Nuclei Templates v10.3.0 - Release Notes

New Templates Added: 124 | CVEs Added: 90 | First-time contributions: 6

🔥 Release Highlights 🔥

• [CVE-2025-61882] Oracle E-Business Suite 12.2.3–12.2.14 – RCE (@dhiyaneshdk, @watchtowr) [critical] 🔥 (KEV) (vKEV)
• [CVE-2025-54251] Adobe Experience Manager ≤ 6.5.23.0 - XML Injection (@dhiyaneshdk, @assetnote) [medium] 🔥
• [CVE-2025-54249] Adobe Experience Manager ≤ 6.5.23.0 – SSRF (@dhiyaneshdk, @assetnote) [medium] 🔥
• [CVE-2025-49825] Teleport - Auth Bypass (@pdteam) [critical] 🔥
• [CVE-2025-36604] Dell UnityVSA < 5.5 - Remote Command Injection (@dhiyaneshdk, @watchtowr) [critical] 🔥
• [CVE-2025-20362] Cisco Secure Firewall ASA & FTD - Auth Bypass (@dhiyaneshdk, @attackerkb) [medium] 🔥 (KEV) (vKEV)
• [CVE-2025-10035] GoAnywhere - Auth Bypass (@dhiyaneshdk, @watchtowr) [critical] 🔥 (KEV) (vKEV)
• [CVE-2025-0282] Ivanti Connect Secure - Stack-based Buffer Overflow (@ritikchaddha) [critical] 🔥 (KEV) (vKEV)
• [CVE-2024-0593] WordPress Simple Job Board - Unauthorized Data Access (@zer0p0int) [medium] 🔥
• [CVE-2023-26258] Arcserve UDP <= 9.0.6034 - Auth Bypass (@daffainfo) [critical] 🔥 (vKEV)
• [CVE-2023-6933] Better Search Replace < 1.4.5 - PHP Object Injection (@pussycat0x) [critical] 🔥
• [CVE-2023-5559] 10Web Booster < 2.24.18 - Unauth Arbitrary Option Deletion (@daffainfo) [critical] 🔥
• [CVE-2023-4666] Form-Maker < 1.15.20 - Unauth Arbitrary File Upload (@pussycat0x) [critical] 🔥
• [CVE-2022-41352] Zimbra Collaboration - Unrestricted File Upload (@rxerium) [critical] 🔥 (KEV) (vKEV)
• [CVE-2022-38627] Nortek Linear eMerge E3-Series - SQL Injection (@daffainfo, @omarhashem666) [critical] 🔥 (vKEV)
• [CVE-2022-3590] WordPress <= 6.2 - Server Side Request Forgery (@riteshs4hu) [medium] 🔥 (vKEV)
• [CVE-2022-3481] NotificationX Dropshipping < 4.4 - SQL Injection (@ritikchaddha) [critical] 🔥 (vKEV)
• [CVE-2022-3477] WordPress tagDiv Composer < 3.5 - Auth Bypass (@melmathari) [critical] 🔥 (vKEV)
• [CVE-2021-42359] WP DSGVO Tools (GDPR) <= 3.1.23 - Unauth Arbitrary Post Deletion (@daffainfo) [high] 🔥
• [CVE-2021-34622] WordPress ProfilePress <= 3.1.3 - Privilege Escalation (@Sourabh-Sahu) [critical] 🔥 (vKEV)
• [CVE-2021-24295] Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 - Unauth Blind SQLi (@dhiyaneshdk) [high] 🔥
• [CVE-2021-24175] The Plus Addons for Elementor Page Builder < 4.1.7 - Auth Bypass (@pussycat0x) [critical] 🔥
• [CVE-2021-20021] SonicWall Email Security <= 10.0.9.x - Unauth Admin Account Creation (@pussycat0x) [critical] 🔥 (KEV) (vKEV)
• [CVE-2021-4380] Pinterest Automatic < 4.14.4 - Unauth Arbitrary Options Update (@s4e-io) [critical] 🔥
• [CVE-2020-36731] Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauth Arbitrary Plugin Settings Update (@popcorn94) [high] 🔥
• [CVE-2020-36719] ListingPro < 2.6.1 - Arbitrary Plugin Installation/Activation/Deactivation (@ritikchaddha) [critical] 🔥 (vKEV)
• [CVE-2020-36705] Adning Advertising <= 1.5.5 - Arbitrary File Upload (@dhiyaneshdk) [critical] 🔥
• [CVE-2020-13640] wpDiscuz <= 5.3.5 - SQL Injection (@Sourabh-Sahu) [critical] 🔥
• [CVE-2020-9480] Apache Spark - Auth Bypass (@riteshs4hu) [critical] 🔥 (vKEV)
• [CVE-2020-8657] EyesOfNetwork - Hardcoded API Key (@daffainfo) [critical] 🔥
• [CVE-2020-8656] EyesOfNetwork - Hardcoded API Key & SQL Injection (@ritikchaddha) [critical] 🔥
• [CVE-2019-25152] Abandoned Cart Lite for WooCommerce < 5.2.0 - Cross-Site Scripting (@dhiyaneshdk) [high] 🔥
• [CVE-2019-17232] WordPress Ultimate FAQs <= 1.8.24 – Unauth Options Import and Export (@daffainfo) [high] 🔥
• [CVE-2019-11886] Yellow Pencil Visual Theme Customizer < 7.2.1 - Privilege Escalation (@daffainfo) [high] 🔥
• [CVE-2019-9621] Zimbra Collaboration Suite - SSRF (@riteshs4hu) [high] 🔥 (KEV) (vKEV)
• [CVE-2019-7276] Optergy Proton/Enterprise - Unauth RCE via Backdoor Console (@daffainfo) [critical] 🔥 (vKEV)
• [CVE-2019-6703] Total Donations Plugin for WordPress < 2.0.6 - Arbitrary Options Update (@dhiyaneshdk) [critical] 🔥
• [CVE-2018-1217] Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Control (@daffainfo) [critical] 🔥
• [CVE-2016-10972] Newspaper Theme 6.4–6.7.1 - Privilege Escalation (@pussycat0x) [critical] 🔥

What's Changed

💰 Bounties Rewarded 💰

• CVE-2024-28000 LiteSpeed Technologies LiteSpeed Cache privilege escalation 💰 (Issue #13222)
• CVE-2024-23660 Binance Trust Wallet insecure mnemonic generation 💰 (Issue #13315)
• CVE-2022-3477 tagDiv Composer broken authentication 💰 (Issue #12752, PR #13194)
• CVE-2023-23063 vKEV template 💰 (PR #13396)
• CVE-2022-38840 vKEV template 💰 (PR #13382)
• CVE-2022-38627 vKEV template 💰 (PR #13372)
• CVE-2022-3805 vKEV template 💰 (PR #13403)
• CVE-2021-3122 vKEV template 💰 (PR #13412)
• CVE-2019-18952 vKEV template 💰 (PR #13425)
• CVE-2019-9621 KEV & vKEV template 💰 (PR #13409)
• CVE-2018-1217 vKEV template 💰 (PR #13418)
• CVE-2015-9415 vKEV template 💰 (PR #13419)

Bug Fixes

• Fixed false positives in CVE-2024-43441.yaml template (Issue #13317)
• Fixed CVE-2021-30175 template (PR #13375)
• Corrected CVSS score for CVE-2025-49825 (PR #13446)
• Fixed false positives in CVE-2022-37932 by updating flow (PR #13427)
• Resolved wix-takeover false positive issues (PR #13477)
• Fixed addeventlistener-detect template (PR #13462)

False Negatives

• Addressed CORS detection for OWASP JuiceShop Access-Control-Allow-Origin: * (Issue #13402)

False Positives

• Reduced false positives in CVE-2024-43441.yaml template (Issue #13317)
• Fixed false positives in wix-takeover template (PR #13477)
• Corrected false positives in CVE-2022-37932 template (PR #13427)

Enhancements

• Enhanced Google CSP bypass detection vector (PR #13500)
• Added user and password fields to config-json.yaml for better extraction (PR #13445)
• Improved vKEV workflow and updated missing tags (PR #13374)
• Added credentialed CORS with reflected Origin detection (PR #13441)
• Added blind SSRF (OAST) multiparam fuzzing template (PR #13440)
• Added Swagger/OpenAPI/GraphQL API inventory template (PR #13442)

Templates Added

• [CVE-2025-61882] Oracle E-Business Suite 12.2.3–12.2.14 – RCE (@dhiyaneshdk, @watchtowr) [critical] 🔥 (KEV) (vKEV)
• [CVE-2025-59474] Jenkins Sidepanel - Unauthorized Agent/Queue Exposure (@ivaldivieso) [medium]
• [CVE-2025-54251] Adobe Experience Manager ≤ 6.5.23.0 - XML Injection (@dhiyaneshdk, @assetnote) [medium] 🔥
• [CVE-2025-54249] Adobe Experience Manager ≤ 6.5.23.0 – SSRF (@dhiyaneshdk, @assetnote) [medium] 🔥
• [CVE-2025-49825] Teleport - Authentication Bypass (@pdteam) [critical] 🔥
• [CVE-2025-36604] Dell UnityVSA < 5.5 - Remote Command Injection (@dhiyaneshdk, @watchtowr) [critical] 🔥
• [CVE-2025-27225] TRUfusion Enterprise <= 7.10.4.0 - Admin Contact Portal (@dhiyaneshdk, @rcesecurity) [high]
• [CVE-2025-27223] TRUfusion Enterprise <= 7.10.4.0 - Authentication Bypass (@dhiyaneshdk, @rcesecurity) [critical]
• [CVE-2025-27222] TRUfusion Enterprise <= 7.10.4.0 - Path Traversal (@dhiyaneshdk, @rcesecurity) [critical]
• [CVE-2025-20362] Cisco Secure Firewall ASA & FTD - Authentication Bypass (@dhiyaneshdk, @attackerkb) [medium] 🔥 (KEV) (vKEV)
• [CVE-2025-10035] GoAnywhere - Authentication Bypass (@dhiyaneshdk, @watchtowr) [critical] 🔥 (KEV) (vKEV)
• [CVE-2025-8868] Chef Automate < 4.13.295 — SQL Injection (@3th1c_yuk1, @xbow) [critical]
• [CVE-2025-6205] DELMIA Apriso - Broken Access Control (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [high]
• [CVE-2025-6204] DELMIA Apriso - Command Injection (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical]
• [CVE-2025-0282] Ivanti Connect Secure - Stack-based Buffer Overflow (@ritikchaddha) [critical] 🔥 (KEV) (vKEV)
• [CVE-2024-48651] ProFTPD ≤ 1.3.8b - Privilege Escalation via mod_sql (@pussycat0x) [high]
• [CVE-2024-48208] Pure-FTPd < 1.0.52 - Buffer Overflow (@pussycat0x) [high]
• [CVE-2024-31839] CHAOS 5.0.1 'sendCommandHandler' - Cross-Site Scripting (@riteshs4hu) [medium]
• [CVE-2024-0593] WordPress Simple Job Board - Unauthorized Data Access (@zer0p0int) [medium] 🔥
• [CVE-2023-51713] ProFTPD < 1.3.8a - DoS via Out-of-Bounds Read (@pussycat0x) [high]
• [CVE-2023-26258] Arcserve UDP <= 9.0.6034 - Authentication Bypass (@daffainfo) [critical] 🔥 (vKEV)
• [CVE-2023-23063] Cellinx NVT Web Server - Local File Disclosure (@daffainfo) [high]
• [CVE-2023-22629] TitanFTP move-file Function ≤ 1.94.1205 - Path Traversal (@pussycat0x) [high]
• [CVE-2023-6933] Better Search Replace < 1.4.5 - PHP Object Injection (@pussycat0x) [critical] 🔥
• [CVE-2023-5559] 10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion (@daffainfo) [critical] 🔥
• [CVE-2023-4666] Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload (@pussycat0x) [critical] 🔥
• [CVE-2023-3169] tagDiv Composer < 4.2 - Stored Cross-Site Scripting (@ritikchaddha) [high]
• [CVE-2022-41352] Zimbra Collaboration - Unrestricted File Upload (@rxerium) [critical] 🔥 (KEV) (vKEV)
• [CVE-2022-38840] Güralp MAN-EAM-0003 3.2.4 - XML External Entity (XXE) (@daffainfo) [high]
• [CVE-2022-38627] Nortek Linear eMerge E3-Series - SQL Injection (@daffainfo, @omarhashem666) [critical] 🔥 (vKEV)
• [CVE-2022-25322] ZEROF Web Server 2.0 - SQL Injection (@daffainfo) [critical]
• [CVE-2022-3805] Jeg Elementor Kit < 2.5.7 - Unauthenticated Settings Update (@dhiyaneshdk, @popcorn94) [high]
• [CVE-2022-3590] WordPress <= 6.2 - Server Side Request Forgery (@riteshs4hu) [medium] 🔥 (vKEV)
• [CVE-2022-3481] NotificationX Dropshipping < 4.4 - SQL Injection (@ritikchaddha) [critical] 🔥 (vKEV)
• [CVE-2022-3477] WordPress tagDiv Composer < 3.5 - Authentication Bypass (@melmathari) [critical] 🔥 (vKEV)
• [CVE-2021-42359] WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Arbitrary Post Deletion (@daffainfo) [high] 🔥
• [CVE-2021-40524] Pure-FTPd 1.0.23 < 1.0.50 - Arbitrary File Upload (@pussycat0x) [high]
• [CVE-2021-34622] WordPress ProfilePre...

