-30502] WP Travel Engine <= 5.7.9 - SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2024-30498] CRM Perks Forms <= 1.1.4 - SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2024-30464] WPZOOM Social Icons Widget <= 4.2.15 - Missing Authorization (@pussycat0x) [medium]
  • [CVE-2024-12025] WordPress Collapsing Categories <= 3.0.8 - SQL Injection (@Shivam Kamboj) [high]
  • [CVE-2024-9765] EKC Tournament Manager WordPress plugin - Path Traversal (@Sourabh-Sahu) [medium]
  • [CVE-2024-9643] Four-Faith F3x36 - Authentication Bypass (@trader642) [critical] (vKEV) 🔥
  • [CVE-2024-8625] WordPress TS Poll < 2.4.0 - SQL Injection (@riteshs4hu) [high]
  • [CVE-2023-50839] JS Help Desk <= 2.8.1 - SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2023-40600] EWWW Image Optimizer <= 7.2.0 - Unauthenticated Information Disclosure (@Shivam Kamboj) [medium]
  • [CVE-2023-32590] Subscribe to Category <= 2.7.4 - SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2023-7337] JS Help Desk <= 2.8.2 - SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2023-6030] LogDash Activity Log <= 1.1.3 - SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2023-5652] WP Hotel Booking <= 2.0.7 - SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2023-5203] WP Sessions Time Monitoring Full Automatic <= 1.0.8 - SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2023-3643] CAREL Boss Mini <= 1.4.0 - Local File Inclusion (@Kazgangap) [critical]
  • [CVE-2023-3452] WordPress Canto Plugin <= 3.0.4 - File Inclusion (@omarkurt) [critical] 🔥
  • [CVE-2022-44588] Cryptocurrency Widgets Pack <= 1.8.1 - SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2022-1453] RSVPMaker <= 9.2.5 - SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2022-0439] Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection (@Shivam Kamboj) [high]
  • [CVE-2021-28481] Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound) (@daffainfo) [critical] (vKEV) 🔥
  • [CVE-2021-28480] Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound) (@daffainfo) [critical] 🔥
  • [apache-syncope-default-login] Apache Syncope - Default Login (@icarot) [high]
  • [circutor-default-login] Circutor Line-TCPRS1 - Default Login (@s4e-io) [high]
  • [gitness-default-login] Gitness - Default Login (@0x_Akoko) [high]
  • [carel-boss-mini-panel] CAREL Boss Mini - Login Panel Detected (@Kazgangap) [info]
  • [hpe-autopass-panel] HPE AutoPass License Server - Panel Detection (@Kylianghd) [info]
  • [recoverpoint-panel] Dell EMC RecoverPoint Panel - Detect (@rxerium) [info]
  • [ypareo-panel] YPAREO Panel - Detect (@righettod) [info]
  • [interswitch-webpay] Interswitch Webpay - Credentials Exposure (@LloydCoder) [info]
  • [paystack-secret-live] Paystack Secret/Live Key - Exposure (@LloydCoder) [info]
  • [remita-credentials] Remita Merchant ID & API Key - Exposure (@LloydCoder) [low]
  • [sportybet-api] SportyBet / BetKing Admin or API Token - Exposure (@LloydCoder) [info]
  • [wix-detect] Wix Detection (@chirag Mistry) [info]
  • [apache-syncope-detect] Apache Syncope - Detect (@icarot) [info]
  • [bentoml-detect] BentoML Prediction Service - Detection (@rxerium) [info]
  • [bigcommerce-detect] BigCommerce Detection (@chirag Mistry) [info]
  • [bitrix-detect] Bitrix Detection (@chirag Mistry) [info]
  • [blogger-detect] Blogger Detection (@chirag Mistry) [info]
  • [cloudflare-speedtest] Cloudflare Speedtest - Detect (@dhiyaneshdk) [info]
  • [comfyui-detect] ComfyUI - Detect (@rxerium) [info]
  • [concrete5-detect] Concrete5 Detection (@chirag Mistry) [info]
  • [django-detect] Django Detection (@chirag Mistry) [info]
  • [jaeger-eol] Jaeger End-of-Life - Detect (@Shivam Kamboj) [info]
  • [msexchange-eol] Microsoft Exchange Server End-of-Life - Detect (@Shivam Kamboj) [info]
  • [plesk-eol] Plesk End-of-Life - Detect (@Shivam Kamboj) [info]
  • [squid-eol] Squid End-of-Life - Detect (@Shivam Kamboj) [info]
  • [wordpress-eol] WordPress End-of-Life - Detect (@Shivam Kamboj) [info]
  • [expressionengine-detect] ExpressionEngine Detection (@chirag Mistry) [info]
  • [feast-detect] Feast Feature Store - Detect (@rxerium) [info]
  • [flask-detect] Flask Detection (@chirag Mistry) [info]
  • [mezzanine-cms-detect] Mezzanine CMS - Detect (@chirag Mistry) [info]
  • [opencart-detect] OpenCart Detection (@chirag Mistry) [info]
  • [openspeedtest-speedtest] OpenSpeedTest - Detect (@dhiyaneshdk) [info]
  • [oscommerce-detect] osCommerce Detection (@chirag Mistry) [info]
  • [pocketbase-detect] PocketBase Detection (@aykutgokbulut) [info]
  • [portkey-ai-detect] Portkey AI Detection (@rxerium) [info]
  • [prefect-detect] Prefect - Detect (@rxerium) [info]
  • [shopify-detect] Shopify Detection (@chirag Mistry) [info]
  • [silverstripe-detect] SilverStripe Detection (@chirag Mistry) [info]
  • [squarespace-detect] Squarespace Detection (@chirag Mistry) [info]
  • [weaviate-console-detect] Weaviate Console - Detect (@rxerium) [info]
  • [weebly-detect] Weebly Detection (@chirag Mistry) [info]
  • [user-registration] WordPress User Registration & Membership Plugin Detection (@omarkurt) [info]
  • [limesurvey-open-redirect] LimeSurvey - Open Redirect via editorLink (@melvin Lammerts) [medium]
  • [dagu-rce] Dagu Workflow Engine - Remote Code Execution (@omarkurt) [critical]
  • [gradio-file-redirect] Gradio - Open Redirect (@neo-ai-engineer, @dhiyaneshdk) [low]
  • [vlife-fastjson-rce] Vlife FastJSON - Remote Code Execution (@omarkurt) [critical]
  • [maverick-ssh-detect] Maverick SSH Service - Detect (@johnk3r) [info]

New Contributors

Full Changelog: v10.3.9...v10.4.0

  • 命中:CVE, RCE, PoC/Exploit, Auth bypass/Unauth, Key product, High priority source, Low value/marketing

  • 链接:https://github.com/projectdiscovery/nuclei-templates/releases/tag/v10.4.0

  • Nuclei 模板 v10.3.9 – 发行说明

  • 风险:high / 分数:95
  • 来源:nuclei-templates releases
  • 摘要:

    New Templates Added: 182 | CVEs Added: 116 | First-time contributions: 7

🔥 Release Highlights 🔥

What's Changed

Bug Fixes

False Negatives

  • Fixed false negative in CVE-2025-24963 on Linux targets (Ubuntu/Debian) due to strict /etc/passwd matching (PR #15301, Issue #15205)

False Positives

  • Reduced false positives in wp-wps-hide-login-log template that triggered on non-WordPress SPA sites (PR #15096, Issue #15089)
  • Fixed false positives in CVE-2021-35042 matcher — status_code == 500 alone was triggering on generic 500 pages (PR #15250)
  • Made matchers for weak-csp-detect more granular to avoid duplicate matching results (PR #15123)
  • Improved weak CSP detection logic, fixed matcher conditions and corrected regex typo (PR #15014)

Enhancements

  • Enhanced Cisco UCM username enumeration template to extract usernames, emails, and phone numbers added 3 new Cisco UCM templates (PR #15049)
  • Refactored Open WebUI template to make detection more generic (PR #15251)
  • Rewrote templates from RAW HTTP to normal HTTP for clustering support, saving ~150 requests per scan (PR #14743)
  • Added additional path to Tomcat detection for malformed URL error page disclosure (PR #15056)
  • Added various DNS templates — DMARC, SPF, DKIM, etc. (PR #14784)
  • Added ACME Challenge Detect template (PR #15058)

