Releases · projectdiscovery/nuclei-templates

27 Apr 17:31

v10.2.0

b01a0db

GCP Cloud Configuration Templates - Nuclei Templates v10.2.0 🎉

🔥 Release Highlights 🔥

We’re excited to announce the expansion of the Nuclei Templates with new templates specifically for Google Cloud Platform (GCP) Configurations. This release introduces a series of specialized security checks tailored for a wide range of GCP services, including Compute Engine, GKE clusters, Cloud Storage buckets, BigQuery datasets, and more. These new templates are crafted to pinpoint common misconfigurations, ensure compliance with regulatory standards, and maintain adherence to industry best practices, leveraging advanced features such as flow and code analysis.

The introduction of these GCP-specific templates empowers security teams to conduct thorough security audits of their GCP environments, uncovering critical misconfigurations and vulnerabilities. Moreover, these checks can be tailored to meet the unique operational demands of different teams, aiding in the prompt detection and remediation of security issues.

We encourage contributors and reviewers to provide their valuable feedback and suggestions to help enhance and evolve these GCP security templates further. For more details, please visit our latest blog post.

Other Highlights

[CVE-2025-34028] Commvault - SSRF via /commandcenter/deployWebpackage.do (@dhiyaneshdk, @abhishekrautela) [critical] 🔥
[CVE-2025-32433] Erlang/OTP SSH - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch, @darses) [critical] 🔥
[CVE-2025-31324] SAP NetWeaver Visual Composer Metadata Uploader - Deserialization (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥
[CVE-2025-30406] Gladinet CentreStack < 16.4.10315.56368 - Unauth RCE (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-29306] FoxCMS v.1.2.5 - Remote Code Execution (@ritikchaddha) [critical] 🔥
[CVE-2024-6235] NetScaler Console - Sensitive Information Disclosure (@dhiyaneshdk) [critical] 🔥