Nuclei Templates v10.2.9 - Release Notes

New Templates Added: 182 | CVEs Added: 66 | First-time contributions: 18

🔥 Release Highlights 🔥

• [CVE-2025-57819] FreePBX - Remote Code Execution (@watchtowr, @pussycat0x, @dhiyaneshdk) [critical] 🔥 (kev) (vKEV)
• [CVE-2024-51568] CyberPanel - Command Injection (@s4e-io) [critical] 🔥 (kev) (vKEV)
• [CVE-2024-46506] NetAlertX 23.01.14–24.x < 24.10.12 - Remote Code Execution (@s4e-io) [critical] 🔥 (kev) (vKEV)
• [CVE-2024-28000] WordPress LiteSpeed Cache - Unauthenticated Privilege Escalation to Admin (@melmathari) [critical] 🔥 (kev) (vKEV)
• [CVE-2024-8425] WooCommerce Ultimate Gift Card ≤ 2.6.0 - Arbitrary File Upload (@jsnv-dev) [critical] 🔥
• [CVE-2023-45249] Acronis Cyber Infrastructure - Default Password (@darses) [critical] 🔥 (kev) (vKEV)
• [CVE-2020-36155] Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta (@riteshs4hu) [critical] 🔥 (kev) (vKEV)
• [CVE-2020-11514] Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint (@s4e-io) [critical] 🔥
• [CVE-2019-7195] QNAP Photo Station - Path Traversal (@s4e-io) [critical] 🔥 (kev) (vKEV)

What's Changed

💰 Bounties Rewarded 💰

• CVE-2023-45249 Acronis Cyber Infrastructure authentication bypass 💰 (Issue #13248).
• CVE-2024-28000 LiteSpeed Cache privilege escalation 💰 (Issue #13222).
• CVE-2024-8353 GiveWP insecure deserialization 💰 (Issue #13130).
• CVE-2020-36836 WP Fastest Cache access control bypass 💰 (Issue #13098).
• CVE-2025-3515 Contact Form 7 file upload vulnerability 💰 (Issue #13029).
• CVE-2024-8425 WooCommerce Ultimate Gift Card file upload 💰 (Issue #12994).
• CVE-2024-4898 InstaWP Connect authorization bypass 💰 (Issue #13271).
• CVE-2024-36857 Jan path traversal vulnerability 💰 (Issue #13290).
• CVE-2024-23660 Binance Trust Wallet mnemonic generation 💰 (Issue #13315).
• CVE-2014-8739 jQuery File Upload unrestricted upload 💰 (Issue #12734).

Bug Fixes

• Fixed false positives in CVE-2024-43441.yaml template (Issue #13317).
• Resolved false positives in CVE-2023-3139.yaml template (Issue #13277).
• Corrected false positive redirect from Cloudflare for CVE-2022-40022 (Issue #13239).

False Negatives

• Enhanced FTP detection template to improve coverage (PR #13102).
• Enhanced Zendesk takeover detection template (Issue #13193).

False Positives

• Reduced false positives and improved accuracy in CVE-2024-43441.yaml (Issue #13317).
• Fixed false positives in CVE-2023-3139.yaml template (Issue #13277).
• Corrected false positive redirect handling in CVE-2022-40022 (Issue #13239).

Enhancements

• Added condition to CVE-2024-43441.yaml for improved accuracy (PR #13318).
• Improved Dell laser printer unauthorized access detection (PR #13303).
• Enhanced HTTP Response Splitting and Polyglot SSTI fuzzing templates (PR #13300).
• Enhanced Hikvision camera information exposure detection (PR #13293).
• Updated CVE-2020-27615.yaml with new HTTP flow and matchers (PR #13281).
• Enhanced Flowise installer detection (PR #13265).
• Added FTP services detection template (PR #13254).
• Updated Korean README documentation (PR #13249).
• Added various vulnerability detection templates including CVE-2025-58434, CVE-2025-54123, CVE-2025-52970, CVE-2025-7775.

Templates Added

• [CVE-2025-58434] Flowise <= 3.0.5 - Account Takeover (@nukunga[seunghyeonJeon]) [critical]
• [CVE-2025-58179] Astro Cloudflare Adapter - Server Side Request Forgery (@hoanganhthai) [high]
• [CVE-2025-57822] Next.js Middleware - Server-Side Request Forgery (@prdngr, @nicolas-latacora) [medium]
• [CVE-2025-57819] FreePBX - Remote Code Execution (@watchtowr, @pussycat0x, @dhiyaneshdk) [critical] 🔥 (kev) (vKEV)
• [CVE-2025-55161] Stirling-PDF SSRF via Markdown (@Beginee) [high]
• [CVE-2025-54123] Hoverfly <= 1.11.3 - Remote Code Execution (@nukunga[seonghyeonJeon]) [critical]
• [CVE-2025-53118] Securden Unified PAM - Authentication Bypass (@dhiyaneshdk, @pussycat0x, @iamnoooob, @pdresearch) [critical]
• [CVE-2025-52207] MikoPBX - Unrestricted File Upload (@darses) [critical]
• [CVE-2025-50738] Memos < 0.25.0 - Stored Cross-Site Scripting (@seonghyeonjeon[nukunga]) [medium]
• [CVE-2025-49596] MCP Inspector < 0.14.0 UnauthenticatedRemote Code Execution (@ye11oc4t) [critical]
• [CVE-2025-23061] Mongoose - NoSQL Injection (@namhyunko) [critical]
• [CVE-2025-8085] Ditty < 3.1.58 - Server-Side Request Forgery (@s4e-io) [high]
• [CVE-2025-3605] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation (@Beginee) [critical]
• [CVE-2025-3515] Contact Form 7 Drag and Drop Multiple File Upload - Arbitrary File Upload (@hnd3884) [high]
• [CVE-2024-51568] CyberPanel - Command Injection (@s4e-io) [critical] 🔥 (kev) (vKEV)
• [CVE-2024-47533] Cobbler 'XML-RPC' - Authentication Bypass (@songyaeji) [critical]
• [CVE-2024-46506] NetAlertX 23.01.14–24.x < 24.10.12 - Remote Code Execution (@s4e-io) [critical] 🔥 (kev) (vKEV)
• [CVE-2024-43441] Apache HugeGraph-Server <1.5.0 - Authentication Bypass (@wn147) [critical]
• [CVE-2024-36857] Jan v0.4.12 'readFileSync' - Path Traversal (@yusuf Amr) [high]
• [CVE-2024-33326] LumisXP - Cross-site Scripting (@0xr2r) [medium]
• [CVE-2024-29030] Memos 0.13.2 - Server-Side Request Forgery (@ritikchaddha) [medium]
• [CVE-2024-29029] Memos 0.13.2 - Cross-Site Scripting & SSRF (@ritikchaddha) [medium]
• [CVE-2024-29028] Memos 0.13.2 - Server-Side Request Forgery (@ritikchaddha) [medium]
• [CVE-2024-28000] WordPress LiteSpeed Cache - Unauthenticated Privilege Escalation to Admin (@melmathari) [critical] 🔥 (kev) (vKEV)
• [CVE-2024-11972] Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation (@s4e-io) [critical]
• [CVE-2024-9772] WordPress UIX Shortcodes <= 1.9.7 - Unauthenticated Shortcode Execution (@kankburhan) [high]
• [CVE-2024-8425] WooCommerce Ultimate Gift Card ≤ 2.6.0 - Arbitrary File Upload (@jsnv-dev) [critical] 🔥
• [CVE-2024-8353] GiveWP Donation Plugin <= 3.16.1 - Unauthenticated PHP Object Injection (@hnd3884) [critical]
• [CVE-2024-4898] WordPress InstaWP Connect <= 0.1.0.38 - Unauthenticated User Creation (@Sourabh-Sahu) [critical]
• [CVE-2024-3378] iboss Secure Web Gateway - Stored Cross-Site Scripting (@s4e-io) [medium]
• [CVE-2024-2782] WordPress FluentForms <= 5.1.16 - Broken Access Control (@riteshs4hu) [high]
• [CVE-2024-2771] Contact Form Plugin by Fluent Forms < 5.1.17 - Unauthenticated Limited Privilege Escalation (@Sourabh-Sahu) [critical]
• [CVE-2023-47873] WordPress WP Child Theme Generator < 1.1.3 - Arbitrary File Upload (@cysamu, @crux) [critical]
• [CVE-2023-45249] Acronis Cyber Infrastructure - Default Password (@darses) [critical] 🔥 (kev) (vKEV)
• [CVE-2023-40000] LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS (@0x_Akoko) [high]
• [CVE-2023-6000] WordPress Popup Builder <= 4.2.3 - Unauthenticated Stored XSS (@riteshs4hu) [medium]
• [CVE-2023-3139] Protect WP Admin < 4.0 - Unauthenticated Protection Bypass (@popcorn94) [medium]
• [CVE-2023-0876] WordPress Meta SEO <= 4.5.2 - Open Redirect (@Khalid6468) [medium]
• [CVE-2023-0037] WordPress 10Web Map Builder < 1.0.73 - Unauthenticated SQL Injection (@riteshs4hu) [critical]
• [CVE-2022-37932] HP Switch - Authentication Bypass (@phulelouch) [high]
• [CVE-2022-4971] Sassy Social Share <= 3.3.3 - Cross-Site Scripting (@popcorn94) [medium]
• [CVE-2022-3124] Frontend File Manager < 21.3 - Unauthenticated File Renaming (@riteshs4hu) [medium]
• [CVE-2022-2461] Transposh WordPress Translation <= 1.0.8 - Unauthenticated Settings Change (@riteshs4hu) [medium]
• [CVE-2022-0429] WP Cerber Security, Anti-spam & Malware Scan < 8.9.6 - Cross-Site Scripting (@s4e-io) [medium]
• [CVE-2021-34624] WordPress ProfilePress 3.0-3.1.3 - Arbitrary File Upload (@Sourabh-Sahu) [critical]
• [CVE-2021-24878] SupportCandy < 2.2.7 - Reflected Cross-Site Scripting (@popcorn94) [medium]
• [CVE-2021-24876] Registrations for The Events Calendar < 2.7.5 - Authenticated Reflected Cross-Site Scripting (@popcorn94) [medium]
• [CVE-2021-24644] Images to WebP < 1.9 - Authenticated Local File Inclusion (@Sourabh-Sahu) [high]
• [CVE-2021-24527] Profile Builder < 3.4.9 - Improper Authentication (@Sourabh-Sahu) [critical]
• [CVE-2021-24170] User Profile Picture < 2.5.0 - Sensitive Information Disclosure (@s4e-io) [high]
• [CVE-2020-36836] WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion (@melmathari) [high]
• [CVE-2020-36155] Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta (@riteshs4hu) [critical] 🔥 (kev) (vKEV)
• [CVE-2020-27615] WordPress Loginizer < 1.6.4 – Unauthenticated SQL Injection via log Parameter (@intelligent-ears) [critical]
• [CVE-2020-23814] XXL-JOB v2.2.0 — Stored Cross Site Scripting (@Sourabh-Sahu) [medium]
• [CVE-2020-11515] Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint (@s4e-io) [medium]
• [CVE-2020-11514] Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint (@s4e-io) [critical] 🔥
• [CVE-2019-17233] WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated HTML Content Injection (@daffainfo) [medium]
• [CVE-2019-17231] WordPress OneTone theme <= 3.0.6 – Unauthenticated Stored XSS (@daffainfo) [medium]
• [CVE-2019-17230] WordPress OneTone theme <= 3.0.6 – Unauthenticated Options Changes (@daffainfo) [medium]
• [CVE-2019-17228] Motors Car Dealer & Classified Ads <= 1.4.0 - Unauthenticated settings import/export (@daffainfo) [medium]
• [CVE-2019-15774] ND Booking < 2.5 - Unauthenticated Options Change (@popcorn94) [medium]
• [CVE-2019-9881] WPEngine WPGraphQL 0.2.3 - Unauthenticated Comment Posting (@intelligent-ears) [medium]
• [CVE-2019-9880] WPEngine WPGraphQL 0.2.3 - Unauthenticated User Information Disclosure (@intelligent-ears) [critical]
• [CVE-2019-7195] QNAP Photo Station - Path Traversal (@s4e-io) [critical] 🔥 (kev) (vKEV)
• [CVE-2016-15042] WordPress Frontend Fi...