Templates Added

  • [CVE-2026-25892] Adminer 4.6.2 - 5.4.1 Unauthenticated Persistent DoS (@dhiyaneshdk) [high] 🔥
  • [CVE-2026-24128] XWiki Platform Distribution Flavor Main - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2026-23744] MCPJam Inspector - Remote Code Execution (@louay-075) [critical] 🔥
  • [CVE-2026-22812] OpenCode < 1.0.216 - Unauthenticated Remote Code Execution (@princechaddha) [high] 🔥
  • [CVE-2026-21891] ZimaOS - Authentication Bypass (@dhiyaneshdk) [critical] 🔥
  • [CVE-2026-21877] n8n >= 0.123.0 and < 1.121.3 - Remote Code Execution (@s4e-io) [critical] 🔥
  • [CVE-2026-1731] BeyondTrust Remote Support - Unauthenticated WebSocket RCE (@attackerkb, @hacktron, @pdteam) [critical] (KEV) 🔥
  • [CVE-2026-1207] Django RasterField - SQL Injection (@omarkurt) [high] 🔥
  • [CVE-2026-0594] WordPress List Site Contributors < 1.1.8 - Reflected XSS (@m4sh_wacker) [medium]
  • [CVE-2025-68509] User Submitted Posts <= 20251121 - Unauthenticated Open Redirect (@Shivam Kamboj) [medium]
  • [CVE-2025-66744] Yonyou YonBIP - Path Traversal (@dhiyaneshdk) [high]
  • [CVE-2025-54068] Laravel Livewire v3 - Remote Command Execution (@flame-11) [critical] 🔥
  • [CVE-2025-40551] SolarWinds Web Help Desk < 2026.1 - Unauthenticated JNDI Injection RCE (@Horizon3.ai) [critical] (KEV) 🔥
  • [CVE-2025-32257] 1 Click WordPress Migration <= 2.2 - Unauthenticated Information Disclsoure (@pussycat0x) [medium]
  • [CVE-2025-28242] DAEnetIP4 METO v1.25 - Session Hijacking (@0x_Akoko) [high]
  • [CVE-2025-24786] WhoDB < 0.45.0 - Path Traversal (@basicbeny) [high]
  • [CVE-2025-24582] 12 Step Meeting List < 3.16.6 - Unauthenticated Sensitive Information Exposure (@pussycat0x) [medium]
  • [CVE-2025-22214] Landray EIS SQL注入漏洞 (@ark) [critical]
  • [CVE-2025-15503] Sangfor OSM - Arbitrary File Upload (@ark) [critical]
  • [CVE-2025-14528] D-Link DIR-803 - Authentication Bypass (@dhiyaneshdk) [high] 🔥
  • [CVE-2025-14155] Premium Addons for Elementor - Unauthenticated Information Disclosure (@dhiyaneshdk) [medium]
  • [CVE-2025-13956] LearnPress < 4.3.2 - Broken Access Control (@pussycat0x) [medium]
  • [CVE-2025-13138] WP Directory Kit <= 1.4.3 - Unauthenticated SQL Injection (@Shivam Kamboj) [high]
  • [CVE-2025-11368] LearnPress < 4.3.0 - Arbitrary Callback Execution to Information Exposure (@pussycat0x) [medium]
  • [CVE-2025-10353] Melis Technology Melis Platform - Unrestricted File Upload & Remote Code Execution (@ohmygod20260203) [critical]
  • [CVE-2025-10090] Jinher OA - SQL Injection (@dhiyaneshdk) [high]
  • [CVE-2025-8266] ChanCMS <= 3.1. - Remote Code Execution (@ark) [critical]
  • [CVE-2025-4652] Broadstreet WordPress plugin - Reflected XSS (@Sourabh-Sahu) [medium]
  • [CVE-2025-4078] Wangshen SecGate 3600 Path Traversal Vulnerability (@ark) [medium]
  • [CVE-2025-2611] ICTBroadcast - Command Injection (@Chocapikk) [critical] (vKEV) 🔥
  • [CVE-2025-1338] NUUO Camera <=20250203 - OS Command Injection (@ark) [critical]
  • [CVE-2025-1303] Plugin Oficial – Getnet para WooCommerce <= 1.8.0 - Cross-Site Scripting (@Shivam Kamboj) [medium]
  • [CVE-2025-1232] Site Reviews < 7.2.5 - Unauthenticated Stored XSS (@0x_Akoko) [high]
  • [CVE-2024-43283] Contest Gallery - Broken Access Control (@popcorn94) [medium]
  • [CVE-2024-37259] WP Extended < 3.0.0 - Stored Cross-Site Scripting (@0xanis) [medium]
  • [CVE-2024-32128] WordPress Realtyna Organic IDX Plugin <= 4.14.4 - Unauthenticated SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2024-30490] ProfileGrid <= 5.7.8 - SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2024-14015] Studiocart <= 2.9.0 - Cross-Site Scripting (@Shivam Kamboj) [medium]
  • [CVE-2024-13727] MemberSpace WordPress - Cross-Site Scripting (@Sourabh-Sahu) [medium]
  • [CVE-2024-13634] Post Sync Plugin <= 1.1 - Cross-Site Scripting (@Sourabh-Sahu) [medium]
  • [CVE-2024-13630] NewsTicker <= 1.0 - Reflected Cross-Site Scripting (@Sourabh-Sahu) [medium]
  • [CVE-2024-13628] WP Pricing Table - Reflected XSS (@Sourabh-Sahu) [medium]
  • [CVE-2024-13627] OWL Carousel Slider - Cross-Site Scripting (@Sourabh-Sahu) [medium]
  • [CVE-2024-13625] Tube Video Ads Lite - Reflected XSS (@Sourabh-Sahu) [high]
  • [CVE-2024-13619] LifterLMS < 8.0.1 - Cross-Site Scripting (@Shivam Kamboj) [medium]
  • [CVE-2024-13609] WordPress 1 Click Migration Plugin < 2.3 - Information Exposure (@pussycat0x) [medium]
  • [CVE-2024-13570] WordPress Stray Random Quotes <= 1.9.9 - Cross-Site Scripting (@Sourabh-Sahu) [medium]
  • [CVE-2024-13569] WordPress Front End Users - Reflected XSS (@Sourabh-Sahu) [high]
  • [CVE-2024-13543] Zarinpal Paid Download - Reflected XSS (@Sourabh-Sahu) [medium]
  • [CVE-2024-13492] Guten Free Options - Cross Site Scripting (@Sourabh-Sahu) [medium]
  • [CVE-2024-13352] Legull WordPress - Cross-Site Scripting (@Sourabh-Sahu) [high]
  • [CVE-2024-13331] WP Dream Carousel < 1.0.1b - Cross-Site Scripting (@Sourabh-Sahu) [medium]
  • [CVE-2024-13330] JustRows WordPress - Cross-Site Scripting (@Sourabh-Sahu) [high]
  • [CVE-2024-13328] Giga Messenger WordPress - Cross-Site Scripting (@Sourabh-Sahu) [medium]
  • [CVE-2024-13327] Musicbox WordPress - Reflected XSS (@Sourabh-Sahu) [medium]
  • [CVE-2024-13326] iBuildApp <= 0.2.0 - Reflected Cross-Site Scripting (@Sourabh-Sahu) [medium]
  • [CVE-2024-13325] Glossy WordPress - Reflected XSS (@Sourabh-Sahu) [medium]
  • [CVE-2024-13226] A5 Custom Login Page - Reflected XSS (@Sourabh-Sahu) [medium]
  • [CVE-2024-13225] ECT Home Page Products - Reflected XSS (@Sourabh-Sahu) [medium]
  • [CVE-2024-13224] SlideDeck 1 Lite Content Slider - Cross-Site Scripting (@Sourabh-Sahu) [medium]