What's Changed

New Templates Added: `268` | CVEs Added: `11` | First-time contributions: `4`

[CVE-2025-34028] Commvault - SSRF via /commandcenter/deployWebpackage.do (@dhiyaneshdk, @abhishekrautela) [critical] 🔥
[CVE-2025-32433] Erlang/OTP SSH - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch, @darses) [critical] 🔥
[CVE-2025-31324] SAP NetWeaver Visual Composer Metadata Uploader - Deserialization (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥
[CVE-2025-30406] Gladinet CentreStack < 16.4.10315.56368 - Unauth RCE (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-29306] FoxCMS v.1.2.5 - Remote Code Execution (@ritikchaddha) [critical] 🔥
[CVE-2025-28367] mojoPortal <=2.9.0.1 - Directory Traversal (@dhiyaneshdk) [medium]
[CVE-2025-27892] Shopware < 6.5.8.13 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2024-32870] iTop Hub Connector - Information Disclosure (@dhiyaneshdk) [medium]
[CVE-2024-6235] NetScaler Console - Sensitive Information Disclosure (@dhiyaneshdk) [critical] 🔥
[CVE-2022-35507] Proxmox - CRLF Injection (@dhiyaneshdk) [high]
[CVE-2022-28508] MantisBT < 2.25.2 - Cross-Site Scripting (@ritikchaddha) [medium]
[gcloud-api-key-restrictions-missing] Missing API Key API Restrictions (@princechaddha) [medium]
[gcloud-api-key-unrestricted] Unrestricted API Key Usage (@princechaddha) [medium]
[gcloud-api-keys-inactive-services] API Keys Should Only Exist for Active Services (@princechaddha) [low]
[gcloud-critical-service-apis-disabled] Critical Service APIs Not Enabled (@princechaddha) [critical]
[gcloud-security-center-api-disabled] Security Command Center API Disabled (@princechaddha) [high]
[gcloud-cloud-asset-disabled] Cloud Asset Inventory Not Enabled (@princechaddha) [high]
[gcloud-artifact-registry-public] Publicly Accessible Artifact Registry Repositories (@princechaddha) [high]
[gcloud-vuln-scan-missing] Artifact Registry Vulnerability Scanning Not Enabled (@princechaddha) [high]
[gcloud-bigquery-cmek-not-enabled] BigQuery Dataset Encryption with Customer-Managed Encryption Keys Not Enabled (@princechaddha) [high]
[gcloud-bigquery-cmk-not-enabled] BigQuery Datasets Not Encrypted with Customer-Managed Keys (@princechaddha) [high]
[gcloud-bigquery-public-datasets] Publicly Accessible BigQuery Datasets (@princechaddha) [high]
[gcloud-backend-bucket-missing-storage] Backend Buckets Referencing Missing Storage Buckets (@princechaddha) [high]
[gcloud-cdn-backend-bucket] Check Cloud CDN Backend Bucket Configuration (@princechaddha) [medium]
[gcloud-cdn-origin-auth-unconfigured] Unconfigured Cloud CDN Origin Authentication (@princechaddha) [medium]
[gcloud-cdn-ssl-enforcement] Cloud CDN SSL/TLS Not Enforced (@princechaddha) [medium]
[gcloud-cdn-tls-unenforced] Unenforced SSL/TLS on Cloud CDN Backend Service Origins (@princechaddha) [medium]
[gcloud-certificate-validity-exceeded] Exceeded SSL Certificate Validity Period (@princechaddha) [medium]
[gcloud-disk-image-public-access] Disk Images Publicly Shared (@princechaddha) [medium]
[gcloud-instance-group-autohealing-disabled] Instance Group Autohealing Not Enabled (@princechaddha) [high]
[gcloud-mig-no-load-balancer] Managed Instance Group Not Using Load Balancer (@princechaddha) [low]
[gcloud-mig-single-zone] Managed Instance Group Not Configured for Multiple Zones (@princechaddha) [low]
[gcloud-oslogin-disabled] OS Login Not Enabled for GCP Projects (@princechaddha) [low]
[gcloud-persistent-disks-suspended-vms] Persistent Disks Attached to Suspended Virtual Machines (@princechaddha) [high]
[gcloud-vm-automatic-restart-disabled] VM Instance Automatic Restart Not Enabled (@princechaddha) [medium]
[gcloud-vm-confidential-computing-disabled] VM Instance Confidential Computing Not Enabled (@princechaddha) [medium]
[gcloud-vm-default-service-account-full-access] VM Instance Using Default Service Account with Full API Access (@princechaddha) [medium]
[gcloud-vm-default-service-account] VM Instance Using Default Service Account (@princechaddha) [medium]
[gcloud-vm-deletion-protection-disabled] VM Instance Deletion Protection Not Enabled (@princechaddha) [medium]
[gcloud-vm-disk-autodelete-enabled] Auto-Delete Not Disabled for VM Instance Persistent Disks (@princechaddha) [medium]
[gcloud-vm-disk-cmk-not-enabled] Virtual Machine Disk Encryption with Customer-Managed Keys Not Enabled (@princechaddha) [high]
[gcloud-vm-disk-csek-disabled] VM Disk Encryption with Customer-Supplied Keys Disabled (@princechaddha) [high]
[gcloud-vm-disk-csek-not-enabled] Virtual Machine Disk Encryption with Customer-Supplied Keys Not Enabled (@princechaddha) [high]
[gcloud-vm-ip-forwarding-enabled] IP Forwarding Not Disabled for VM Instances (@princechaddha) [medium]
[gcloud-vm-maintenance-terminate] VM Instance Maintenance Policy Set to Terminate (@princechaddha) [high]
[gcloud-vm-oslogin-2fa-disabled] OS Login with 2FA Authentication Not Enabled for VM Instances (@princechaddha) [high]
[gcloud-vm-preemptible-enabled] VM Instance Preemptibility Not Disabled (@princechaddha) [high]
[gcloud-vm-project-ssh-keys-enabled] Block Project-Wide SSH Keys Not Enabled (@princechaddha) [medium]
[gcloud-vm-public-ip-enabled] VM Instance Using Public IP Address (@princechaddha) [high]
[gcloud-vm-serial-console-enabled] Interactive Serial Console Support Not Disabled (@princechaddha) [medium]
[gcloud-vm-shielded-disabled] Shielded VM Security Features Not Enabled (@princechaddha) [medium]
[gcloud-dataproc-no-cmk] Dataproc Cluster Not Using Customer-Managed Keys (@princechaddha) [high]
[gcloud-dataproc-public-access] Dataproc Cluster Publicly Accessible (@princechaddha) [high]
[gcloud-dns-dangling-records] Dangling DNS Records Check (@princechaddha) [high]
[gcloud-dns-dnssec-unenabled] DNSSEC Not Enabled for Google Cloud DNS Zones (@princechaddha) [medium]
[gcloud-dnssec-keysigning-rsasha1] DNSSEC RSASHA1 Algorithm Deprecated Usage (@princechaddha) [medium]
[gcloud-dnssec-rsasha1-deprecated] DNSSEC RSASHA1 Algorithm Deprecated (@princechaddha) [medium]
[gcloud-filestore-deletion-protection-disabled] Filestore Instance Deletion Protection Not Enabled (@princechaddha) [medium]
[gcloud-filestore-no-backups] Filestore Instance Not Using On-Demand Backup (@princechaddha) [high]
[gcloud-filestore-no-cmek] Filestore Instance Not Using Customer-Managed Encryption Keys (@princechaddha) [high]
[gcloud-filestore-no-vpc-controls] Filestore Instance Not Protected by VPC Service Controls (@princechaddha) [medium]
[gcloud-filestore-unrestricted-access] Filestore Instance Client Access Not Restricted by IP (@princechaddha) [medium]
[gcloud-func-auto-runtime-updates-disabled] Automatic Runtime Security Updates Disabled in Google Cloud Functions (@princechaddha) [medium]
[gcloud-func-cmek-not-used] No Customer-Managed Encryption Keys in Google Cloud Functions (@princechaddha) [high]
[gcloud-func-inactive-svc-acc] Inactive Service Accounts in Google Cloud Functions (@princechaddha) [high]
[gcloud-func-min-instances-unset] Unset Minimum Instances for Cloud Functions (@princechaddha) [medium]
[gcloud-func-missing-labels] Missing User-Defined Labels in Google Cloud Functions (@princechaddha) [low]
[gcloud-func-no-vpc-access] No Serverless VPC Access in Google Cloud Functions (@princechaddha) [high]
[gcloud-func-public-access] Publicly Accessible Google Cloud Functions (@princechaddha) [high]
[gcloud-func-pubsub-dlt-missing] Configure Dead Lettering for Pub/Sub-Triggered Functions (@princechaddha) [low]
[gcloud-func-secrets-unmanaged] Use Secrets Manager for Managing Secrets in Google Cloud Functions (@princechaddha) [medium]
[gcloud-func-unrestricted-outbound] Unrestricted Outbound Network Access in Google Cloud Functions (@princechaddha) [high]
[gcp-cloud-fu...