Nuclei Templates v10.2.8 - Release Notes

New Templates Added: 114 | CVEs Added: 33 | First-time contributions: 17

🔥 Release Highlights 🔥

• [CVE-2025-54309] CrushFTP - Auth Bypass Race Condition (@pussycat0x, @watchtowr, @dhiyaneshdk) [critical] 🔥 (kev) (vKEV)
• [CVE-2025-54125] XWiki XML View - Sensitive Information Exposure (@ritikchaddha) [high] 🔥
• [CVE-2025-53364] Parse Server - GraphQL Schema Information Disclosure (@securitytaters) [medium] 🔥
• [CVE-2025-51502] Microweber CMS 2.0 - Reflected XSS in Admin Page Creation (@nukunga) [medium] 🔥
• [CVE-2025-51501] Microweber CMS2.0 - Cross-Site Scripting (@nukunga) [medium] 🔥
• [CVE-2025-46554] XWiki REST API - Attachments Disclosure (@ritikchaddha) [high] 🔥
• [CVE-2025-34073] Maltrail <=0.54 Username Parameter - RCE (@SeungAh-Hong) [critical] 🔥
• [CVE-2025-32970] XWiki WYSIWYG API - Open Redirect (@ritikchaddha) [medium] 🔥
• [CVE-2025-32969] XWiki REST API Query - SQL Injection (@ritikchaddha) [critical] 🔥
• [CVE-2025-32430] XWiki Platform - Cross-Site Scripting (@ritikchaddha) [medium] 🔥
• [CVE-2025-29925] XWiki REST API - Private Pages Disclosure (@ritikchaddha) [high] 🔥
• [CVE-2025-27888] Apache Druid - Server-Side Request Forgery (@xbow, @dhiyaneshdk) [high] 🔥
• [CVE-2025-25256] Fortinet FortiSIEM - OS Command Injection (@watchtowr, @darses) [critical] 🔥 (kev) (vKEV)
• [CVE-2025-22457] Ivanti Connect Secure - Stack-based Buffer Overflow (@s4e-io) [critical] 🔥 (kev) (vKEV)
• [CVE-2025-4632] Samsung MagicINFO 9 Server - File Upload & Remote Code Execution (@s4e-io) [critical] 🔥 (kev) (vKEV)
• [CVE-2023-37988] Contact Form Generator <= 2.5.5 - Cross-Site Scripting (@0xr2r, @vats147) [medium] 🔥
• [CVE-2020-36708] WordPress Epsilon Framework Themes <=2.4.8 - RCE (@madrobot) [critical] 🔥 (kev) (vKEV)
• [CVE-2020-11975] Apache Unomi - Remote Code Execution (@Sourabh-Sahu) [critical] 🔥 (kev) (vKEV)
• [CVE-2018-0171] Cisco Smart Install - Configuration Download (@ritikchaddha) [critical] 🔥 (kev) (vKEV)

What's Changed

💰 Bounties Rewarded 💰

• CVE-2025-4632 - Samsung MagicINFO - Path Traversal 💰 (Issue #12946).
• CVE-2025-34035 - EnGenius EnShare Cloud Service - Command Injection 💰 (Issue #12920).
• CVE-2018-7841 - U.motion Builder - SQL Injection 💰 (Issue #12851).
• CVE-2018-19127 - PHPCMS 2008 - Remote Code Execution 💰 (Issue #12722).
• CVE-2020-11975 - Apache Unomi - Expression Language Injection 💰 (Issue #12668).
• CVE-2022-25237 - Bonita Web - Authorization Bypass 💰 (Issue #12656).

Bug Fixes

• Fixed matchers words in CVE-2000-0114.yaml (PR #13026).
• Fixed apache-rocketmq-broker-unauth.yaml false positive (PR #12942).
• Fixed false positive in composer-config.yaml (PR #12900).
• Fixed typo in CVE-2024-36104.yaml (PR #12898).
• Removed name bit in extractor section for grafana-detect template (PR #12911).

False Negatives

• Fixed swagger-api.yaml to reduce underreporting (Issue #12764).

False Positives

• Reduced false positives in composer-config.yaml (Issue #12863).
• Fixed false positives in CVE-2022-24493 template (PR #12966).
• Fixed false positives in wordpress-vulnerability-assessment (PR #12954).
• Multiple false positives reported and addressed (Issue #12956).

Enhancements

• Added Nuclei Templates v10.2.8 Release Prep (PR #13046).
• Updated KEV Tags (PR #12999).
• Added comprehensive template creation and review guides (PR #12935).
• Enhanced detection capabilities in multiple CVE templates.
• Added new detection templates for various services including MESHERY, Bugzilla, AEM Forms, and others.
• Created multiple CVE templates for new vulnerabilities (CVE-2025-53677, CVE-2025-3515, CVE-2025-25231, etc.).
• Updated protocol syntax and deprecated templates.
• Added Linux Audit Templates directory changes.
• Enhanced TFTP detection with additional matchers.

Templates Added

• [CVE-2025-57789] Commvault Initial Administrator Login Process Vulnerability (@dhiyaneshdk, @watchtowr) [medium]
• [CVE-2025-57788] Commvault Unauthenticated Password Disclosure (WT-2025-0047) (@dhiyaneshdk, @iamnoooob, @pdresearch, @watchtowr) [medium]
• [CVE-2025-55169] WeGIA - Directory Traversal (@praivesi) [critical]
• [CVE-2025-54589] Copyparty <=1.18.6 - Cross-Site Scripting (@s-cu-bot) [medium]
• [CVE-2025-54309] CrushFTP - Authentication Bypass Race Condition (@pussycat0x, @watchtowr, @dhiyaneshdk) [critical] 🔥 (kev) (vKEV)
• [CVE-2025-54125] XWiki XML View - Sensitive Information Exposure (@ritikchaddha) [high] 🔥
• [CVE-2025-53364] Parse Server - GraphQL Schema Information Disclosure (@securitytaters) [medium] 🔥
• [CVE-2025-51502] Microweber CMS 2.0 - Reflected XSS in Admin Page Creation (@nukunga) [medium] 🔥
• [CVE-2025-51501] Microweber CMS2.0 - Cross-Site Scripting (@nukunga) [medium] 🔥
• [CVE-2025-46554] XWiki REST API - Attachments Disclosure (@ritikchaddha) [high] 🔥
• [CVE-2025-34152] Shenzhen Aitemi M300 Wi-Fi Repeater – Unauthenticated Remote Command Execution via time Parameter (@Chocapikk, @dhiyaneshdk) [critical]
• [CVE-2025-34073] Maltrail <=0.54 Username Parameter - Remote Command Execution (@SeungAh-Hong) [critical] 🔥
• [CVE-2025-34035] EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution (@intelligent-ears) [critical]
• [CVE-2025-32970] XWiki WYSIWYG API - Open Redirect (@ritikchaddha) [medium] 🔥
• [CVE-2025-32969] XWiki REST API Query - SQL Injection (@ritikchaddha) [critical] 🔥
• [CVE-2025-32430] XWiki Platform - Cross-Site Scripting (@ritikchaddha) [medium] 🔥
• [CVE-2025-29925] XWiki REST API - Private Pages Disclosure (@ritikchaddha) [high] 🔥
• [CVE-2025-28906] Skitter Slideshow <= 2.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting (@nblirwn) [medium]
• [CVE-2025-27888] Apache Druid - Server-Side Request Forgery (@xbow, @dhiyaneshdk) [high] 🔥
• [CVE-2025-25256] Fortinet FortiSIEM - OS Command Injection (@watchtowr, @darses) [critical] 🔥 (kev) (vKEV)
• [CVE-2025-25231] Omnissa Workspace ONE UEM - Path Traversal (@dhiyaneshdk, @slcyber) [high]
• [CVE-2025-22457] Ivanti Connect Secure - Stack-based Buffer Overflow (@s4e-io) [critical] 🔥 (kev) (vKEV)
• [CVE-2025-6934] The Opal Estate Pro – Property Management <= 1.7.5 - Unauthenticated Privilege Escalation (@pussycat0x) [critical]
• [CVE-2025-4632] Samsung MagicINFO 9 Server - File Upload & Remote Code Execution (@s4e-io) [critical] 🔥 (kev) (vKEV)
• [CVE-2025-1562] Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit - Broken Access Control (@s4e-io) [critical]
• [CVE-2023-37988] Contact Form Generator <= 2.5.5 - Cross-Site Scripting (@0xr2r, @vats147) [medium] 🔥
• [CVE-2023-27163] Request-Baskets <= 1.2.1 - Server Side Request Forgery (@Jaenact) [medium]
• [CVE-2023-1893] Login Configurator <=2.1 - Cross-Site Scripting (@0xr2r) [medium]
• [CVE-2020-36708] WordPress Epsilon Framework Themes <=2.4.8 - Remote Code Execution (@madrobot) [critical] 🔥 (kev) (vKEV)
• [CVE-2020-11975] Apache Unomi - Remote Code Execution (@Sourabh-Sahu) [critical] 🔥 (kev) (vKEV)
• [CVE-2018-19127] PHPCMS 2008 - Remote Code Execution via Template Injection (@tomaquet18) [critical]
• [CVE-2018-7841] Schneider Electric U.motion Builder - Remote Code Execution (@darses, @rcesecurity) [critical]
• [CVE-2018-0171] Cisco Smart Install - Configuration Download (@ritikchaddha) [critical] 🔥 (kev) (vKEV)
• [autofs-service] Ensure autofs Service is Not Installed (@Th3l0newolf) [info]
• [avahi-daemon] Ensure Avahi Daemon Service is Not Installed (@Th3l0newolf) [info]
• [dhcp-server] Ensure DHCP Server Service is Not Installed (@Th3l0newolf) [info]
• [dns-server] Ensure DNS Server Service is Not Installed (@Th3l0newolf) [info]
• [dns-zone-transfer-any] DNS Zone Transfer Allowed to Any Host (@songyaeji) [high]
• [dnsmasq-service] Ensure dnsmasq Service is Not Installed (@Th3l0newolf) [info]
• [etc-services-permission-check] /etc/services Permission Check (@songyaeji) [high]
• [finger-service-enabled] Linux Finger Should Be Disabled (@songyaeji) [high]
• [ftp-client] Ensure FTP Client is Not Installed (@Th3l0newolf) [info]
• [ftp-server] Ensure FTP Server Service is Not Installed (@Th3l0newolf) [info]
• [home-env-permission] User Home Directory and Shell Environment File Ownership & Permission (@songyaeji) [medium]
• [inactive-password-lock-default] Ensure Inactive Password Lock is Configured (Default Setting) (@Th3l0newolf) [high]
• [ldap-client] Ensure LDAP Client is Not Installed (@Th3l0newolf) [info]
• [ldap-server] Ensure LDAP Server Service is Not Installed (@Th3l0newolf) [info]
• [linux-account-lockout-threshold] Linux Account Lockout Threshold Check (@songyaeji) [high]
• [linux-anonymous-ftp-enabled] Linux Anonymous FTP Access Enabled (@songyaeji) [high]
• [linux-automountd-enabled] Automountd Service Enabled (@songyaeji) [medium]
• [linux-cron-permissions-check] Cron Access File Ownership & Permissions (@songyaeji) [high]
• [linux-legacy-services-enabled] DoS Vulnerable Service Enabled (@songyaeji) [high]
• [linux-nis-service] NIS Service Should Be Disabled (@songyaeji) [high]
• [linux-nisplus-service] NIS+ Service Should Be Disabled (@songyaeji) [high]
• [linux-rexec-service] rexec Service Should Be Disabled (@songyaeji) [high]
• [linux-rhosts-hostsequiv-misconfig] Rhosts and Hosts.equiv Misconfiguration Check (@songyaeji) [high]
• [linux-rlogin-service] rlogin Service Should Be Disabled (@songyaeji) [high]
• [linux-root-remote-login] Linux Root Remote Login Enabled - Misconfig (@songyaeji) [high]
• [linux-rsh-service] rsh Service Should Be Disabled (@songyaeji) [high]
• [linux-world-writable-file] Linux World-Writable File Permission (@songyaeji) [high]
• [message-access-server] Ensure Message Access Server Service is Not Installed (@Th3l0newolf) [info]
• [nfs-daemon-service] NFS Service Daemon Should Be Disabled (@songyaeji) [high]
• [nfs-insecure-exports] NFS I...

Nuclei Templates v10.2.7 - Release Notes

New Templates Added: 50 | CVEs Added: 08 | First-time contributions: 3

🔥 Release Highlights 🔥

• [CVE-2025-54782] NestJS DevTools Integration - Remote Code Execution (@nukunga) [critical] 🔥
• [CVE-2025-25257] Fortinet FortiWeb - SQL Injection (@watchtowr, @johnk3r) [critical] 🔥 (KEV)
• [CVE-2025-8286] Güralp Systems FMUS Series - Unauthenticated Access (@darses) [critical] 🔥
• [CVE-2025-8191] Swagger UI >=3.14.1 < 3.38.0 - DOM Based Cross-Site Scripting (@dhiyaneshdk) [medium] 🔥
• [CVE-2025-5394] Unauthenticated Arbitrary Plugin Upload in Alone Theme (@Nxploited, @dhiyaneshdk) [critical] 🔥 (KEV)
• [CVE-2025-4334] Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation (@pussycat0x) [critical] 🔥
• [CVE-2024-2053] Artica Proxy - Unauthenticated LFI (@pussycat0x) [high] 🔥
• [CVE-2022-25237] Bonita Web 2021.2 - Authentication/Authorization Bypass (@Sourabh-Sahu) [critical] 🔥 (KEV)