  • [CVE-2024-13222] WordPress User Messages <= 1.2.4 - Reflected XSS (@Sourabh-Sahu) [medium]
  • [CVE-2024-13221] Fantastic ElasticSearch Plugin <= 4.1.0 - Cross-Site Scripting (@Sourabh-Sahu) [medium]
  • [CVE-2024-13220] WordPress Google Map Professional - Cross-Site Scripting (@Sourabh-Sahu) [medium]
  • [CVE-2024-13219] Privacy Policy Genius - Cross-Site Scripting (@Sourabh-Sahu) [medium]
  • [CVE-2024-13114] WP Projects Portfolio <= 3.0 - Cross-Site Scripting (@Sourabh-Sahu) [medium]
  • [CVE-2024-13112] WP MediaTagger <= 4.1.1 - Cross-Site Scripting (@Sourabh-Sahu) [medium]
  • [CVE-2024-13099] Widget4Call WordPress - Cross-Site Scripting (@Sourabh-Sahu) [medium]
  • [CVE-2024-13098] WordPress Email Newsletter - Reflected XSS (@Sourabh-Sahu) [medium]
  • [CVE-2024-13097] WP Finance Plugin <= 1.3.6 - Cross-Site Scripting (@Sourabh-Sahu) [medium]
  • [CVE-2024-13094] WP Triggers Lite - Cross-Site Scripting (@Sourabh-Sahu) [high]
  • [CVE-2024-13055] Dyn Business Panel Plugin <= 1.0.0 - Cross-Site Scripting (@Sourabh-Sahu) [high]
  • [CVE-2024-12878] Lazy Blocks <= 3.8.2 - Cross-Site Scripting (@Shivam Kamboj) [medium]
  • [CVE-2024-12873] Custom Field Manager WordPress - Cross-Site Scripting (@Sourabh-Sahu) [medium]
  • [CVE-2024-12749] WordPress Competition Form Plugin <= 2.0 - Cross-Site Scripting (@Sourabh-Sahu) [high]
  • [CVE-2024-12737] WP BASE Booking - Reflected XSS (@Sourabh-Sahu) [medium]
  • [CVE-2024-12734] Advance Post Prefix WordPress plugin - Reflected XSS (@Sourabh-Sahu) [medium]
  • [CVE-2024-12732] AffiliateImporterEb <= 1.0.6 - Reflected XSS (@Sourabh-Sahu) [medium]
  • [CVE-2024-12724] WP DeskLite - Reflected XSS (@Sourabh-Sahu) [medium]
  • [CVE-2024-12638] Bulk Me Now! Plugin <= 2.0 - Cross-Site Scripting (@Sourabh-Sahu) [high]
  • [CVE-2024-12585] PropertyHive < 2.1.1 - Cross-Site Scripting (@Shivam Kamboj) [medium]
  • [CVE-2024-11868] LearnPress < 4.2.7.4 - Course Material - Information Disclosure (@pussycat0x) [medium]
  • [CVE-2024-10152] Simple Certain Time to Show Content - Cross-Site Scripting (@Sourabh-Sahu) [high]
  • [CVE-2024-8943] LatePoint <= 5.0.12 - Authentication Bypass (@daffainfo) [critical] (vKEV) 🔥
  • [CVE-2024-8911] LatePoint <= 5.0.11 - SQL Injection (@daffainfo) [critical] (vKEV) 🔥
  • [CVE-2024-6671] WhatsUp Gold GetStatisticalMonitorList SQL Injection - Authentication Bypass (@daffainfo, @jjcho) [critical] (vKEV) 🔥
  • [CVE-2024-6265] UsersWP <= 1.2.10 - Unauthenticated SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2024-6250] LOLLMS WebUI - Absolute Path Traversal (@ritikchaddha) [high] 🔥
  • [CVE-2024-5483] LearnPress < 4.2.6.8.1 - Information Disclosure (@pussycat0x) [medium]
  • [CVE-2024-5333] WordPress Events Calendar 6.8.2.1 - Information Disclosure (@dhiyaneshdk) [medium]
  • [CVE-2024-3605] WP Hotel Booking <= 2.1.0 - SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2024-3408] D-Tale 3.10.0 - 3.15.1 - Authentication Bypass & Remote Code Execution (@ohmygod20260203) [critical]
  • [CVE-2024-3231] Popup4Phone <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting (@Shivam Kamboj) [medium]
  • [CVE-2024-1751] Tutor LMS <= 2.1.10 - SQL Injection (@Shivam Kamboj) [high]
  • [CVE-2024-0705] Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection (@Shivam Kamboj) [critical] 🔥
  • [CVE-2023-45648] Apache Tomcat - HTTP Request Smuggling (@0x_Akoko) [medium]
  • [CVE-2023-44982] WordPress Perfect Images (WP Retina 2x) < 6.4.6 - Sensitive Information Exposure (@pussycat0x) [medium]
  • [CVE-2023-35708] MOVEit Transfer - SQL Injection (@daffainfo, @jjcho) [critical] (vKEV) 🔥
  • [CVE-2023-28787] Quiz and Survey Master <= 8.1.4 - SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2023-24000] WordPress GamiPress <= 2.5.7 - SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2023-6970] WP Recipe Maker <= 9.1.0 - Reflected XSS via Referer Header (@Shivam Kamboj) [medium]
  • [CVE-2023-5204] WordPress AI ChatBot (WPBot) <= 4.8.9 - SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2023-3197] WordPress MStore API <= 4.0.1 - Unauthenticated SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2022-45836] WordPress Download Manager <= 3.2.59 - Reflected XSS (@Shivam Kamboj) [high]
  • [CVE-2022-31678] VMWare Cloud Foundation NSX-V - XML External Entity (XXE) (@daffainfo) [critical] (vKEV) 🔥
  • [CVE-2022-29495] WordPress Popup Builder <= 4.1.11 - Cross-Site Request Forgery (@Shivam Kamboj) [medium]
  • [CVE-2022-28987] Zoho ManageEngine ADSelfService Plus 6121 - Username Enumeration (@ritikchaddha) [medium]
  • [CVE-2022-3254] AWP Classifieds <= 4.2.1 - Unauthenticated SQL Injection (@Shivam Kamboj) [critical]
  • [CVE-2022-3236] Sophos Firewall <= 19.0 MR1 - Remote Code Execution (@daffainfo) [critical] (KEV) 🔥
  • [CVE-2021-41097] Aurelia-Path < 1.1.7 - Prototype Pollution (@0x_Akoko) [high]
  • [CVE-2021-24786] Download Monitor < 4.4.5 - SQL Injection (@mrharsh) [high]
  • [CVE-2021-24139] 10Web Photo Gallery < 1.5.55 - SQL Injection (@riteshs4hu) [critical]
  • [CVE-2021-22017] vCenter Server - Improper Access Control (@daffainfo) [medium] (KEV) 🔥
  • [CVE-2020-37123] Pinger 1.0 - Remote Code Execution (@bswearingen) [critical]
  • [CVE-2019-13608] Citrix StoreFront Server - XML External Entity (@daffainfo) [high] (KEV) 🔥
  • [CVE-2018-16363] WordPress File Manager < 3.0 - Cross-Site Scripting (@Shivam Kamboj) [medium]
  • [CVE-2017-9841] PHPUnit - Remote Code Execution (@Random_Robbie, @pikpikcu) [critical] (KEV) 🔥
  • [k8s-clusterrole-nodes-proxy-rce] ClusterRoles with Risky nodes/proxy GET Permission (@princechaddha) [high]
  • [aaaa-fingerprint] AAAA Record - IPv6 Detection (@rxerium) [info]