Contributors

righettod, matusso, and 17 other contributors

Assets 3

12 Apr 13:43

princechaddha

v10.1.7

196ed9f

v10.1.7

What's Changed

🔥 Release Highlights 🔥

[CVE-2025-32101] UNA CMS 14.0.0-RC - PHP Object Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-31489] MinIO - Signature Validation for Unsigned-Trailer Uploads (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2025-31131] Yeswiki < 4.5.2 - Unauth Path Traversal (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2025-24799] GLPI < 10.0.17 - Pre-Auth SQLi (@ritikchaddha) [critical] 🔥
[CVE-2025-24514] Ingress-Nginx Controller - Configuration Injection auth-url Annotation (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2025-3248] Langflow AI - Unauth Remote Code Execution (@nvn1729) [critical] 🔥
[CVE-2025-2294] Kubio AI Page Builder <= 2.5.1 - Local File Inclusion (@s4e-io) [critical] 🔥
[CVE-2025-1098] Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations (@UNC1739) [high] 🔥
[CVE-2025-1097] Ingress-Nginx Controller - Configuration Injection via Unsanitized auth-tls-match-cn Annotation (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-56325] Apache Pinot < 1.3.0 - Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-55591] Fortinet Authentication Bypass (@rootxharsh, @iamnoooob, @pdresearch) [critical] 🔥
[CVE-2024-7314] AJ-Report < 1.4.1 - Remote Code Execution (@ritikchaddha) [critical] 🔥
[CVE-2023-22047] Oracle Peoplesoft - Unauth File Read (@tuo4n8) [high] 🔥

False Negatives

Improved detection in halo-tism-sqli.yaml (PR #11892).