What's Changed

• [CVE-2025-54782] NestJS DevTools Integration - Remote Code Execution (@nukunga) [critical] 🔥
• [CVE-2025-53558] ZTE ZXHN-F660T/F660A - Default Credentials (@dhiyaneshdk) [high]
• [CVE-2025-48954] Discourse OAuth Social Login - Cross-site Scripting (@ferreiraklet, @dhiyaneshdk, @pdresearch) [high]
• [CVE-2025-44177] White Star Software ProTop - Directory Traversal (@s-cu-bot) [high]
• [CVE-2025-25257] Fortinet FortiWeb - SQL Injection (@watchtowr, @johnk3r) [critical] 🔥 (KEV)
• [CVE-2025-8286] Güralp Systems FMUS Series - Unauthenticated Access (@darses) [critical] 🔥
• [CVE-2025-8191] Swagger UI >=3.14.1 < 3.38.0 - DOM Based Cross-Site Scripting (@dhiyaneshdk) [medium] 🔥
• [CVE-2025-6197] Open Redirect via Organization Switching (@iamnoooob, @pdresearch) [medium]
• [CVE-2025-5394] Unauthenticated Arbitrary Plugin Upload in Alone Theme (@Nxploited, @dhiyaneshdk) [critical] 🔥 (KEV)
• [CVE-2025-4334] Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation (@pussycat0x) [critical] 🔥
• [CVE-2025-1595] EasyCVR <=2.1.2 - Information Disclosure (@ritikchaddha) [medium]
• [CVE-2024-2053] Artica Proxy - Unauthenticated LFI (@pussycat0x) [high] 🔥
• [CVE-2022-25237] Bonita Web 2021.2 - Authentication/Authorization Bypass (@Sourabh-Sahu) [critical] 🔥 (KEV)
• [apache-inlong-default-login] Apache InLong - Default Login (@icarot) [high]
• [openmetadata-default-login] OpenMetadata - Default Login (@icarot) [high]
• [meddream-dicom-viewer-panel] MedDream DICOM Viewer - Panel (@darses) [info]
• [opensign-panel] OpenSign Login Panel - Detect (@righettod) [info]
• [scalar-detection] Scalar API Documentation - Detect (@recepgunes) [info]
• [suse-manager-panel] SUSE Manager Server - Panel (@darses) [info]
• [dnt-policy-detect] DNT Policy Declaration (@rxerium) [info]
• [zipline-installer] Zipline - Installer (@pussycat0x) [critical]
• [titiler-ssrf] TiTiler - Blind Server Side Request Forgery (@xbow, @dhiyaneshdk) [high]
• [tomcat-directory-listing] Apache Tomcat - Directory Listing Enabled (@oleveloper) [medium]
• [9gag] 9GAG User Name Information - Detect (@princechaddha, @rxerium) [info]
• [apple-developer] Apple Developer User Name Information - Detect (@princechaddha, @rxerium) [info]
• [apple-discussions] Apple Discussions User Name Information - Detect (@princechaddha, @rxerium) [info]
• [atcoder] AtCoder User Name Information - Detect (@princechaddha, @rxerium) [info]
• [bluesky] Bluesky User Name Information - Detect (@princechaddha, @rxerium) [info]
• [cgtrader] CGTrader User Name Information - Detect (@princechaddha, @rxerium) [info]
• [codechef] CodeChef User Name Information - Detect (@princechaddha, @rxerium) [info]
• [geeksforgeeks] GeeksforGeeks User Name Information - Detect (@princechaddha, @rxerium) [info]
• [genius-users] Genius Users User Name Information - Detect (@princechaddha, @rxerium) [info]
• [giant-bomb] Giant Bomb User Name Information - Detect (@princechaddha, @rxerium) [info]
• [hudsonrock] HudsonRock User Name Information - Detect (@princechaddha, @rxerium) [info]
• [kaskus] Kaskus User Name Information - Detect (@princechaddha, @rxerium) [info]
• [lastfm] Last.fm User Name Information - Detect (@princechaddha, @rxerium) [info]
• [letterboxd] Letterboxd User Name Information - Detect (@princechaddha, @rxerium) [info]
• [mixcloud] Mixcloud User Name Information - Detect (@princechaddha, @rxerium) [info]
• [monkeytype] Monkeytype User Name Information - Detect (@princechaddha, @rxerium) [info]
• [mydramalist] MyDramaList User Name Information - Detect (@princechaddha, @rxerium) [info]
• [nationstates-nation] NationStates Nation User Name Information - Detect (@princechaddha, @rxerium) [info]
• [replit] Replit User Name Information - Detect (@princechaddha, @rxerium) [info]
• [reverbnation] ReverbNation User Name Information - Detect (@princechaddha, @rxerium) [info]
• [runescape] RuneScape User Name Information - Detect (@princechaddha, @rxerium) [info]
• [scribd] Scribd User Name Information - Detect (@princechaddha, @rxerium) [info]
• [sketchfab] Sketchfab User Name Information - Detect (@princechaddha, @rxerium) [info]
• [slack] Slack User Name Information - Detect (@princechaddha, @rxerium) [info]
• [strava] Strava User Name Information - Detect (@princechaddha) [info]
• [topcoder] Topcoder User Name Information - Detect (@princechaddha, @rxerium) [info]
• [weblate] Weblate User Name Information - Detect (@princechaddha, @rxerium) [info]
• [younow] YouNow User Name Information - Detect (@princechaddha, @rxerium) [info]
• [apache-inlong-detect] Apache InLong - Detect (@icarot) [info]
• [nocobase-detect] NocoBase - Detect (@fur1na) [info]
• [openmetadata-detect] OpenMetadata - Detect (@icarot) [info]
• [easycvr-user-info-disclosure] EasyCVR User - Information Disclosure (@dostghost) [medium]

New Contributors

• @Sourabh-Sahu made their first contribution in #12657
• @s-cu-bot made their first contribution in #12749
• @oleveloper made their first contribution in #12761

Full Changelog: v10.2.6...v10.2.7

Nuclei Templates v10.2.6 - Release Notes

New Templates Added: 41 | CVEs Added: 27 | First-time contributions: 4

🔥 Release Highlights 🔥

• [CVE-2025-53770] Microsoft SharePoint Server - Remote Code Execution (ToolShell) (@_l0gg, @SamIntruder, @sfewer-r7, @iamnoooob, @pdresearch) [critical] 🔥 (KEV)
• [CVE-2025-49029] WordPress Custom Login And Signup Widget Plugin <= 1.0 - Code Execution (@pussycat0x) [high] 🔥
• [CVE-2025-34077] WordPress Pie Register <= 3.7.1.4 - Authentication Bypass (@kylew1004) [critical] 🔥
• [CVE-2025-6970] WordPress Events Manager <= 7.0.3 - SQL Injection (@iamnoooob, @pdresearch) [critical] 🔥
• [CVE-2025-6851] WordPress Broken Link Notifier < 1.3.1 - Unauthenticated SSRF (@iamnoooob, @pdresearch) [high] 🔥
• [CVE-2024-58136] Yii2 PHP Framework < 2.0.52 - Remote Code Execution (@ritikchaddha) [critical] 🔥
• [CVE-2024-50477] WordPress Stacks Mobile App Builder <=5.2.3 - Authentication Bypass (@stealthcopter, @vijay-sutar) [critical] 🔥
• [CVE-2024-29198] GeoServer Demo Request Endpoint - Server Side Request Forgery (@iamnoooob, @pdresearch) [high] 🔥
• [CVE-2019-5544] VMware ESXi SLP - Heap Overflow DoS (@riteshs4hu) [critical] 🔥
• [CVE-2017-18349] Fastjson Insecure Deserialization - Remote Code Execution (@night) [critical] 🔥

What's Changed

💰 Bounties Rewarded 💰

• CVE-2019-7194 - QNAP Photo Station - Path Traversal 💰 (Issue #12254)

Bug Fixes

• Fixed mismatched SSL certificate for Microsoft Intune (Issue #12704)
• Fixed false-negative detection for CVE-2025-4427 (Issue #12663)
• Fixed false-negative in nacos-create-user.yaml (Issue #12683)
• Fixed false-positive in credit-card-number-detect (Issue #12667)
• Fixed false-positive in molgenis-default-login.yaml (Issue #12681)
• Fixed false-negative in oneinstack-control-center.yaml (Issue #12669)
• Updated printer info leak template for more context (Issue #12596)

False Negatives

• Improved detection for nacos-create-user template (Issue #12508)
• Improved detection for CVE-2025-4427 - Ivanti Endpoint Manager Mobile (Issue #12209)
• Fixed false-negative in oneinstack-control-center.yaml (Issue #12669)
• Fixed false-negative detection for CVE-2025-4427 (Issue #12663)

False Positives

• Reduced false positives in phpmyadmin-misconfiguration.yaml (Issues #12647, #12537, #12621)
• Reduced false positives in CVE-2023-1389.yaml (Issues #12342, #12592)
• Reduced false positives in molgenis-default-login.yaml (Issue #12681)
• Reduced false positives in credit-card-number-detect (Issue #12667)
• Reduced false positives in mismatched-ssl-certificate for Microsoft Intune (Issue #12704)

Enhancements

• Updated and renamed sql-dump.yaml to mysql-dump.yaml (Issue #12675)
• Renamed citrix-adc-gateway-detect.yaml to citrix-adc-gateway-panel.yaml (Issue #12674)
• Updated cisco-asa-panel.yaml (Issue #12673)
• Updated and renamed arcgis-tokens.yaml to arcgis-token-service-detect.yaml (Issue #12672)
• Renamed access-log.yaml to access-log-file.yaml (Issue #12671)
• Updated argocd-login.yaml (Issue #12670)
• Updated ms-exchange-local-domain.yaml (Issue #12627)
• Updated CVE-2025-53770.yaml (Issue #12713)
• Added server-info and server-status matching (Issue #12720)
• Changed ID and name in template (Issue #12677)
• Moved code CVEs (Issue #12610)

Templates Added

• [CVE-2025-53833] LaRecipe < 2.8.1 Remote Code Execution via SSTI (@iamnoooob, @pdresearch) [critical]
• [CVE-2025-53770] Microsoft SharePoint Server - Remote Code Execution (ToolShell) (@_l0gg, @SamIntruder, @sfewer-r7, @iamnoooob, @pdresearch) [critical] 🔥 (KEV)
• [CVE-2025-49029] WordPress Custom Login And Signup Widget Plugin <= 1.0 - Arbitrary Code Execution (@pussycat0x) [high] 🔥
• [CVE-2025-40630] IceWarp Mail Server ≤11.4.0 - Open Redirect (@dhiyaneshdk) [medium]
• [CVE-2025-34300] SawtoothSoftware Lighthouse Studio < 9.16.14 - Pre-Auth Remote Code Execution (@assetnote, @dhiyaneshdk, @iamnoooob) [critical]
• [CVE-2025-34143] ETQ Reliance - Authentication Bypass via Trailing Space (@slcyber, @dhiyaneshdk) [critical]
• [CVE-2025-34141] ETQ Reliance - Reflected XSS via SQLConverterServlet (@slcyber, @pdresearch) [medium]
• [CVE-2025-34077] WordPress Pie Register <= 3.7.1.4 - Authentication Bypass (@kylew1004) [critical] 🔥
• [CVE-2025-6970] WordPress Events Manager <= 7.0.3 - SQL Injection (@iamnoooob, @pdresearch) [critical] 🔥
• [CVE-2025-6851] WordPress Broken Link Notifier < 1.3.1 - Unauthenticated SSRF (@iamnoooob, @pdresearch) [high] 🔥
• [CVE-2025-6058] WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload (@pussycat0x) [critical]
• [CVE-2025-5961] WordPress WPvivid Backup & Migration Plugin <= 0.9.116 - Authenticated Arbitrary File Upload (@pussycat0x) [high]
• [CVE-2025-2712] Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2025-2711] Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2025-2710] Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2025-2709] Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2024-58136] Yii2 PHP Framework < 2.0.52 - Remote Code Execution (@ritikchaddha) [critical] 🔥
• [CVE-2024-50477] WordPress Stacks Mobile App Builder <=5.2.3 - Authentication Bypass (@stealthcopter, @vijay-sutar) [critical] 🔥
• [CVE-2024-42852] AcuToWeb server/10.5.0.7577c8b - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2024-36675] LyLme spage v1.9.5 - Server-Side Request Forgery (@ritikchaddha) [high]
• [CVE-2024-33832] OneNav v0.9.35-20240318 - Server-Side Request Forgery (SSRF) (@ritikchaddha) [medium]
• [CVE-2024-29198] GeoServer Demo Request Endpoint - Server Side Request Forgery (@iamnoooob, @pdresearch) [high] 🔥
• [CVE-2024-11587] idcCMS V1.60 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2024-9007] 123Solar 1.8.4.5 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2020-29390] Zeroshell 3.9.3 - Command Injection (@dhiyaneshdk) [critical]
• [CVE-2019-5544] VMware ESXi SLP - Heap Overflow DoS (@riteshs4hu) [critical] 🔥
• [CVE-2017-18349] Fastjson Insecure Deserialization - Remote Code Execution (@night) [critical] 🔥
• [amatera-stealer-panel] Amatera Stealer C2 Panel - Detect (@pussycat0x) [info]
• [bofamet-stealer-panel] Bofamet Stealer C2 Panel - Detect (@pussycat0x) [info]
• [cyber-stealer-panel] Cyber Stealer C2 Panel - Detect (@pussycat0x) [info]
• [oxf-phaas-panel] OXF Phishing as a Service Panel - Detect (@pussycat0x) [info]
• [saltbo-zpan-panel] Saltbo/zpan Panel - Detect (@ritikchaddha) [info]
• [safeq-panel] YSoft SafeQ Panel - Detect (@matejsmycka) [info]
• [ibarn-installer] iBarn Installer - Exposure (@ritikchaddha) [high]
• [saltbo-zpan-installer] Saltbo/zpan Installer - Exposure (@ritikchaddha) [high]
• [strongshop-installer] StrongShop Installer - Exposure (@ritikchaddha) [high]
• [luma] Luma User Name Information - Detect (@rxerium) [info]
• [sharepoint-toolshell-backdoor] SharePoint Webshell - ToolShell (@johnk3r) [critical]
• [wp-ninja-tables-lfi] Ninja Tables <4.1.9 - Unauthenticated Arbitrary File Read (@xbow, @dhiyaneshdk) [high]
• [vtun-server] VTUN Server - Detection (@pussycat0x) [info]
• [nats-server-enum] NATS Server - Detect (@pussycat0x) [info]