  • [acme-challenge-detect] ACME DNS Challenge - Detect (@rxerium) [info]
  • [srv-service-detect] SRV Record Service - Detect (@rxerium) [info]
  • [tlsa-record-detect] TLSA Record - DANE Detection (@rxerium) [info]
  • [wildcard-dns-detect] Wildcard DNS Configuration - Detection (@rxerium) [info]
  • [gude-default-login] GUDE - Default Login (@Bretss) [high]
  • [rustdesk-webclient-default-login] RustDesk Web Client - Default login (@0x_Akoko) [high]
  • [checkmate-panel] Checkmate Login Panel - Detect (@theamanrawat) [info]
  • [cisco-ucm-selfcare-portal] Cisco Unified Communications Self-Service User Portal - Detection (@morgan Robertson) [info]
  • [cloudflare-access-panel] Cloudflare Access - Login Panel Detection (@rxerium) [info]
  • [dokploy-panel] Dokploy Login Panel - Detect (@theamanrawat) [info]
  • [flexnet-operations-panel] FlexNet Operations Panel - Detect (@righettod) [info]
  • [headlamp-panel] Headlamp Kubernetes UI Panel - Detect (@shamo0) [medium]
  • [rails-admin-dashboard-exposure] RailsAdmin Dashboard Exposure (@0x_Akoko) [high]
  • [resa-vista-panel] RESA Vista Panel - Detect (@righettod) [info]
  • [sap-management-console-panel] SAP Management Console - Panel (@lrvt, @l4rm4nd) [info]
  • [smartermail-panel] SmarterMail Login Panel - Detect (@rxerium) [info]
  • [freshrss-fever-api] FreshRSS Fever API - Exposure (@ritikchaddha) [low]
  • [sweetrice-backup-disclosure] SweetRice CMS 1.5.1 - Backup Disclosure (@mananispiwpiw) [medium]
  • [cpanel-backup-exclude-exposure] cPanel Backup Exclusion Configuration - Exposure (@0x_Akoko) [info]
  • [dockerrun-aws-json-exposure] AWS Elastic Beanstalk Dockerrun.aws.json - Exposure (@0x_Akoko) [medium]
  • [exposed-filezilla-config] Exposed FileZilla Configuration File - Exposure (@pussycat0x) [medium]
  • [hp-laserjet-config] HP LaserJet Configuration Exposure (@dhiyaneshdk) [medium]
  • [openvpn-as-config-exposure] OpenVPN Access Server - Configuration Exposure (@0x_Akoko) [high]
  • [llms-file-enum] llms.txt - Enumeration (@ritikchaddha) [info]
  • [wp-links-opml] WordPress wp-links-opml.php - Version Disclosure (@princechaddha) [info]
  • [craftcms-log-disclosure] Craft CMS - Log File Disclosure (@pussycat0x) [medium]
  • [cacti-guest-access-enabled] Cacti - Guest User Access Enabled (@dhiyaneshdk) [medium]
  • [craftcms-debug-exposure] CraftCMS Debug Methods Exposed (@0x_Akoko) [medium]
  • [craftcms-install-exposure] Craft CMS Installation Wizard Exposure (@0x_Akoko) [high]
  • [sap-abapreadsyslog-disclosure] SAPControl ABAPReadSyslog - Disclosure (@lrvt, @l4rm4nd) [medium]
  • [sap-getenvironment-disclosure] SAPControl GetEnvironment - Disclosure (@lrvt, @l4rm4nd) [medium]
  • [sap-getinstanceproperties-disclosure] SAPControl Webmethods - Disclosure (@lrvt, @l4rm4nd) [medium]
  • [sap-getversion-info] SAPControl GetVersionInfo - Detect (@lrvt, @l4rm4nd) [info]
  • [sap-listconfigfiles-disclosure] SAPControl ListConfigFiles - Disclosure (@lrvt, @l4rm4nd) [medium]
  • [sap-listlogfiles-disclosure] SAPControl ListLogFiles - Disclosure (@lrvt, @l4rm4nd) [medium]
  • [sap-osexecute-rce] SAPControl OSExecute - Remote Code Execution (RCE) (@lrvt, @l4rm4nd) [critical]
  • [sap-readconfig-disclosure] SAPControl Read DEFAULT.PFL - Disclosure (@lrvt, @l4rm4nd) [medium]
  • [sap-readlogfile-disclosure] SAPControl ReadDeveloperTrace Log - Disclosure (@lrvt, @l4rm4nd) [medium]
  • [wordpress-events-manager-fpd] WordPress Events Manager - Full Path Disclosure (@dhiyaneshdk) [low]
  • [wordpress-joinchat-fpd] WordPress Joinchat - Full Path Disclosure (@dhiyaneshdk) [low]
  • [wordpress-rocket-lazy-load-fpd] WordPress LazyLoad Plugin - Full Path Disclosure (@dhiyaneshdk) [low]
  • [wordpress-simple-social-icons-fpd] WordPress Simple Social Icons - Full Path Disclosure (@dhiyaneshdk) [low]
  • [wp-h5vp-fpd] WordPress H5VP Plugin - Full Path Disclosure (@theamanrawat) [low]
  • [a-blog-cms-detect] a-blog cms - Detect (@Shivam Kamboj) [info]
  • [apache-tika-detect] Apache Tika - Detection (@icarot) [info]
  • [apostrophecms-detect] ApostropheCMS - Detect (@Shivam Kamboj) [info]
  • [appdynamics-rum-detect] AppDynamics (Cisco) RUM - Detect (@Shivam Kamboj) [info]
  • [cisco-ucm-detect] Cisco Unified Communications Manager - Detect (@morgan Robertson) [info]
  • [cmsimple-detect] CMSimple - Detect (@Shivam Kamboj) [info]
  • [datadog-rum-detect] Datadog Browser RUM - Detect (@Shivam Kamboj) [info]
  • [dynatrace-rum-detect] Dynatrace RUM - Tech Detect (@Shivam Kamboj) [info]
  • [launchdarkly-detect] LaunchDarkly - Detect (@Shivam Kamboj) [info]
  • [livewire-detect] Laravel Livewire - Detect (@Shivam Kamboj) [info]
  • [materialize-css-detect] Materialize CSS - Detect (@Shivam Kamboj) [info]
  • [meteor-detect] Meteor.js Framework - Detect (@Shivam Kamboj) [info]
  • [mixpanel-detect] Mixpanel Analytics - Detect (@Shivam Kamboj) [info]
  • [posthog-rum-detect] PostHog Browser RUM - Detect (@Shivam Kamboj) [info]
  • [sap-message-server-console] SAP Message Server Console - Exposure (@lrvt, @l4rm4nd) [info]
  • [sap-message-server-detect] SAP Message Server HTTP - Detect (@lrvt, @l4rm4nd) [info]
  • [semantic-ui-detect] Semantic UI Framework - Detect (@Shivam Kamboj) [info]
  • [zurb-foundation-detect] ZURB Foundation Framework - Detect (@Shivam Kamboj) [info]
  • [cisco-ucm-cluster-enum] Cisco Unified Communications Manager - Cluster Enumeration (@morgan Robertson) [low]
  • [confluence-xslt-macro-ssrf] Atlassian Confluence XSLT Macro - Server-Side Request Forgery (@ritikchaddha) [high]
  • [wpml-multilingual-cms-xss] WordPress WPML Multilingual CMS < 4.6.1 - Cross-Site Scripting (@ritikchaddha) [high]