False Positives

Reduced false positives in hashicorp-consul-unauth.yaml (Issues #11852, #11881)
Corrected misdetection in headless-open-redirect.yaml with specific redirect target (Issue #11885)

Enhancements

Applied waitdialog handling to improve detection in dom-xss.yaml (PR #11921).
Updated detection logic in CVE-2025-1974.yaml for Ingress-Nginx RCE (PR #11917).
Updated smb-shares.yaml to refine share enumeration (PR #11880).
Improved login detection in emqx-default-login.yaml (PR #11865).
Refined credential detection in apache-hertzbeat-default-login.yaml (PR #11850).

Bug Fixes

Fixed metadata resolution issue in ldap-metadata.yaml (PR #11922).

Template Updates

New Templates Added: `64` | CVEs Added: `28` | First-time contributions: `6`

[CVE-2025-32101] UNA CMS 14.0.0-RC - PHP Object Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-31489] MinIO - Incomplete Signature Validation for Unsigned-Trailer Uploads (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2025-31131] Yeswiki < 4.5.2 - Unauth Path Traversal (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2025-31125] Vite Development Server - Path Traversal (@martian, @ritikchaddha, @v2htw) [medium] 🔥
[CVE-2025-30567] WordPress WP01 - Path Traversal (@s4e-io) [high]
[CVE-2025-29085] Vipshop Saturn Console <= 3.5.1 - SQLi via ClusterKey Component (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2025-24799] GLPI < 10.0.17 - Pre-Auth SQLi (@ritikchaddha) [critical] 🔥
[CVE-2025-24514] Ingress-Nginx Controller - Configuration Injection via Unsanitized auth-url Annotation (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2025-3248] Langflow AI - Unauth Remote Code Execution (@nvn1729) [critical] 🔥
[CVE-2025-2748] Kentico Xperience CMS - Unauth Stored XSS (@iamnoooob, @rootxharsh, @pdresearch) [medium] 🔥
[CVE-2025-2563] User Registration & Membership <= 4.1.1 - Unauth Privilege Escalation (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2025-2294] Kubio AI Page Builder <= 2.5.1 - Local File Inclusion (@s4e-io) [critical] 🔥
[CVE-2025-2264] Sante PACS Server.exe - Path Traversal Information Disclosure (@dhiyaneshdk) [high]
[CVE-2025-2075] Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2025-1098] Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations (@UNC1739) [high] 🔥
[CVE-2025-1097] Ingress-Nginx Controller - Configuration Injection via Unsanitized auth-tls-match-cn Annotation (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-56325] Apache Pinot < 1.3.0 - Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-55591] Fortinet Authentication Bypass (@rootxharsh, @iamnoooob, @pdresearch) [critical] 🔥
[CVE-2024-13126] WordPress Download Manager < 3.3.07 - Unauth Data Exposure (@ritikchaddha) [medium]
[CVE-2024-10486] Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File (@popcorn94) [medium]
[CVE-2024-7314] AJ-Report < 1.4.1 - Remote Code Execution (@ritikchaddha) [critical] 🔥
[CVE-2024-7313] Shield Security Plugin < 20.0.6 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2024-3300] Delmia Apriso - Pre-Authentication Unsafe .NET Object Deserialization (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2023-22047] Oracle Peoplesoft - Unauth File Read (@tuo4n8) [high] 🔥
[CVE-2023-7246] System Dashboard < 2.8.10 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-6421] WordPress Download Manager - File Password Exposure (@ritikchaddha) [medium]
[CVE-2023-4490] WordPress Job Portal < 2.0.6 - SQLi (@paresh_parmar1, @configtea) [high]
[CVE-2022-2168] WordPress Download Manager < 3.2.44 - Authenticated Cross-Site Scripting (@ritikchaddha) [medium]
[android-user-certificates-trust] Android Trusts User Certificates (@Th3l0newolf) [medium]
[file-disable-directory-listing] Disable Apache2 Directory Listing (@pussycat0x) [medium]
[file-disable-http-trace-method] Disable Apache2 HTTP TRACE Method (@pussycat0x) [high]
[file-disable-server-header] Disable Apache2 Server Header (@pussycat0x) [medium]
[file-disable-server-signature] Disable Apache Server Signature (@pussycat0x) [medium]
[file-enforce-server-tokens-prod] Enforce Apache2 ServerTokens Prod (@pussycat0x) [medium]
[iis-directory-browsing] IIS Directory Browsing Detection (@pussycat0x) [high]
[iis-logging-disabled] IIS Logging Disabled (@pussycat0x) [medium]
[file-mongodb-audit-log-disabled] MongoDB Audit Logging Disabled (@pussycat0x) [high]
[file-mongodb-auth-disabled] MongoDB Authentication Disabled (@pussycat0x) [high]
[file-mongodb-http-interface-enabled] MongoDB HTTP Interface Enabled (@pussycat0x) [high]
[file-mongodb-ssl-disabled] MongoDB SSL Disabled (@pussycat0x) [high]
[file-disable-nginx-server-tokens] Disbale Nginx Server Tokens (@pussycat0x) [medium]
[file-missing-nginx-bof-protection] Missing Nginx Buffer Overflow Protection (@pussycat0x) [medium]
[file-missing-nginx-xss-protection] Missing Nginx XSS Protection (@pussycat0x) [high]
[file-missing-nginx-hsts] Missing Nginx HSTS (@pussycat0x) [high]
[file-missing-nginx-rate-limiting] Missing Nginx Rate Limiting Configuration (@pussycat0x) [medium]
[adfinity-panel] Adfinity Login Panel - Detect (@righettod) [info]
[dependency-track-panel] Dependency-Track Login - Panel (@Th3l0newolf) [info]
[fortiswitch-panel] Fortiswitch Panel - Detect (@rxerium) [info]
[gladinet-centrestack-panel] CentreStack Login Panel - Detect (@rxerium) [info]
[tibco-mft-panel] TIBCO Managed File Transfer - Panel (@Th3l0newolf) [info]
[3cx-config] 3CX Config - File Disclosure (@dhiyaneshdk) [low]
[cpanel-config] cPanel Configuration - File Disclosure (@dhiyaneshdk) [medium]
[fastcgi-config] FastCGI Configuration - File Disclosure (@dhiyaneshdk) [medium]
[geovision-lfi] GeoVision GV-SNVR0811 - Directory Traversal (@dhiyaneshdk) [high]
[dlink-n300-backup] DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure (@dhiyaneshdk) [high]
[prometheus-unauth] Prometheus Monitoring System - Unauth (@pussycat0x) [high]
[couchdb-detect] CouchDB - Detect (@pussycat0x) [info]
[halo-tism-sqli] Halo ITSM - Pre-Authentication SQLi (@rootxharsh, @iamnoooob, @pdresearch) [critical]
[httpbin-contenttype-xss] HTTPBin - Cross-Site Scripting (@AyushXtha) [medium]
[oracle-detect] Oracle - Detection (@pussycat0x) [info]
[rdp-detect] RDP - Detection (@pussycat0x) [info]
[ntlm-info] NTLM Information - Detection (@pussycat0x) [info]
[smb-v1-supported] SMB v1 Supported - Detection (@pussycat0x) [info]
[ldap-anonymous-login-detect] LDAP Anonymous Login - Detect (@pussycat0x, @S0obi) [medium]