New Contributors

• @criminalinfluencer made their first contribution in #12402
• @SamIntruder made their first contribution in #12686
• @VijayS1808 made their first contribution in #12595
• @kylew1004 made their first contribution in #12726

Full Changelog: v10.2.5...v10.2.6

Nuclei Templates v10.2.5 - Release Notes

New Templates Added: 75 | CVEs Added: 22 | First-time contributions: 5

🔥 Release Highlights 🔥

• [CVE-2025-48827] vBulletin 5.0.0-6.0.3 - Authentication Bypass (@pszyszkowski) [critical] 🔥
• [CVE-2025-47812] Wing FTP Server <= 7.4.3 - Remote Code Execution (@rcesecurity, @4m3rr0r) [critical] (kev) 🔥
• [CVE-2025-5777] Citrix NetScaler Memory Disclosure - CitrixBleed 2 (@watchtowr, @dhiyaneshdk, @darses) [critical] (kev) 🔥
• [CVE-2025-4380] Ads Pro Plugin <= 4.89 - Local File Inclusion (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2025-2010] WordPress JobWP Plugin <= 2.3.9 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2024-42475] Fortinet SSL-VPN - Heap-Based Buffer Overflow (@0xhaggis, @pszyszkowski) [critical] 🔥
• [CVE-2020-9548] FasterXML Jackson Databind <=2.9.10.4 - Remote Code Execution (@tomaquet18) [critical] 🔥
• [CVE-2020-9547] FasterXML jackson-databind - Deserialization Remote Code Execution (@Pranjalnegi) [critical] 🔥

---

What's Changed

💰 Bounties Rewarded 💰

• CVE-2025-48827 - vBulletin - Authentication Bypass 💰 #12506
• CVE-2020-9547 - FasterXML jackson-databind 💰 #12488
• CVE-2020-9548 - CVE-2020-9548 💰 #12484
• CVE-2020-0646 - Microsoft .NET Framework - Remote Code Execution 💰 #12210
• CVE-2020-12641 - Roundcube Webmail - Command Injection 💰 #12153

False Negatives

• Fixed CVE-2023-5561 false negatives (#12187)

Templates Added

• [CVE-2025-53624] Docusaurus Gists Plugin < 4.0.0 - GitHub Personal Access Token Exposure (@darses) [high]
• [CVE-2025-52488] DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure (@assetnote, @dhiyaneshdk, @iamnoooob, @pdresearch) [high] 🔥
• [CVE-2025-49493] Akamai CloudTest < 60 2025.06.02 - XML External Entity (XXE) (@xbow, @3th1c_yuk1) [critical]
• [CVE-2025-48827] vBulletin 5.0.0-6.0.3 - Authentication Bypass (@pszyszkowski) [critical] 🔥
• [CVE-2025-47813] Wing FTP Server <= 7.4.3 - Path Disclosure via Overlong UID Cookie (@rcesecurity, @pdteam) [medium]
• [CVE-2025-47812] Wing FTP Server <= 7.4.3 - Remote Code Execution (@rcesecurity, @4m3rr0r) [critical] (kev) 🔥
• [CVE-2025-41646] RevPi Webstatus <= v2.4.5 - Authentication Bypass (@dhiyaneshdk) [critical]
• [CVE-2025-34040] Zhiyuan OA Platform - Arbitrary File Upload (@iamnoooob, @pdresearch) [critical]
• [CVE-2025-32815] NetMRI < 7.6.1 - Authentication Bypass via Hardcoded Credentials (@iamnoooob, @pdresearch) [medium]
• [CVE-2025-32814] NetMRI Unauthenticated SQL Injection via skipjackUsername (@iamnoooob, @pdresearch) [critical]
• [CVE-2025-32813] Infoblox NetMRI < 7.6.1 - Unauthenticated Command Injection in get_saml_request (@iamnoooob, @pdresearch) [high]
• [CVE-2025-27505] GeoServer - Missing Authorization on REST API Index (@securitytaters) [medium]
• [CVE-2025-6216] Allegra - Authentication Bypass via Predictable Password Reset Token (@iamnoooob, @pdresearch) [critical]
• [CVE-2025-5777] Citrix NetScaler Memory Disclosure - CitrixBleed 2 (@watchtowr, @dhiyaneshdk, @darses) [critical] (kev) 🔥
• [CVE-2025-4380] Ads Pro Plugin <= 4.89 - Local File Inclusion (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2025-2010] WordPress JobWP Plugin <= 2.3.9 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2024-50334] Scoold < 1.64.0 - Authentication Bypass (@xbow, @iamnoooob, @pdresearch) [medium]
• [CVE-2024-42475] Fortinet SSL-VPN - Heap-Based Buffer Overflow (@0xhaggis, @pszyszkowski) [critical] 🔥
• [CVE-2023-49230] Peplink Balance Two before 8.4.0 - Unauthenticated Config Upload (@Srilakivarma) [high]
• [CVE-2022-23397] Cedar Gate EZ-NET <= 6.8.0 - Cross-Site Scripting (@Srilakivarma) [medium]
• [CVE-2020-9548] FasterXML Jackson Databind <=2.9.10.4 - Remote Code Execution (@tomaquet18) [critical] 🔥
• [CVE-2020-9547] FasterXML jackson-databind - Deserialization Remote Code Execution (@Pranjalnegi) [critical] 🔥
• [account-lockout-threshold] Account Lockout Threshold Check (@nukunga[SungHyunJeon]) [medium]
• [admin-account-rename] Administrator Account Rename Check (@nukunga[SungHyunJeon]) [medium]
• [admin-group-minimal] Minimum Administrator Group Membership Check (@nukunga[SungHyunJeon]) [medium]
• [autologon-control] Autologon Function Control Check (@nukunga[SungHyunJeon]) [medium]
• [crash-on-audit-fail] Shutdown on Audit Failure Check (@nukunga[SungHyunJeon]) [medium]
• [dns-zone-transfer-check] DNS Zone Transfer Check (@nukunga[SungHyunJeon]) [medium]
• [ftp-access-control-check] FTP Access Control Check (@nukunga[SungHyunJeon]) [medium]
• [ftp-anonymous-check] Anonymous FTP Disabled Check (@nukunga[SungHyunJeon]) [medium]
• [ftp-directory-permission-check] FTP Directory Access Permission Check (@nukunga[SungHyunJeon]) [medium]
• [hard-disk-default-share] Hard Disk Default Share Removal Check (@nukunga[SungHyunJeon]) [medium]
• [password-cleartext-encryption] Store Passwords Using Reversible Encryption Check (@nukunga[SungHyunJeon]) [medium]
• [password-never-expires] Password Expiry Setting Check (@nukunga[SungHyunJeon]) [medium]
• [rds-removal-check] RDS Removal Check (@nukunga[SungHyunJeon]) [medium]
• [remote-registry-access-check] Remote Registry Service Disabled Check (@nukunga[SungHyunJeon]) [medium]
• [remote-system-shutdown] Remote System Forced Shutdown Privilege Check (@nukunga[SungHyunJeon]) [medium]
• [sam-file-access-control] SAM File Access Control Check (@nukunga[SungHyunJeon]) [medium]
• [service-pack-check] Latest Service Pack Check (@nukunga[SungHyunJeon]) [medium]
• [shutdown-without-logon] Shutdown Without Logon Check (@nukunga[SungHyunJeon]) [medium]
• [unnecessary-accounts-check] Unnecessary Accounts Detection (@nukunga[SungHyunJeon]) [medium]
• [unnecessary-service-check] Unnecessary Service Removal Check (@nukunga[SungHyunJeon]) [medium]
• [molgenis-default-login] Molgenis - Default Login (@ritikchaddha) [high]
• [cisco-cm-panel] Cisco Unified CM Console - Panel (@rxerium) [info]
• [cisco-prime-license-manager-panel] Cisco Prime License Manager - Detect (@rxerium) [info]
• [google-adk-api-exposed] Google ADK API Exposure (@princechaddha) [unknown]
• [google-adk-webui-exposed] Google ADK Development UI Exposure (@princechaddha) [unknown]
• [molgenis-panel] Molgenis Panel - Exposure (@matejsmycka) [info]
• [peplink-panel] Peplink Login Panel - Detect (@pussycat0x) [info]
• [wingftp-panel] Wing FTP Server Login Panel - Detect (@pdteam) [info]
• [torrent-magnet-detect] Torrent Magnet - Detect (@rxerium) [info]
• [dd-wrt-controlpanel-exposure] DD-WRT Control Panel - Exposure (@dhiyaneshdk) [low]
• [pritunl-installer] Pritunl - Installation (@dhiyaneshdk) [high]
• [twonky-server-exposure] Twonky Server - Exposure (@dhiyaneshdk) [high]
• [sessionize] Sessionize User Information - Detect (@rxerium) [info]
• [graphql-apiforwp-detect] Graphql apiforwp Detect (@princechaddha) [info]
• [graphql-apollo-detect] Graphql Apollo Detect (@princechaddha) [info]
• [graphql-ariadne-detect] Graphql Ariadne Detect (@princechaddha) [info]
• [graphql-dianajl-detect] Graphql Dianajl Detect (@princechaddha) [info]
• [graphql-flutter-detect] Graphql Flutter Detect (@princechaddha) [info]
• [graphql-go-detect] Graphql Go Detect (@princechaddha) [info]
• [graphql-gqlgen-detect] Graphql Gqlgen Detect (@princechaddha) [info]
• [graphql-graphene-detect] Graphql Graphene Detect (@princechaddha) [info]
• [graphql-hasura-detect] Graphql Hasura Detect (@princechaddha) [info]
• [graphql-hypergraphql-detect] Graphql Hypergraphql Detect (@princechaddha) [info]
• [graphql-java-detect] Graphql Java Detect (@princechaddha) [info]
• [graphql-juniper-detect] Graphql Juniper Detect (@princechaddha) [info]
• [graphql-php-detect] Graphql PHP Detect (@princechaddha) [info]
• [graphql-ruby-detect] Graphql Ruby Detect (@princechaddha) [info]
• [graphql-sangria-detect] Graphql Sangria Detect (@princechaddha) [info]
• [graphql-strawberry-detect] Graphql Strawberry Detect (@princechaddha) [info]
• [graphql-tartiflette-detect] Graphql Tartiflette Detect (@princechaddha) [info]
• [graphql-wpgraphql-detect] Graphql wpgraphql Detect (@princechaddha) [info]
• [infoblox-netmri-rails-cookie-rce] Infoblox NetMRI < 7.6.1 - Remote Code Execution via Hardcoded Ruby Cookie Secret Key (@iamnoooob, @pdresearch) [critical]
• [jdwp-detect] Java Debug Wire Protocol - Detect (@johnk3r) [info]

New Contributors

• @4m3rr0r made their first contribution in #12518
• @Teruya-Higashi made their first contribution in #12535
• @matejsmycka made their first contribution in #12538
• @Pranjal6955 made their first contribution in #12491
• @tomaquet18 made their first contribution in #12487

Full Changelog: v10.2.4...v10.2.5

Nuclei Templates v10.2.4 - Release Notes

New Templates Added: 67 | CVEs Added: 30 | First-time contributions: 9

🔥 Release Highlights 🔥

• [CVE-2025-49132] Pterodactyl Panel - Remote Code Execution (@darses) [critical] 🔥
• [CVE-2025-30220] GeoServer WFS - XXE Processing Vulnerability (@iamnoooob, @pdresearch) [critical] 🔥
• [CVE-2024-3272] D-Link Network Attached Storage - Backdoor Account (@ritikchaddha) [critical] (kev) 🔥
• [CVE-2021-33045] Dahua IPC/VTH/VTO - Auth Bypass (@phantomowl) [critical] (kev) 🔥
• [CVE-2020-11984] Apache HTTP Server - RCE (@[email protected], @pszyszkowski, @pdresearch, @iamnoooob) [critical] 🔥
• [CVE-2020-0796] Microsoft SMBv3 - Remote Code Execution (@yusuf Amr) [critical] (kev) 🔥
• [CVE-2020-0646] Microsoft .NET Framework - Remote Code Execution (@pszyszkowski) [critical] (kev) 🔥
• [CVE-2019-17564] Apache Dubbo 2.5.x-2.7.4 - Insecure Deserialization (@Khalid6468) [critical] 🔥
• [CVE-2019-0604] Microsoft SharePoint - RCE (@tree-chtsec, @pszyszkowski) [critical] (kev) 🔥
• [CVE-2018-19207] WP GDPR Compliance < 1.4.3 - Unauth Call Any Action or Update Any Option (@iamnoooob, @pdresearch) [critical] 🔥
• [CVE-2018-14933] NUUO NVRmini - RCE (@ritikchaddha) [critical] (kev) 🔥

---

What's Changed

Bounties Rewarded 💰

• Anyscale Ray RCE (CVE-2023-48022, Issue #12451)
• Microsoft SharePoint RCE (CVE-2019-0604, Issue #12340)
• elFinder Command Injection (CVE-2019-9194, Issue #12288)
• Microsoft SMBv3 RCE (CVE-2020-0796, Issue #12271)
• Apache HTTP Server mod_proxy_uwsgi Info Disclosure & RCE (CVE-2020-11984, Issue #12266)