New Contributors

Full Changelog: v10.3.8...v10.3.9

  • 命中:CVE, RCE, PoC/Exploit, Auth bypass/Unauth, Key product, High priority source, Low value/marketing

  • 链接:https://github.com/projectdiscovery/nuclei-templates/releases/tag/v10.3.9

  • Nuclei 模板 v10.3.7 – 发行说明

  • 风险:high / 分数:95
  • 来源:nuclei-templates releases
  • 摘要:

    New Templates Added: 102 | CVEs Added: 42 | First-time contributions: 9 | Bounties rewarded: 16

🔥 Release Highlights 🔥

What's Changed

💰 Bounties Rewarded 💰

Bug Fixes

False Negatives

False Positives

  • Reduced false positives in Dell iDRAC detection templates for iDRAC 6, 7, and 8 (Issue #14723, PRs #14739, #14738)

Enhancements

  • None in this release

Templates Added

  • [CVE-2025-69200] phpMyFAQ - Configuration Backup Disclosure (@louay-075) [high] 🔥
  • [CVE-2025-68926] RustFS < 1.0.0-alpha.77 - Hardcoded gRPC Authentication Token (@Chocapikk, @bilisheep) [critical] 🔥
  • [CVE-2025-68645] Zimbra Collaboration - Local File Inclusion (@dhiyaneshdk, @sirifu4k1) [high] 🔥
  • [CVE-2025-62522] Vite - Information Disclosure (@dhiyaneshdk) [medium] 🔥
  • [CVE-2025-60188] Atarim < 4.2.2 - Sensitive Information Exposure (@m4sh_wacker) [high] 🔥
  • [CVE-2025-52691] SmarterMail - Unrestricted File Upload (@dhiyaneshdk, @watchtowr) [critical] 🔥
  • [CVE-2025-34291] Langflow AI <= 1.6.9 - CORS Misconfiguration (@686f6c61) [critical] 🔥
  • [CVE-2025-14847] MongoDB Server - Info Disclosure (MongoBleed) (@pussycat0x, @joe-desimone, @dhiyaneshdk) [high] 🔥 (vKEV)
  • [CVE-2025-8848] LibreChat <= 0.7.9 - HTML Injection via Accept-Language Header (@Kazgangap) [medium] 🔥
  • [CVE-2024-43971] Sunshine Photo Cart <= 3.2.5 - Reflected Cross-Site Scripting (@0xanis) [medium]
  • [CVE-2024-30194] Sunshine Photo Cart <= 3.1.1 - Reflected Cross-Site Scripting (@0xanis) [medium]
  • [CVE-2024-29931] WP Go Maps <= 9.0.29 - Cross-Site Scripting (@Shivam Kamboj) [medium]
  • [CVE-2024-29792] Unlimited Elements for Elementor <= 1.5.93 - Cross Site Scripting (@Shivam Kamboj) [medium]
  • [CVE-2024-29138] WordPress Restrict User Access <= 2.5 - Cross-Site Scripting (@Shivam Kamboj) [medium]
  • [CVE-2024-28986] SolarWinds Web Help Desk < 12.8.3 - Insecure Deserialization (@rxerium) [critical] 🔥 (vKEV)
  • [CVE-2024-24882] Masteriyo LMS <= 1.7.2 - Unauthenticated Privilege Escalation (@riteshs4hu) [critical] 🔥 (vKEV)
  • [CVE-2024-6753] Social Auto Poster <= 5.3.14 - Stored Cross-Site Scripting (@Shivam Kamboj) [high]
  • [CVE-2024-5057] WordPress Easy Digital Downloads <= 3.2.12 - SQL Injection (@daffainfo) [critical] 🔥 (vKEV)
  • [CVE-2024-4455] YITH WooCommerce Ajax Search <= 2.4.0 - Cross-Site Scripting (@Shivam Kamboj) [high]
  • [CVE-2024-3469] GP Premium <= 2.4.0 - Cross-Site Scripting (@Shivam Kamboj) [medium]
  • [CVE-2023-33193] Emby Server - Authentication Bypass (@daffainfo) [critical] 🔥 (vKEV)
  • [CVE-2023-27351] PaperCut NG - Authentication Bypass (@daffainfo, @jjcho) [high] 🔥 (vKEV)
  • [CVE-2022-27924] Zimbra Collaboration Suite - Memcached Command Injection (@rxerium) [high] 🔥 (vKEV)
  • [CVE-2022-4940] WCFM Membership <= 2.10.0 - Broken Access Control (@0xanis) [high]
  • [CVE-2021-36754] PowerDNS Authoritative Server - Denial of Service (@daffainfo) [high]
  • [CVE-2021-28799] QNAP HBS 3 - Broken Access Control (@daffainfo) [critical] 🔥 (vKEV)
  • [CVE-2021-24213] GiveWP <= 2.9.7 - Cross-Site Scripting (@Shivam Kamboj) [medium]
  • [CVE-2021-4448] Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization (@daffainfo) [high]
  • [CVE-2020-13125] Ultimate Addons for Elementor <= 1.24.1 - Registration Bypass (@daffainfo) [high]
  • [CVE-2019-15823] WPS Hide Login <= 1.5.2.2 - Login Page Bypass (@pussycat0x) [high]
  • [CVE-2019-11253] Kubernetes API Server - YAML Parsing DoS (Billion Laughs) (@ritikchaddha) [high] 🔥
  • [CVE-2018-10245] AWStats <= 7.5 - Full Path Disclosure (@0x_Akoko) [medium]
  • [CVE-2018-9206] Blueimp jQuery-File-Upload v9.22.0 - Unrestricted File Upload (@thewindghost) [critical] 🔥 (vKEV)
  • [CVE-2018-8011] Apache HTTP Server - NULL Pointer Dereference (@daffainfo) [high]
  • [CVE-2018-6961] VMware NSX SD-WAN Edge - Command Injection (@d3nverng, @thewindghost) [critical] 🔥 (vKEV)
  • [CVE-2017-20192] Formidable Forms < 2.05.02 - Cross-Site Scripting (@0xanis) [medium]
  • [CVE-2017-11107] phpLDAPadmin <= 1.2.3 - Reflected XSS (@0x_Akoko) [medium]
  • [CVE-2016-15043] WP Mobile Detector <= 3.5 - Unrestricted File Upload (@d3nverng, @thewindghost) [critical] 🔥 (vKEV)
  • [CVE-2016-15041] MainWP Dashboard <= 3.1.2 - Stored Cross-Site Scripting (@flame) [high]
  • [CVE-2012-10018] WordPress Mapplic <= 6.1 / Mapplic Lite <= 1.0 - Stored XSS via SVG File Upload (@KrE80r) [high]
  • [CVE-2011-3600] Apache OFBiz - XML External Entity Injection (@daffainfo, @pikpikcu) [high]
  • [CVE-2006-3392] Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure (@s4e-io) [medium]
  • [gcloud-service-account-keys-rotation] GCP Service Account Keys - No Rotation Configured (@kelu27) [high]
  • [cloudinary-csp-bypass] Content-Security-Policy Bypass - cloudinary (@pussycat0x) [medium]