Bug Fixes

• Fixed typo in CVE-2020-13700 (#12509)
• Corrected Microsoft Silverlight detection (#12492)
• Fixed MCP templates (#12400)
• Renamed CVE-2020-11984.yaml (#12469)
• Renamed hp-printer-default-login.yaml (#12407)

False Negatives

• Improved conditional flow check for CVE-2025-29927 (#12480)

False Positives

• Fixed revoked-ssl-certificate false positives (#12409, #12445)
• Reduced false positives in bagisto-csti.yaml (#12430)
• Removed invalid CVE-2024-33559.yaml (#12437)

Enhancements

• Updated CVE-2019-0604.yaml (#12479)
• Updated cisco-ise-admin-panel (#12477)
• Updated and renamed moodle-filter-jmol-lfi.yaml & moodle-filter-jmol-xss.yaml (#12470)
• Updated gogs-panel (#12466)
• Updated and renamed vbulletin-replacead-rce.yaml to CVE-2025-48828.yaml (#12421)
• Updated versa-director-login (#12422)
• Updated veeam-backup-manager-login (#12399)
• Updated misp-panel (#12390)
• Updated privatebin-detect (#12354)
• Updated mitel-micollab-panel (#12344)
• Updated ActiveMQ default login & detection (#12329)
• Updated Apache Airflow default login (#12328)
• Updated apachespark-ui-exposed.yaml (#12289)
• Updated tech-detect.yaml (#12274)

Templates Added

• [CVE-2025-49132] Pterodactyl Panel - Remote Code Execution (@darses) [critical] 🔥
• [CVE-2025-47646] PSW Front-end Login & Registration 1.13 - Weak Password Recovery (@pussycat0x) [critical]
• [CVE-2025-47423] Personal Weather Station Dashboard 12 - Directory Traversal (@pussycat0x) [high]
• [CVE-2025-45985] Blink Router - Command Injection (@darses) [critical]
• [CVE-2025-45854] JEHC-BPM - Remote Code Execute (@ritikchaddha) [critical]
• [CVE-2025-44148] MailEnable Mail Service < v10 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2025-34032] Moodle LMS Jmol Plugin <= 6.1 - Cross-Site Scripting (@madrobot, @ritikchaddha) [medium]
• [CVE-2025-34031] Moodle Jmol Filter 6.1 - Local File Inclusion (@madrobot) [high]
• [CVE-2025-30220] GeoServer WFS - XXE Processing Vulnerability (@iamnoooob, @pdresearch) [critical] 🔥
• [CVE-2025-5569] IdeaCMS <= 1.7 - SQL Injection (@ritikchaddha) [critical]
• [CVE-2025-5287] Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection (@CodeStuffBreakThings) [high]
• [CVE-2025-3415] Grafana - Exposes DingDing API Keys (@lucasribolli) [medium]
• [CVE-2024-51978] Brother Printers – Authentication Bypass via Default Admin Password (@iamnoooob, @pdresearch) [critical]
• [CVE-2024-51977] Brother MFC-L9570CDW - Information Disclosure (@dhiyaneshdk, @iamnoooob, @darses) [medium]
• [CVE-2024-4325] Gradio - Server-Side Request Forgery (@iamnoooob, @pdresearch) [high]
• [CVE-2024-3272] D-Link Network Attached Storage - Backdoor Account (@ritikchaddha) [critical] (kev) 🔥
• [CVE-2023-48022] Anyscale Ray - Remote Code Execution (@riteshs4hu) [critical]
• [CVE-2023-7116] WeiYe-Jing datax-web <= 2.1.2 - OS Command Injection (@pussycat0x) [medium]
• [CVE-2021-33045] Dahua IPC/VTH/VTO - Authentication Bypass (@phantomowl) [critical] (kev) 🔥
• [CVE-2020-36333] ThemeGrill Demo Importer < 1.6.2 - Database Reset (@iamnoooob, @pdresearch) [critical]
• [CVE-2020-11984] Apache HTTP Server - Remote Code Execution (@[email protected], @pszyszkowski, @pdresearch, @iamnoooob) [critical] 🔥
• [CVE-2020-0796] Microsoft SMBv3 - Remote Code Execution (@yusuf Amr) [critical] (kev) 🔥
• [CVE-2020-0646] Microsoft .NET Framework - Remote Code Execution (@pszyszkowski) [critical] (kev) 🔥
• [CVE-2019-17564] Apache Dubbo 2.5.x-2.7.4 - Insecure Deserialization (@Khalid6468) [critical] 🔥
• [CVE-2019-9194] elFinder <= 2.1.47 - Command Injection (@r00tuser111) [critical]
• [CVE-2019-7194] QNAP Photo Station < 6.0.3 - Remote Code Execution (@x-stp) [critical] (kev)
• [CVE-2019-0604] Microsoft SharePoint - Remote Code Execution (@tree-chtsec, @pszyszkowski) [critical] (kev) 🔥
• [CVE-2018-19207] WP GDPR Compliance < 1.4.3 - Unauthenticated Call Any Action or Update Any Option (@iamnoooob, @pdresearch) [critical]
• [CVE-2018-14933] NUUO NVRmini - Remote Command Execution (@ritikchaddha) [critical] (kev) 🔥
• [CVE-2018-11686] FlexPaper/FlowPaper 2.3.6 - Remote Code Execution (@iamnoooob, @pdresearch, @pszyszkowski) [critical]
• [kubernetes-exposing-docker-socket-hostpath] Kubernetes Exposing Host's Docker Socket (@dwisiswant0) [high]
• [k8s-role-pod-create] Roles that have pod create permissions (@domwhewell-sage) [medium]
• [fbi-seized-nameserver] FBI Seized Nameserver - Detect (@rxerium) [info]
• [activemq-artemis-default-login] Apache ActiveMQ Artemis Console Default Login (@pdteam) [high]
• [airflow-v3-default-login] Apache Airflow v3 Default Login (@pdteam) [high]
• [hp-printer-default-login] Hewlett Packard LaserJet Printer - Default Login (@JohnAsbjorn) [high]
• [ibm-security-verify-default-login] IBM Security Verify Access - Default Login (@johnk3r) [high]
• [nuuo-nvr-default-login] NUUO NVR - Default Login (@ritikchaddha) [high]
• [opensearch-dashboard-default-login] OpenSearch Dashboard - Default Login (@ritikchaddha) [high]
• [photoprism-default-login] PhotoPrism - Default Login (@ritikchaddha) [high]
• [beyondtrust-remotesupport-panel] BeyondTrust Remote Support Panel - Detect (@darses) [info]
• [brother-printer-panel] Brother Printer Panel - Detect (@pdteam) [info]
• [forgerock-ig-panel] ForgeRock IG Login/Welcome Page - Detect (@r3dg33k) [info]
• [ibm-security-verify-panel] IBM Security Verify Access Login - Panel (@johnk3r) [info]
• [motive-eim-panel] Motive eSIM Secure Connect Panel - Exposure Detection (@miguelse) [high]
• [myq-panel] MyQ Print Server Panel - Detect (@darses) [info]
• [opensearch-dashboard-panel] OpenSearch Dashboard Panel - Detect (@ritikchaddha) [info]
• [openshift-oauth-proxy-panel] OpenShift OAuth Proxy - Panel Detect (@r3dg33k) [info]
• [pterodactyl-panel] Pterodactyl game server - Panel (@darses) [info]
• [teleport-login-panel] Teleport Login Panel - Detect (@pdteam, @Mahmoud0x00) [info]
• [tools4ever-ssrpm-panel] Tools4Ever Self-Service Reset Password Manager - Panel (@darses) [info]
• [windows-admin-center-panel] Windows Admin Center Panel - Detection (@darses) [info]
• [apache-kyuubi-config] Apache Kyuubi - Configuration Exposure (@icarot) [medium]
• [config-json-exposure-fuzz] Exposed JSON Configuration Files (@geeknik) [critical]
• [discord-invite-detect] Discord Invites for Users, Bots & Servers - Detect (@rxerium) [info]
• [totolink-installer] TOTOLINK Installer - Exposure (@ritikchaddha) [high]
• [opensearch-dashboard-unauth] OpenSearch Dashboard - Unauth Access (@ritikchaddha) [high]
• [photoprism-unauth] PhotoPrism - Unauth Access (@ritikchaddha) [high]
• [greatpages-takeover] GreatPages - Takeover Detection (@juliosmelo) [high]
• [apache-kyuubi-detect] Apache Kyuubi - Detect (@icarot) [info]
• [beyondtrust-remotesupport-version] BeyondTrust Remote Support Version - Detect (@missing0x00) [info]
• [cryptshare-detect] Pointsharp Cryptshare - Detect (@darses) [info]
• [mitel-version-detect] Mitel MiCollab Unified Communications Server (UCS) - Detect (@aushack) [info]
• [dahua-icc-getclassvalue-rce] Dahua 'GetClassValue' - Remote Code Execution (@projectdiscoveryai) [critical]
• [totolink-boaform-rce] TOTOLink Router - Remote Command Execution (@ritikchaddha) [critical]
• [totolink-n150rt-password-exposure] TOTOLINK N150RT - Password Exposure (@ritikchaddha) [high]
• [ueditor-arbitrary-file-upload] UEditor - PHP Arbitrary File Upload (@Chiragartani) [medium]

New Contributors

• @nullenc0de made their first contribution in #12087
• @lucasribolli made their first contribution in #12410
• @riteshs4hu made their first contribution in #12429
• @aushack made their first contribution in #12368
• @pszyszkowski made their first contribution in #12452
• @cybermorgue made their first contribution in #12296
• @CodeStuffBreakThings made their first contribution in #12446
• @Yusuf-Amr made their first...

Nuclei Templates v10.2.3 - Release Notes

New Templates Added: 105 | CVEs Added: 75 | First-time contributions: 9

🔥 Release Highlights 🔥

• [CVE-2025-49113] Roundcube Webmail - Remote Code Execution (@rootxharsh, @iamnoooob, @pdresearch, @Ademking) [critical] 🔥 (CISA KEV)
• [CVE-2025-47539] Eventin <= 4.0.26 - Privilege Escalation (@pdresearch) [critical] 🔥 (CISA KEV)
• [CVE-2025-20188] Cisco IOS XE WLC - Arbitrary File Upload (@iamnoooob, @pdresearch, @dhiyaneshdk) [critical] 🔥 (CISA KEV)
• [CVE-2025-5086] Dassault Systèmes DELMIA Apriso (up to 2025) - Insecure Deserialization (@HacktronAI, @iamnoooob, @pdresearch) [critical] 🔥 (CISA KEV)
• [CVE-2025-4322] Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
• [CVE-2025-4009] Evertz SDVN 3080ipx-10G - Unauthenticated Arbitrary Command Injection (@Onekey, @iamnoooob, @pdresearch) [critical] 🔥 (CISA KEV)
• [CVE-2025-0107] Palo Alto Networks Expedition - OS Command Injection (@iamnoooob, @pdresearch) [critical] 🔥 (CISA KEV)
• [CVE-2024-10443] Synology BeeStation BST150-4T - Unauthenticated Command Injection (@iamnoooob, @pdresearch) [critical] 🔥 (CISA KEV)
• [CVE-2024-7399] Samsung MagicINFO 9 Server 21.1050.0 - Remote Code Execution (@iamnoooob, @pdresearch) [high] 🔥 (CISA KEV)
• [CVE-2024-0692] SolarWinds Security Event Manager - Unauthenticated RCE (@dhiyaneshdk) [high] 🔥 (CISA KEV)
• [CVE-2023-34990] FortiWLM - Directory Traversal (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
• [CVE-2023-25280] D-Link DIR820LA1_FW105B03 'ping_addr' - OS Command Injection (@pussycat0x) [critical] 🔥 (CISA KEV)
• [CVE-2023-2986] Abandoned Cart Lite for WooCommerce - Authentication Bypass (@iamnoooob, @pdresearch) [critical] 🔥 (CISA KEV)
• [CVE-2021-40655] D-Link DIR-605 - Information Disclosure (@dhiyaneshdk) [high] 🔥 (CISA KEV)
• [CVE-2021-27964] SonLogger - Arbitrary File Upload (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
• [CVE-2020-29047] WP Hotel Booking < 1.10.4 - PHP Object Injection (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
• [CVE-2020-26879] Ruckus vRioT IoT Controller - Authentication Bypass (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
• [CVE-2020-12641] Roundcube Webmail - Command Injection (@domwhewell-sage) [critical] 🔥 (CISA KEV)
• [CVE-2020-10987] Tenda AC15 AC1900 version 15.03.05.19 - Command Injection (@pussycat0x) [critical] 🔥 (CISA KEV)
• [CVE-2019-25141] Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
• [CVE-2019-13372] D-Link Central WiFi Manager CWM(100) - Remote Code Execution (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
• [CVE-2019-9879] WPGraphQL 0.2.3 - User Creation (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
• [CVE-2018-17207] WordPress Duplicator Plugin < 1.2.42 - Arbitrary Code Execution (@synacktiv, @iamnoooob, @pdresearch) [critical] 🔥 (CISA KEV)
• [CVE-2017-8046] Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution (@domwhewell-sage) [critical] 🔥 (CISA KEV)

---

What's Changed

Bug Fixes

• Fixed FN in jupyter-notebooks-exposed.yaml (Issue #12260).

False Negatives

• Improved detection in exposed-mcp-server.yaml (Issue #12269).

False Positives

• Reduced FPs in CVE-2025-24813.yaml (Issue #12332).
• Fixed FP in vscode-launch.yaml for custom 404 pages (Issue #12206).
• Improved matrix-homeserver-detect.yaml to reduce FPs (Issue #12152).
• Enhanced version detect scan to lower FPs (Issue #11698).
• Fixed FP in CVE-2020-0618.yaml due to poor validation (Issue #11498).
• Updated waf-detect:securesphere to filter FPs from OPNSense (Issue #12362).
• Fixed FP in CVE-2025-4009.yaml (Issue #12343).
• Reduced FPs in aspnet-version-detect (Issue #12211).
• Fixed FP in rsync-list-modules.yaml (Issue #12208).
• Lowered FPs for Apache Tomcat (Issue #12143).

Enhancements

• Updated Jenkins default login for newer versions (Issue #12327).
• Improved empirec2-default-login.yaml (Issue #12295).
• Enhanced yealink-default-login.yaml (Issue #12294).
• Updated fortinet-fortigate-panel.yaml (Issue #12275).
• Improved favicon-detect.yaml (Issue #12273).
• Added MCP SSE endpoint detection template (Issue #12268).
• Updated hfs-exposure (Issue #12267).
• Added NGSURVEY login panel detection (Issue #12261).
• Updated versa concerto patch reference (Issue #12227).
• Enhanced CVE-2019-7543.yaml (Issue #12230).
• Improved discord-webhook.yaml (Issue #12224).
• Added WP plugin & theme detection templates (Issue #12203).
• Updated vbulletin-replacead-rce.yaml (Issue #12164).
• Added version extract to sysaid-panel (Issue #12132).
• Enhanced swagger-api.yaml (Issue #12091).
• Updated phpwind-installer.yaml (Issue #12046).

Templates Added

• [CVE-2025-49113] Roundcube Webmail - Remote Code Execution (@rootxharsh, @iamnoooob, @pdresearch, @Ademking) [critical] 🔥 (CISA KEV)
• [CVE-2025-47539] Eventin <= 4.0.26 - Privilege Escalation (@pdresearch) [critical] 🔥 (CISA KEV)
• [CVE-2025-46822] Java-springboot-codebase 1.1 - Arbitrary File Read (@haliteroglu25) [high]
• [CVE-2025-27134] Joplin 3.3.3 Server - Privilege Escalation (@zonia3000) [high]
• [CVE-2025-20188] Cisco IOS XE WLC - Arbitrary File Upload (@iamnoooob, @pdresearch, @dhiyaneshdk) [critical] 🔥 (CISA KEV)
• [CVE-2025-5086] Dassault Systèmes DELMIA Apriso (up to 2025) - Insecure Deserialization (@HacktronAI, @iamnoooob, @pdresearch) [critical] 🔥 (CISA KEV)
• [CVE-2025-4322] Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
• [CVE-2025-4009] Evertz SDVN 3080ipx-10G - Unauthenticated Arbitrary Command Injection (@Onekey, @iamnoooob, @pdresearch) [critical] 🔥 (CISA KEV)
• [CVE-2025-4008] MeteoBridge <= 6.1 - Remote Code Execution (@iamnoooob, @pdresearch) [high]
• [CVE-2025-0674] Elber ESE DVB-S/S2 - Authentication Bypass (@dhiyaneshdk) [critical]
• [CVE-2025-0133] PAN-OS - Reflected Cross-Site Scripting (@xbow, @dhiyaneshdk) [medium]
• [CVE-2025-0107] Palo Alto Networks Expedition - OS Command Injection (@iamnoooob, @pdresearch) [critical] 🔥 (CISA KEV)
• [CVE-2024-51211] openSIS Classic v9.1 - SQL Injection (@haliteroglu) [critical]
• [CVE-2024-47073] DataEase v2.10.2 - JWT Signature Verification Bypass (@iamnoooob, @pdresearch) [critical]
• [CVE-2024-36858] Jan v0.4.12 - Arbitrary File Upload (@pussycat0x) [critical]
• [CVE-2024-33559] WordPress XStore Theme - SQL Injection (@haliteroglu) [critical]
• [CVE-2024-30163] IPS Community Suite - Unauthenticated SQL Injection (@ritikchaddha) [critical]
• [CVE-2024-24329] TotoLink Router setPortForwardRules - Command Injection (@pussycat0x) [critical]
• [CVE-2024-24328] TotoLink Router setMacFilterRules - Command Injection (@pussycat0x) [critical]
• [CVE-2024-22729] Netis MW5360 V1.0.1.3031 - Command Injection (@pussycat0x) [critical]
• [CVE-2024-10571] Chartify – WordPress Chart Plugin < 2.9.6 - Local File Inclusion (@iamnoooob, @pdresearch) [critical]
• [CVE-2024-10443] Synology BeeStation BST150-4T - Unauthenticated Command Injection (@iamnoooob, @pdresearch) [critical] 🔥 (CISA KEV)
• [CVE-2024-9916] HuangDou UTCMS V9 - OS Command Injection (@iamnoooob, @pdresearch) [high]
• [CVE-2024-9707] Hunk Companion <= 1.8.4 - Arbitrary Plugin Installation (@dhiyaneshdk) [critical]
• [CVE-2024-7399] Samsung MagicINFO 9 Server 21.1050.0 - Remote Code Execution (@iamnoooob, @pdresearch) [high] 🔥 (CISA KEV)
• [CVE-2024-4620] ArForms < 6.6 - Remote Code Execution (@iamnoooob, @pdresearch) [critical]
• [CVE-2024-2667] InstaWP Connect <= 0.1.0.22 - Unauthenticated Arbitrary File Upload (@dhiyaneshdk) [critical]
• [CVE-2024-0692] SolarWinds Security Event Manager - Unauthenticated RCE (@dhiyaneshdk) [high] 🔥 (CISA KEV)
• [CVE-2023-38950] ZKTeco BioTime v8.5.5 - Path Traversal (@iamnoooob, @pdresearch) [high]
• [CVE-2023-38879] openSIS v9.0 - Path Traversal (@haliteroglu) [high]
• [CVE-2023-34990] FortiWLM - Directory Traversal (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
• [CVE-2023-30192] PrestaShop 'possearchproducts' <= 1.7 - SQL Injection (@mastercho) [critical]
• [CVE-2023-27638] tshirtecommerce PrestaShop Module - SQL Injection (@ritikchaddha) [high]
• [CVE-2023-27637] PrestaShop tshirtecommerce Module - SQL Injection (@ritikchaddha) [critical]
• [CVE-2023-26802] DCBI-Netlog-LAB v1.0 - Command Injection (@pussycat0x) [critical]
• [CVE-2023-25280] D-Link DIR820LA1_FW105B03 'ping_addr' - OS Command Injection (@pussycat0x) [critical] 🔥 (CISA KEV)
• [CVE-2023-4136] CrafterCMS Engine - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-3722] Avaya Aura Device Services - OS Command Injection (@iamnoooob, @pdresearch) [high]
• [CVE-2023-2986] Abandoned Cart Lite for WooCommerce - Auth Bypass (@iamnoooob, @pdresearch) [critical] 🔥 (CISA KEV)
• [CVE-2022-45699] APsystems ECU-R Firmware - Command Injection (@pussycat0x) [critical]
• [CVE-2022-37061] FLIR AX8 1.46.16 - Remote Command Injection (@ritikchaddha) [critical]
• [CVE-2022-25061] TP-Link TL-WR840N - Command Injection (@ritikchaddha) [critical]
• [CVE-2022-1026] Kyocera Net View Address Book Exposure (@dhiyaneshdk) [high]
• [CVE-2022-0783] Multiple Shipping Address Woocommerce < 2.0 - SQL Injection (@ritikchaddha) [high]
• [CVE-2021-40655] D-Link DIR-605 - Information Disclosure (@dhiyaneshdk) [high] 🔥 (CISA KEV)
• [CVE-2021-39341] OptinMonster Plugin < 2.6.5 - Unprotected REST-API (@iamnoooob, @pdresearch) [high]
• [CVE-2021-34187] Chamilo model.ajax.php - SQL Injection (@dhiyaneshdk) [critical]
• [CVE-2021-33558] Boa 0.94.13 - Information Disclosure (@dhiyaneshdk) [high]
• [CVE-2021-27964] SonLogger - Arbitrary File Upload (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
• [CVE-2021-26599] ImpressCMS < 1.4.3 - SQL Injection (@ritikchaddha) [high]
• [CVE-2021-25032] PublishPress Capabilities < 2.3.1 - Missing Authorization (@ritikchaddha) [critical]
• [CVE-2021-24522] ProfilePress < 3.1.11 - Cross-Site ...

v10.2.2

What's Changed

New Templates Added: 65 | CVEs Added: 41 | First-time contributions: 4

🔥 Release Highlights 🔥

• [CVE-2025-47916] Invision Community <=5.0.6 Unauthenticated RCE via Template Injection (@EgiX, @iamnoooob, @pdresearch) [critical] 🔥
• [CVE-2025-34027] Versa Concerto API Path Based - Authentication Bypass (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥
• [CVE-2025-34026] Versa Concerto Actuator Endpoint - Authentication Bypass (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥
• [CVE-2025-27007] OttoKit < 1.0.83 - SureTriggers allows Privilege Escalation (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2025-24016] Wazuh - Unsafe Deserialization Remote Code Execution (@hüseyin TINTAŞ, @ritikchaddha) [critical] 🔥
• [CVE-2025-4427] Ivanti Endpoint Manager Mobile - Unauthenticated Remote Code Execution (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥 (CISA KEV)
• [CVE-2025-4123] Grafana - XSS / Open Redirect / SSRF via Client Path Traversal (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
• [CVE-2025-3102] SureTriggers – All-in-One Automation Platform ≤ 1.0.78 - Authentication Bypass (@dhiyaneshdk) [high] 🔥
• [CVE-2025-2011] Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
• [CVE-2024-12987] DrayTek Vigor - Command Injection (@ritikchaddha) [critical] 🔥 (CISA KEV)
• [CVE-2024-11320] Pandora v7.0NG.777.3 - Remote Code Execution (@dhiyaneshdk, @shubham Rooter, @pdresearch, @iamnoooob) [critical] 🔥
• [CVE-2024-8529] LearnPress < 4.2.7.1 - SQL Injection (@ritikchaddha) [critical] 🔥
• [CVE-2023-51409] Jordy Meow AI Engine - Unrestricted File Upload (@pussycat0x) [critical] 🔥
• [CVE-2023-1389] TP-Link Archer AX21 (AX1800) - Unauthenticated Command Injection (@ritikchaddha) [critical] 🔥 (CISA KEV)
• [CVE-2020-15415] DrayTek Vigor - Command Injection (@ritikchaddha) [critical] 🔥 (CISA KEV)
• [CVE-2018-20062] ThinkPHP 5.0.23 - Remote Code Execution (@dr_set) [critical] ] 🔥 (CISA KEV)
• [CVE-2018-19410] PRTG Network Monitor - Local File Inclusion (@dhiyaneshdk) [critical] 🔥 (CISA KEV)

---

Bug Fixes

• Updated affected vBulletin versions in vbulletin-replacead-rce.yaml (Issue #12150).
• Renamed CVE-2022-31126 to CVE-2022-31137 (Issue #12103).
• Updated and renamed thinkphp-5022-rce.yaml to CVE-2018-20062.yaml (Issue #12096).
• Fixed payload for CVE-2019-17444 to avoid false positives (Issue #12050).

False Negatives

• NA

False Positives

• Reduced false positives in Next.js cache poisoning headers (Issue #12000).
• Fixed false positives in s3-bucket-policy-public-access.yaml (Issue #12085).

Enhancements

• Updated tags for multiple templates (Issue #12157).
• Updated tags for CVE-2025-34028.yaml (Issue #12156).
• Moved templates for assigned CVEs (CVE-2025-34026, CVE-2025-34027) (Issue #12138).