  • [bitbucket-panel] Bitbucket Panel - Detect (@Shivam Kamboj) [info]
  • [ekoapi-admin-panel] EkoAPI Admin Panel - Detect (@rxerium) [info]
  • [librechat-login-panel] LibreChat Login Panel - Detection (@Kazgangap) [info]
  • [victoriametrics-panel] VictoriaMetrics Panel - Detect (@Shivam Kamboj) [info]
  • [woodpecker-ci-panel] Woodpecker CI Panel - Detect (@Shivam Kamboj) [info]
  • [xspeeder-login] XSpeeder Login - Detect (@rxerium) [info]
  • [bash-config-exposure] Bash Configuration - Exposure (@theamanrawat) [low]
  • [exposed-gitmodules] .gitmodules File Exposed (@pussycat0x) [high]
  • [flow-config-exposure] Flow Configuration - Exposure (@theamanrawat) [medium]
  • [grafana-metrics-exposure] Grafana Metrics Endpoint - Information Disclosure (@0x_Akoko) [low]
  • [jfrog-artifactory-build-exposure] JFrog Artifactory Build - Exposure (@theamanrawat) [medium]
  • [keycloak-admin-console-config] Keycloak Admin Console Configuration Disclosure (@0x_Akoko) [low]
  • [makefile-exposure] Makefile - Exposure (@0x_Akoko) [low]
  • [mysql-config-exposure] MySQL Conifg - Exposure (@theamanrawat) [high]
  • [prettier-ignore-disclosure] Prettier - Ignore File Disclosure (@ritikchaddha) [info]
  • [smtp-credentials-exposure] SMTP Credentials Exposure - Detection (@pussycat0x) [high]
  • [jolokia-config-exposure] Jolokia Configuration - Exposure (@theamanrawat) [medium]
  • [kcfinder-exposure] KCFinder - Exposure (@theamanrawat) [high]
  • [npmignore-disclosure] NPM .npmignore File Disclosure (@0x_Akoko) [info]
  • [postgres-credentials-exposure] PostgreSQL Credentials - Exposure (@theamanrawat) [high]
  • [python-requirements-disclosure] Python Requirements File Disclosure (@0x_Akoko) [low]
  • [rails-history-exposure] Rails/Ruby Console History - Exposure (@theamanrawat) [medium]
  • [oracle-ebs-sqllog-exposure] Oracle EBS SQL Log - Exposure (@theamanrawat) [medium]
  • [wp-enable-media-replace-log] WordPress Plugin Enable Media Replace - Log File Exposure (@dhiyaneshdk) [medium]
  • [wp-newsletter-log-exposure] WordPress Newsletter - Log File Exposure (@pussycat0x) [medium]
  • [flock-safety-camera-panel] Flock Safety Camera Admin Panel - Detect (@inokii) [info]
  • [aem-jcr-exposure] Adobe AEM JCR Compare Exposure (@pussycat0x) [medium]
  • [bitrix-fpd] Bitrix Path Disclosure (@dhiyaneshdk) [low]
  • [drupal-directory-listing] Drupal Directory Listing (@ritikchaddha) [low]
  • [grafana-unauth-access] Grafana Unauthenticated Access (@ritikchaddha) [high]
  • [icinga-dashboard-exposure] Icinga Exposed Dashboard (@dhiyaneshdk) [medium]
  • [imageresizer-debug-exposure] ImageResizer Debug - Information Exposure (@ritikchaddha) [low]
  • [roundcube-installer-exposure] Roundcube Webmail Installer - Exposure (@theamanrawat) [high]
  • [jboss-jmx-console-unauth] JBoss JMX Console - Unauthenticated Access (@0x_Akoko) [high]
  • [joomla-fpd] Joomla! - Full Path Disclosure (@pussycat0x) [low]
  • [mamp-phpinfo-exposure] MAMP - PHP Info Exposure (@0x_Akoko) [low]
  • [phpmyadmin-fpd] phpMyAdmin Full Path Disclosure (@dhiyaneshdk) [low]
  • [renovate-config-exposure] Renovate Configuration Exposure (@ritikchaddha) [info]
  • [wordfence-config-disclosure] WordPress Wordfence - Configuration File Disclosure (@ritikchaddha) [medium]
  • [wordpress-elementor-fpd] WordPress Elementor Page Builder - Full Path Disclosure (@dhiyaneshdk) [low]
  • [wordpress-menu-image-fpd] WordPress Menu Image - Full Path Disclosure (@dhiyaneshdk) [low]
  • [wordpress-twentynineteen-fpd] WordPress Twenty Nineteen - Full Path Disclosure (@pussycat0x) [low]
  • [wp-better-wp-security-fpd] WordPress Plugin iThemes Security - Full Path Disclosure (@dhiyaneshdk) [low]
  • [wp-custom-post-type-ui-fpd] WordPress Custom Post Type UI - Full Path Disclosure (@0x_Akoko) [low]
  • [wp-elementor-pro-fpd] WordPress Elementor Pro - Full Path Disclosure (@dhiyaneshdk) [low]
  • [wp-members-log-disclosure] WordPress Members Plugin - Debug/Error Log Disclosure (@ritikchaddha) [low]
  • [wp-nextgen-gallery-log] WordPress Gallery Plugin / NextGEN Gallery (nextgen-gallery) Error Log Disclosure (@dhiyaneshdk) [low]
  • [wp-popup-maker-fpd] Popup Maker - Full Path Disclosure (@theamanrawat) [low]
  • [wp-simple-custom-css-fpd] WordPress Simple Custom CSS Plugin - Full Path Disclosure (@0x_Akoko) [low]
  • [wp-user-role-editor-fpd] User Role Editor - Full Path Disclosure (@theamanrawat) [low]
  • [adonisjs-detect] AdonisJS - Detect (@rxerium) [info]
  • [newrelic-rum-detect] New Relic Browser Monitoring (RUM) - Tech Detect (@Shivam Kamboj) [info]
  • [wordpress-passive-detection] WordPress Passive Detection - Plugins & Themes (@princechaddha) [info]
  • [acme-challenge-path-xss] ACME Challenge Path - Reflected Cross-Site Scripting (@pussycat0x) [low]
  • [magento-downloader-fpd] Magento Downloader - Full Path Disclosure (@0x_Akoko) [low]
  • [jetpack-stored-xss] Jetpack < 6.5 - Stored Cross-Site Scripting (@0x_Akoko) [medium]
  • [wp-instagram-feed-xss] Instagram Feed < 1.6 - Cross-Site Scripting (@theamanrawat) [medium]
  • [wp-jetpack-ssrf] Wordpress Jetpack plugin - Server Side Request Forgery (@pussycat0x) [medium]

New Contributors

Full Changelog: v10.3.6...v10.3.7

  • 命中:CVE, RCE, PoC/Exploit, Auth bypass/Unauth, Key product, High priority source, Low value/marketing

  • 链接:https://github.com/projectdiscovery/nuclei-templates/releases/tag/v10.3.7

  • 🎄 Nuclei Templates v10.3.6 – 圣诞节发行说明

  • 风险:high / 分数:95
  • 来源:nuclei-templates releases
  • 摘要:

    New Templates Added: 163 | CVEs Added: 57 | First-time contributions: 6 | Bounties rewarded: 4

🔥 Release Highlights 🔥

What's Changed

💰 Bounties Rewarded 💰

Bug Fixes

False Negatives

False Positives

  • Fixed false positives in the following templates:

Enhancements

  • Enhanced WAF detection by adding FortiWEB WAF signatures to waf-detect.yaml (PR #14370).
  • Improved regex matchers in node-exporter-metrics.yaml for better accuracy (PR #14375).
  • Updated awstats-script.yaml template (PR #14413).

Templates Added

  • [CVE-2025-68613] n8n - RCE via Expression Injection (@rxerium, @PentesterFlow, @MuhamadJuwandi) [critical] 🔥
  • [CVE-2025-63387] Dify v1.9.1 - Broken Access Control (@dhiyaneshdk) [medium]
  • [CVE-2025-56819] Datart v1.0.0-rc.3 - RCE (@Redmomn) [critical]
  • [CVE-2025-56266] Avigilon ACM - Host Header Injection (@dhiyaneshdk) [medium]
  • [CVE-2025-55749] XWiki - Information Disclosure (@dhiyaneshdk) [high]
  • [CVE-2025-55184] React Server Components - Denial of Service (@dhiyaneshdk) [high] 🔥
  • [CVE-2025-52970] Fortinet FortiWeb - Authentication Bypass to Admin Privilege (@Sourabh-Sahu) [high] (vKEV) 🔥
  • [CVE-2025-47188] Mitel 6000 - OS Command Injection (@matejsmycka) [critical] (vKEV) 🔥
  • [CVE-2025-37164] HPE OneView - RCE (@dhiyaneshdk) [critical] (vKEV) 🔥
  • [CVE-2025-34299] Monsta FTP <= 2.11.2 - Unauthenticated RCE (@KrE80r) [critical] (vKEV) 🔥
  • [CVE-2025-14611] Gladinet CentreStack & Triofox - Hardcoded Credentials (@0xanis) [critical] (vKEV) 🔥
  • [CVE-2025-13486] Advanced Custom Fields Extended < 0.9.2 - RCE (@0xanis) [critical]
  • [CVE-2025-12139] Integrate Google Drive <= 1.5.3 - Information Disclosure (@meysam Bal-afkan) [high]
  • [CVE-2025-9808] The Events Calendar <= 6.15.2 - Information Disclosure (@zer0p0int) [medium]
  • [CVE-2024-47374] LiteSpeed Cache <= 6.5.0.2 - Stored XSS (@Sourabh-Sahu) [high]
  • [CVE-2024-39646] WordPress Custom 404 Pro <= 3.11.1 - Reflected XSS (@Sourabh-Sahu) [high]
  • [CVE-2024-35694] Wordpress WPMobile.App >= 11.42 - Cross-Site Scripting (@Sourabh-Sahu) [high]
  • [CVE-2024-35693] WordPress 12 Step Meeting List Plugin <= 3.14.33 - Cross-Site Scripting (@intelligent-ears) [medium]
  • [CVE-2024-31223] Fides Privacy Center ≤ 2.39.1 - Server-Side URL Disclosure (@hnd3884) [medium]
  • [CVE-2024-28253] OpenMetaData - SpEL Injection in PUT /api/v1/policies (@daffainfo) [critical]
  • [CVE-2024-28200] N-able N-central < 2024.2 - Authentication Bypass Detection (@rxerium) [critical] (vKEV) 🔥
  • [CVE-2024-25608] Liferay Portal - Open Redirect (@daffainfo) [medium]
  • [CVE-2024-2863] LG LED Assistant - Thumbnail Path Traversal File Upload (@Beginee) [high]
  • [CVE-2024-2862] LG LED Assistant - Unauthenticated Password Reset (@Beginee) [high]
  • [CVE-2023-45038] QNAP Music Station < 5.4.0 - Authentication Bypass (@daffainfo) [medium]
  • [CVE-2023-38952] ZKTeco BioTime <= 9.0.1 - Privilege Escalation (@riteshs4hu) [high]
  • [CVE-2023-27624] WordPress Redirect After Login <= 0.1.9 - Admin Stored XSS (@0x_Akoko) [medium]
  • [CVE-2023-23897] Ozette Plugins - Cross-Site Request Forgery (@popcorn94) [medium]
  • [CVE-2023-7164] WordPress BackWPup < 4.0.4 - Backup File Disclosure (@0x_Akoko) [high]
  • [CVE-2023-6266] WordPress Backup Migration <= 1.3.6 - Path Traversal (@riteshs4hu) [high]
  • [CVE-2023-3388] Beautiful Cookie Consent Banner < 2.10.2 - Cross-Site Scripting (@daffainfo) [high]
  • [CVE-2022-38130] KeySight RF - smsRestoreDatabaseZip UNC path to RCE (@daffainfo, @jjcho) [critical]
  • [CVE-2022-36923] Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils - getUserAPIKey Authentication Bypass (@daffainfo, @jjcho) [high]
  • [CVE-2022-34305] Apache Tomcat Examples Web Application - Cross-Site Scripting (@Sourabh-Sahu) [medium]
  • [CVE-2022-1029] Limit Login Attempts - Stored Cross-Site Scripting (@theamanrawat) [medium]
  • [CVE-2022-0873] WordPress Gmedia Photo Gallery Plugin < 1.20.0 - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2022-0765] WordPress Loco Translate < 2.6.1 - Cross-Site Scripting (@0x_Akoko) [medium]
  • [CVE-2021-37415] Zoho ManageEngine ServiceDesk Plus - Authentication Bypass (@daffainfo, @jjcho) [critical] 🔥
  • [CVE-2021-35042] Django QuerySet.order_by - SQL Injection (@0x_Akoko) [critical] 🔥
  • [CVE-2021-33829] Drupal 7 CKEditor XSS (@0x_Akoko) [medium]
  • [CVE-2021-25082] WordPress Popup Builder < 4.0.7 - RCE (@0x_Akoko) [critical] 🔥
  • [CVE-2021-24681] Duplicate Page WordPress - Stored Cross-Site Scripting (@theamanrawat) [medium]
  • [CVE-2021-24657] Limit Login Attempts WordPress - Stored Cross-site Scripting (@theamanrawat) [medium]
  • [CVE-2021-22175] GitLab CI Lint API - Server-Side Request Forgery (@0x_Akoko) [high]
  • [CVE-2021-20617] Acmailer - Improper Access Control to OS Command Injection (@daffainfo) [critical]
  • [CVE-2021-3007] Laminas Project laminas-http - RCE (@0xanis) [critical]
  • [CVE-2021-2135] Oracle WebLogic Server - RCE (@hnd3884) [critical] (vKEV) 🔥
  • [CVE-2020-26836] SAP Solution Manager - Open Redirect (@gal Nagli, @lrvt) [medium]
  • [CVE-2020-25200] Pritunl VPN Server 1.29.2145.25 - Username Enumeration (@pussycat0x) [medium]
  • [CVE-2020-20627] GiveWP - Missing Authorization to Settings Update (@daffainfo) [medium]
  • [CVE-2020-12832] WordPress Simple File List - Path Traversal (@riteshs4hu) [critical]
  • [CVE-2019-9082] ThinkPHP < 3.2.4 - RCE (@0xanis) [high]
  • [CVE-2019-5591] FortiOS - Insecure LDAP Configuration Detection (@ayewo) [medium]
  • [CVE-2019-4061] IBM BigFix Platform - Information Disclosure (@daffainfo) [medium]
  • [CVE-2017-18580] WordPress Shortcodes Ultimate <= 5.0.0 - Authenticated RCE (@0x_Akoko) [critical]
  • [CVE-2017-17762] Episerver 7 - Blind XML External Entity Injection (@pussycat0x) [high]
  • [CVE-2015-8350] WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS (@0x_Akoko) [medium]
  • [ai-code-execution] AI Code Execution Detection (@princechaddha) [high]
  • [ai-data-exfiltration] AI Data Exfiltration Detection (@princechaddha) [high]
  • [ai-prompt-injection] AI Prompt Injection Detection (@princechaddha) [high]
  • [ai-safety-bypass] AI Safety Control Bypass Detection (@princechaddha) [unknown]
  • [pdfjs-content-spoofing] Mozilla PDF.js - Content Spoofing (@0x_Akoko) [medium]
  • [cisco-esa-panel] Cisco Email Security Appliance - Panel (@rxerium, @darses) [info]
  • [hpe-oneview-panel] HPE OneView - Panel Detect (@rxerium) [info]
  • [temboard-panel] temBoard Panel - Detect (@righettod) [info]
  • [ambassador-api-diagnostics-exposure] Ambassador API Gateway Diagnostics - Exposure (@0x_Akoko) [medium]
  • [wordpress-db-exposure] WordPress Database Backup File - Exposure (@0x_Akoko) [high]
  • [cakefile-exposure] Cakefile - Exposure (@0x_Akoko) [info]
  • [codekit-config-exposure] CodeKit Configuration Exposure (@pussycat0x) [low]
  • [glimpse-data-exposure] Glimpse Diagnostics - Sensitive Data Exposure (@0x_Akoko) [high]
  • [node-repl-history-disclosure] Node.js REPL History Disclosure (@pussycat0x) [low]
  • [phpci-yml] PHPCI Configuration Exposure "phpci.yml" Exposure (@dhiyaneshdk) [info]
  • [python-setup-config] Python Setup Configuration - Exposure (@dhiyaneshdk) [low]
  • [rexify-config-exposure] Rexify Configuration - Exposure (@theamanrawat) [high]
  • [xampp-phpinfo-detect] XAMPP PHP info Page - Detect (@pussycat0x) [low]
  • [eclipse-project-exposure] Eclipse .project Configuration - Exposure (@0x_Akoko) [info]