Templates Added

• [CVE-2025-47916] Invision Community <=5.0.6 Unauthenticated RCE via Template Injection (@EgiX, @iamnoooob, @pdresearch) [critical] 🔥
• [CVE-2025-47204] Bootstrap Multiselect <= 1.1.2 - Cross-Site Scripting (@r3naissance) [medium]
• [CVE-2025-41393] Ricoh Web Image Monitor - Reflected XSS (@JPG0mez) [medium]
• [CVE-2025-34027] Versa Concerto API Path Based - Authentication Bypass (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥
• [CVE-2025-34026] Versa Concerto Actuator Endpoint - Authentication Bypass (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥
• [CVE-2025-27007] OttoKit < 1.0.83 - SureTriggers allows Privilege Escalation (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2025-24016] Wazuh - Unsafe Deserialization Remote Code Execution (@hüseyin TINTAŞ, @ritikchaddha) [critical] 🔥
• [CVE-2025-4427] Ivanti Endpoint Manager Mobile - Unauthenticated Remote Code Execution (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥 (CISA KEV)
• [CVE-2025-4396] Relevanssi <= 4.24.4 (Free) - Unauthenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [high]
• [CVE-2025-4388] Liferay Portal 'marketplace-app-manager-web' - Reflected XSS (@iamnoooob, @rootxharsh, @pdresearch) [medium]
• [CVE-2025-4123] Grafana - XSS / Open Redirect / SSRF via Client Path Traversal (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
• [CVE-2025-3102] SureTriggers – All-in-One Automation Platform ≤ 1.0.78 - Authentication Bypass (@dhiyaneshdk) [high] 🔥
• [CVE-2025-2636] InstaWP Connect < 0.1.0.86 - Local PHP File Inclusion (@iamnoooob, @pdresearch) [high]
• [CVE-2025-2610] MagnusBilling Alarm Module - Cross-Site Scripting (@dhiyaneshdk) [high]
• [CVE-2025-2609] MagnusBilling Login Logs - Cross-Site Scripting (@dhiyaneshdk) [high]
• [CVE-2025-2127] JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS (@3th1c_yuk1) [medium]
• [CVE-2025-2011] Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
• [CVE-2025-1743] Pichome 2.1.0 - Arbitrary File Read (@3th1c_yuk1) [high]
• [CVE-2024-44762] Usermin 2.100 - Username Enumeration (@ritikchaddha) [medium]
• [CVE-2024-12987] DrayTek Vigor - Command Injection (@ritikchaddha) [critical] 🔥 (CISA KEV)
• [CVE-2024-11320] Pandora v7.0NG.777.3 - Remote Code Execution (@dhiyaneshdk, @shubham Rooter, @pdresearch, @iamnoooob) [critical] 🔥
• [CVE-2024-8529] LearnPress < 4.2.7.1 - SQL Injection (@ritikchaddha) [critical] 🔥
• [CVE-2024-2473] WPS Hide Login <= 1.9.15.2 - Login Page Disclosure (@popcorn94) [medium]
• [CVE-2023-51409] Jordy Meow AI Engine - Unrestricted File Upload (@pussycat0x) [critical] 🔥
• [CVE-2023-1389] TP-Link Archer AX21 (AX1800) - Unauthenticated Command Injection (@ritikchaddha) [critical] 🔥 (CISA KEV)
• [CVE-2022-45808] LearnPress Plugin < 4.2.0 - Unauthenticated Time-Based Blind SQLi (@dhiyaneshdk) [critical]
• [CVE-2022-31161] Roxy-WI - Remote Code Execution (@ritikchaddha) [critical]
• [CVE-2022-31137] Roxy-WI < 6.1.1.0 - Remote Code Execution (@dhiyaneshdk) [critical]
• [CVE-2022-1950] Youzify < 1.2.0 - Unauthenticated SQLi (@dhiyaneshdk) [critical]
• [CVE-2022-0592] MapSVG < 6.2.20 - Unauthenticated SQLi (@dhiyaneshdk) [critical]
• [CVE-2021-36646] KodExplorer - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2021-25161] Aruba Instant Access Point (IAP) - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2020-15415] DrayTek Vigor - Command Injection (@ritikchaddha) [critical] 🔥 (CISA KEV)
• [CVE-2019-20504] Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Remote Code Execution (@dhiyaneshdk) [critical]
• [CVE-2019-5129] YouPHPTube Encoder 2.3 - Command Injection (@pussycat0x) [critical]
• [CVE-2019-5128] YouPHPTube Encoder - Arbitrary File Write (@pussycat0x) [critical]
• [CVE-2018-20062] ThinkPHP 5.0.23 - Remote Code Execution (@dr_set) [critical] ] 🔥 (CISA KEV)
• [CVE-2018-19410] PRTG Network Monitor - Local File Inclusion (@dhiyaneshdk) [critical] 🔥 (CISA KEV)
• [CVE-2018-19276] OpenMRS Platform < 2.24.0 - Insecure Object Deserialization (@dhiyaneshdk) [critical]
• [CVE-2018-17283] Zoho ManageEngine OpManager - SQL Injection (@dhiyaneshdk) [high]
• [CVE-2018-11222] Pandora FMS <=7.0NG.722 - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [high]
• [loytec-default-password] Loytec PLC - Default Login (@biero-el-corridor) [high]
• [magnusbilling-default-login] MagnusBilling - Default Login (@dhiyaneshdk) [high]
• [enviromuux-default-login] Network Technologies Inc ENVIROMUX - Default Login (@M.Sarmad Shafiq) [high]
• [osasi-default-login] OSASI PLC - Default Login (@biero-el-corridor) [high]
• [siemens-simatic-default-login] Siemens SIMATIC HMI Miniweb - Default Login (@biero-el-corridor) [high]
• [wago-webbased-default-login] WAGO Web based Management - Default Login (@biero-el-corridor) [high]
• [aperio-eslidemanager-panel] Aperio eSlideManager - Panel (@Th3l0newolf) [info]
• [mbilling-panel] MagnusBilling - Login Panel (@dhiyaneshdk) [info]
• [osasi-panel] OSASI Login - Panel (@biero-el-corridor) [info]
• [polarion-siemens-panel] Polarion Siemens Login - Panel (@Th3l0newolf) [info]
• [sap-netweaver-cet-detect] SAP NetWeaver Composition Environment Tools - Detect (@ap3r) [info]
• [cae-monitor-panel] CAE Monitoring - Login Panel (@biero-el-corridor) [info]
• [etic-telecom-panel] ETIC Telecom Device Login - Panel (@biero-el-corridor) [info]
• [moxa-vpn-router-panel] Moxa OnCell VPN - Login Panel (@biero-el-corridor) [info]
• [siemens-logo8-panel] Siemens Logo! 8 Web - Panel (@biero-el-corridor) [info]
• [siemens-simatic-panel] Siemens SIMATIC HMI Miniweb - Login Panel (@biero-el-corridor) [info]
• [wago-webbased-panel] WAGO WebBased Management - Panel (@biero-el-corridor) [info]
• [emby-installer] Emby Installation Page - Exposure (@dhiyaneshdk) [high]
• [traccar-settings-disclosure] Traccar Server Settings - Disclosure (@dhiyaneshdk) [low]
• [docker-registry-browser-detect] Docker Registry Browser - Detect (@pussycat0x) [info]
• [plantumlserver-detect] PlantUMLServer - Detect (@s4e-io) [info]
• [webswing-api-version-detect] WebSwing REST API Version - Detection (@aushack) [info]
• [wp-publishpress-capabilities-xss] PublishPress Capabilities < 2.3.3 - Cross-Site Scripting (@ritikchaddha) [medium]
• [vbulletin-replacead-rce] vBulletin replaceAdTemplate - Remote Code Execution (@dhiyaneshdk) [critical]

New Contributors

• @vshekhda made their first contribution in #12050
• @biero-el-corridor made their first contribution in #12005
• @huseyinstif made their first contribution in #11616
• @shubhamrooter made their first contribution in #11281

Full Changelog: https://github.com/projectdiscovery/nuclei-te...

v10.2.1

What's Changed

New Templates Added: 41 | CVEs Added: 16 | First-time contributions: 7

🔥 Release Highlights 🔥

• [CVE-2025-32432] CraftCMS - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2025-2777] SysAid On-Prem <= 23.3.40 - XML External Entity (@johnk3r) [critical] 🔥
• [CVE-2024-38475] Sonicwall - Pre-Authentication Arbitrary File Read (@shaikhyaser) [critical] 🔥
• [CVE-2024-21136] Oracle Retail Xstore Suite - Pre-auth Path Traversal (@dhiyaneshdk) [high] 🔥
• [CVE-2024-7591] Kemp Load Balancer - Unauth Command Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2023-45878] Gibbon LMS <= v25.0.01 - File Upload to RCE (@ajdumanhug) [critical] 🔥
• [CVE-2022-26585] Mingsoft MCMS v5.2.7 - SQL Injection (@ritikchaddha) [critical] 🔥
• [CVE-2022-1711] draw.io < 18.0.5 - Server Side Request Forgery (SSRF) (@ritikchaddha) [high] 🔥

---

Bug Fixes

• Fixed template for CVE-2025-32101 (Issue #11933).
• Corrected false negative in CVE-2020-26948 (Issue #12056).
• Fixed broken path to reference file causing 404 errors (Issue #11987).
• Modified regex to accept IPs in location header (Issue #12026).
• Updated Huawei WAF detection rule for accurate server header (Issue #12022).

False Negatives

• Addressed pre-authentication RCE vulnerability in CraftCMS 4.x and 5.x (Issue #12020).

False Positives

• Reduced false positives in Azure Cloud Templates (Issue #12047).
• Fixed false positive in CVE-2022-21587 PoC affecting system (Issue #11702).

Enhancements

• Added Amazon Elastic Kubernetes Service (EKS) templates (PR #12069).
• Removed CVE-2022-46463 template (PR #12029).

Template Updates

• [CVE-2025-32432] CraftCMS - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2025-28228] Electrolink FM/DAB/TV Transmitter - Credentials Disclosure (@dhiyaneshdk) [high]
• [CVE-2025-2907] Order Delivery Date Pro for WooCommerce < 12.3.1 - Arbitrary Option Update (@iamnoooob, @rootxharsh, @pdresearch) [critical]
• [CVE-2025-2777] SysAid On-Prem <= 23.3.40 - XML External Entity (@johnk3r) [critical] 🔥
• [CVE-2025-2776] SysAid On-Prem <= 23.3.40 - XML External Entity (@johnk3r) [critical]
• [CVE-2025-2775] SysAid On-Prem <= 23.3.40 - XML External Entity (@johnk3r) [critical]
• [CVE-2024-51739] iTop - User Enumeration via REST Endpoint (@dhiyaneshdk) [medium]
• [CVE-2024-38475] Sonicwall - Pre-Authentication Arbitrary File Read (@shaikhyaser) [critical] 🔥
• [CVE-2024-21641] Flarum < 1.8.5 - Open Redirect (@kking) [medium]
• [CVE-2024-21136] Oracle Retail Xstore Suite - Pre-auth Path Traversal (@dhiyaneshdk) [high] 🔥
• [CVE-2024-13322] Ads Pro Plugin <= 4.88 - Unauth SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [high]
• [CVE-2024-7591] Kemp Load Balancer - Unauth Command Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2023-45878] Gibbon LMS <= v25.0.01 - File Upload to RCE (@ajdumanhug) [critical] 🔥
• [CVE-2022-42118] Liferay Portal - Cross-site Scripting (@ritikchaddha) [medium]
• [CVE-2022-26585] Mingsoft MCMS v5.2.7 - SQL Injection (@ritikchaddha) [critical] 🔥
• [CVE-2022-1711] draw.io < 18.0.5 - Server Side Request Forgery (SSRF) (@ritikchaddha) [high] 🔥
• [eks-aws-managed-iam-policy] Use AWS-managed policy to manage AWS resources (@princechaddha) [high]
• [eks-cluster-logging] Kubernetes Cluster Logging (@princechaddha) [low]
• [eks-endpoint-access] EKS Cluster Endpoint Public Access (@princechaddha) [high]
• [eks-iam-managed-policy-networking] Use AWS-managed policy to Manage Networking Resources (@princechaddha) [high]
• [eks-kubernetes-secrets-encryption] EKS Kubernetes Secrets not Encrypted (@princechaddha) [high]
• [eks-logging-kubes-api-calls] Enable CloudTrail Logging for Kubernetes API Calls (@princechaddha) [high]
• [eks-long-running-pods] EKS Long Running Pods (@princechaddha) [medium]
• [eks-managed-policy-ecr-access] Use AWS-managed policy to access Amazon ECR Repositories (@princechaddha) [high]
• [eks-node-group-remote-access] EKS Node Group Remote Access Configuration (@princechaddha) [high]
• [nocobase-default-login] NocoBase - Default Login (@fur1na) [high]
• [yacht-default-login] Yacht - Default Login (@fur1na) [high]
• [bluemind-panel] Bluemind Panel - Detect (@tigibus) [info]
• [ekare-insight-panel] eKare inSight Panel - Detect (@s4e-io) [info]
• [frappe-panel] Frappe Panel - Detect (@Th3l0newolf) [info]
• [hoppscotch-panel] Hoppscotch Panel - Detect (@s4e-io) [info]
• [netscaler-console-panel] NetScaler Console - Panel (@dhiyaneshdk) [info]
• [yacht-panel] Yacht Login Panel - Detect (@fur1na) [info]
• [exposed-mcp-server] Exposed MCP JSON-RPC 2.0 API Detection (@ivan_wallarm) [unknown]
• [vscode-launch] Visual Studio Code launch.json Exposure (@dhiyaneshdk) [low]
• [emerson-intellislot-webcard] Emerson Network Power IntelliSlot Web Card - Exposure (@Th3l0newolf) [medium]
• [trust-center-detect] Trust Center Page - Detect (@ajdumanhug) [info]
• [luxtrust-cosi-detect] LuxTrust COSI - Detect (@righettod) [info]
• [streamlit-detect] Streamlit - Detect (@s4e-io) [info]
• [zk-framework-detect] ZK Framework - Detect (@ErikOwen, @cursor) [info]
• [zzcms-register-xss] Zzcms register_nodb.php - Cross Site Scripting (@3th1c_yuk1) [medium]

New Contributors

• @r00tuser111 made their first contribution in #12006
• @saharshtapi made their first contribution in #12011
• @ThibautPierru made their first contribution in #11997
• @ajdumanhug made their first contribution in #12027
• @serdarbsgn made their first contribution in #12022
• @SemenchenkoA made their first contribution in #11944
• @adaminfinitum made their first contribution in #11987

Full Changelog: v10.2.0...v10.2.1