  • [python-history-disclosure] Python History File Disclosure (@pussycat0x) [low]
  • [wp-w3-total-cache-exposure] WordPress W3 Total Cache - Cache Files Exposure (@pussycat0x) [high]
  • [yarn-integrity-disclosure] Yarn Integrity File Disclosure (@pussycat0x) [info]
  • [bitrix-log-file-disclosure] Bitrix Site Manager - Log File Disclosure (@0x_Akoko) [medium]
  • [wp-easy-google-fonts-log-disclosure] WordPress Easy Google Fonts - Error Log Disclosure (@0x_Akoko) [low]
  • [wp-flexible-shipping-log] WordPress Flexible Shipping - Log File Exposure (@dhiyaneshdk) [medium]
  • [wp-importer-log-disclosure] WordPress Importer - Error Log Disclosure (@0x_Akoko) [low]
  • [wp-pretty-link-log-disclosure] WordPress Pretty Link - Error Log Disclosure (@0x_Akoko) [low]
  • [wp-wps-hide-login-log] WordPress WPS Hide Login - Error Log Disclosure (@pussycat0x) [low]
  • [secrets-patterns-pii] Secrets Patterns (PII) (@dwisiswant0) [info]
  • [apache-mod-negotiation-listing] Apache mod_negotiation - Pseudo Directory Listing (@0x_Akoko) [low]
  • [browserconfig-xml] Browser Configuration "browserconfig.xml" Exposure (@dhiyaneshdk) [info]
  • [buildpath-file-disclosure] .buildpath - File Disclosure (@ritikchaddha) [low]
  • [eslint-ignore-exposure] Eslint Ignore File Exposure (@dhiyaneshdk) [low]
  • [gcs-bucket-listing] Google Cloud Storage - Public Bucket Listing (@0x_Akoko) [unknown]
  • [metabase-installer-exposure] Metabase Installer - Exposure (@0x_Akoko) [high]
  • [jetty-directory-listing] Eclipse Jetty - Directory Listing Enabled (@ritikchaddha) [low]
  • [jfrog-artifactory-exposure] JFrog Artifactory Artifacts Exposure (@dhiyaneshdk) [low]
  • [joomla-registration-enabled] Joomla - User Registration Enabled (@0x_Akoko) [info]
  • [nexus-repository-anonymous-access] Nexus Repository Manager - Anonymous Access Enabled (@0x_Akoko) [medium]
  • [vscode-slnx-sqlite-disclosure] Visual Studio Code - Slnx.SQLite File Disclosure (@ritikchaddha) [high]
  • [nextgen-gallery-pro-error-log] WordPress NextGEN Gallery Pro - Error Log Disclosure (@ritikchaddha) [medium]
  • [wordfence-rules-disclosure] WordPress Wordfence - Rules File Disclosure (@ritikchaddha) [medium]
  • [wordfence-waf-logs-disclosure] WordPress Wordfence - WAF Logs and Data Disclosure (@ritikchaddha) [low]
  • [wordpress-amp-fpd] WordPress AMP - FPD (@pussycat0x) [low]
  • [wordpress-cmb2-fpd] WordPress CMB2 - FPD (@ritikchaddha) [low]
  • [wordpress-imsanity-fpd] WordPress Plugin Imsanity - FPD (@ritikchaddha) [low]
  • [wordpress-storefront-fpd] WordPress Storefront Theme - FPD (@pussycat0x) [low]
  • [wp-add-to-any-fpd] WordPress AddToAny Share Buttons Plugin - FPD (@pussycat0x) [low]
  • [wp-astra-sites-fpd] WordPress Astra Sites - FPD (@ritikchaddha) [low]
  • [wp-beaver-builder-lite-version-fpd] Beaver Builder Page Builder - FPD (@theamanrawat) [low]
  • [wp-cookie-law-info-fpd] WordPress Plugin GDPR Cookie Consent - FPD (@ritikchaddha) [low]
  • [wp-image-widget-fpd] Image Widget - FPD (@theamanrawat) [low]
  • [wp-iwp-client-fpd] WordPress Plugin InfiniteWP Client - FPD (@ritikchaddha) [low]
  • [wp-maintenance-mode-fpd] WordPress WP Maintenance Mode - FPD (@ritikchaddha) [low]
  • [wp-members-error-log-disclosure] WordPress Members / Membership & User Role Editor Plugin - Error Log Disclosure (@ritikchaddha) [low]
  • [wp-migrate-db-fpd] WordPress WP Migrate DB - FPD (@pussycat0x) [low]
  • [wp-oceanwp-fpd] WordPress OceanWP - FPD (@ritikchaddha) [low]
  • [wp-pretty-links-fpd] WordPress Pretty Links - FPD (@ritikchaddha) [low]
  • [wp-rank-math-seo-fpd] WordPress SEO Plugin Rank Math - FPD (@ritikchaddha) [low]
  • [wp-safe-svg-fpd] WordPress Plugin Safe SVG - FPD (@ritikchaddha) [low]
  • [wp-simple-301-redirects-fpd] Simple 301 Redirects - FPD (@theamanrawat) [low]
  • [wp-smushit-fpd] WP Smushit - FPD (@theamanrawat) [low]
  • [wp-svg-support-fpd] WordPress SVG Support - FPD (@pussycat0x) [low]
  • [wp-table-of-contents-plus-fpd] WordPress Table of Contents Plus - FPD (@ritikchaddha) [low]
  • [wp-the-events-calendar-fpd] WordPress The Events Calendar - FPD (@ritikchaddha) [low]
  • [wp-toc-plus-fpd] WordPress Plugin Table of Contents Plus - FPD (@ritikchaddha) [low]
  • [wp-wordfence-fpd] Wordfence - FPD (@theamanrawat) [low]
  • [wp-wp-mail-smtp-fpd] WordPress WP Mail SMTP - FPD (@ritikchaddha) [low]
  • [wp-yith-woocommerce-wishlist-fpd] WordPress YITH WooCommerce Wishlist - FPD (@ritikchaddha) [low]
  • [wp-yoast-seo-fpd] WordPress Yoast SEO - FPD (@ritikchaddha) [low]
  • [x-backend-server-header-detect] X-Backend-Server Header - Exposure (@pussycat0x) [low]
  • [fastcgi-test-page] FastCGI Test Page (@dhiyaneshdk) [info]
  • [krpano-detect] Krpano Panorama Viewer - Detection (@matejsmycka) [info]
  • [cross-site-tracing-xss] Cross Site Tracing - Cross-Site Scripting (@ritikchaddha) [low]
  • [jira-https-mode-open-redirect] JIRA in HTTPS mode - Open Redirect (@0x_Akoko) [medium]
  • [wordpress-meta-box-fpd] WordPress Meta Box - FPD (@pussycat0x) [low]
  • [wp-acf-fpd] Advanced Custom Fields (ACF) - FPD (@theamanrawat) [low]
  • [wp-admin-menu-editor-fpd] Admin Menu Editor - FPD (@theamanrawat) [low]
  • [wp-all-in-one-seo-pack-fpd] WordPress All in One SEO Pack - FPD (@theamanrawat) [low]
  • [wp-all-in-one-wp-security-and-firewall-fpd] All In One WP Security & Firewall - FPD (@theamanrawat) [low]
  • [wp-astra-fpd] WordPress Astra - FPD (@dhiyaneshdk) [low]
  • [wp-better-wp-security-login-disclosure] WordPress Solid Security < 9.0.1 - Unauthenticated Login Page Disclosure (@0x_Akoko) [medium]
  • [wp-buddypress-open-redirect] WordPress BuddyPress < 2.9.2 - Authenticated Open Redirect (@0x_Akoko) [low]
  • [wp-caldera-forms-xss] Caldera Forms <= 1.5.4 - Cross-Site Scripting (@theamanrawat) [medium]
  • [wp-contact-form-7-fpd] WordPress Contact Form 7 - FPD (@pussycat0x) [low]
  • [wp-contact-form-fpd] WordPress Contact Form - FPD (@pussycat0x) [low]
  • [wp-duplicate-post-fpd] Duplicate Post - FPD (@theamanrawat) [low]
  • [wp-duracelltomi-google-tag-manager-fpd] WordPress Plugin Google Tag Manager - FPD (@dhiyaneshdk) [low]
  • [wp-easy-fancybox-fpd] Easy FancyBox - FPD (@theamanrawat) [low]
  • [wp-google-analytics-fpd] WordPress Google Analytics - FPD (@0x_Akoko) [info]
  • [wp-google-site-kit-fpd] WordPress Plugin Site Kit by Google - FPD (@0x_Akoko) [info]
  • [wp-googlecaptcha-fpd] WordPress Plugin reCaptcha by BestWebSoft (google-captcha) - FPD (@dhiyaneshdk) [low]
  • [wp-hello-dolly-fpd] WordPress Plugin Hello Dolly - FPD (@dhiyaneshdk) [low]
  • [wp-intuitive-custom-post-order-fpd] WordPress Plugin Intuitive Custom Post Order - FPD (@dhiyaneshdk) [low]
  • [wp-jetpack-fpd] JetPack - FPD (@theamanrawat) [low]
  • [wp-megamenu-fpd] WordPress Plugin Max Mega Menu (megamenu) - FPD (@dhiyaneshdk) [low]
  • [wp-newsletter-fpd] WordPress Plugin Newsletter - FPD (@dhiyaneshdk) [low]
  • [wp-pagenavi-fpd] WordPress WP-PageNavi - FPD (@dhiyaneshdk) [low]
  • [wp-responsive-fpd] WordPress Coming Soon Page - FPD (@dhiyaneshdk) [low]
  • [wp-sg-cachepress-fpd] WordPress Plugin SG Optimizer - FPD (@dhiyaneshdk) [low]
  • [wp-ssl-insecure-content-fixer-fpd] WordPress Plugin SSL Insecure Content Fixer - FPD (@dhiyaneshdk) [low]
  • [wp-super-cache-fpd] WordPress WP Super Cache - FPD (@dhiyaneshdk) [low]
  • [wp-widget-logic-fpd] WordPress Widget Logic - FPD (@dhiyaneshdk) [low]
  • [wp-woocommerce-admin-fpd] WordPress Plugin WooCommerce Admin (woocommerce-admin) FPD (@dhiyaneshdk) [low]
  • [wp-worker-fpd] WordPress ManageWP Worker - FPD (@dhiyaneshdk) [low]
  • [apache-kvrocks-exposed] Apache Kvrocks - Exposed (@icarot) [high]

New Contributors

Full Changelog: v10.3.5...v10.3.6

  • 命中:CVE, RCE, PoC/Exploit, Auth bypass/Unauth, Key product, High priority source, Low value/marketing
  • 链接:https://github.com/projectdiscovery/nuclei-templates/releases/tag/v10.3.6