New Contributors

@Th3l0newolf made their first contribution in #11786
@AyushXtha made their first contribution in #11782
@tuo4n8 made their first contribution in #11870
@PareshParmar made their first contribution in #11874
@micktaiwan made their first contribution in #11784
@passkal4 made their first contribution in #11857

Full Changelog: v10.1.6...v10.1.7

Contributors

micktaiwan, nvn1729, and 20 other contributors

Assets 3

28 Mar 11:35

princechaddha

v10.1.6

30af57b

v10.1.6

What's Changed

🔥 Release Highlights 🔥

[CVE-2025-29927] Next.js Middleware Bypass (@pdresearch, @pdteam, @hazedic) [critical] 🔥
[CVE-2025-26319] FlowiseAI Flowise <= 2.2.6 - Arbitrary File Upload (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2025-25291] GitLab - SAML Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-24813] Apache Tomcat Path Equivalence - RCE (@iamnoooob, @rootxharsh, @pdresearch, @themiddle) [critical] 🔥
[CVE-2025-2825] CrushFTP - Authentication Bypass (@parthmalhotra, @Ice3man, @dhiyaneshdk, @pdresearch) [critical] 🔥
[CVE-2025-1974] Ingress-Nginx Controller - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-1661] HUSKY – for WooCommerce <= 1.3.6.5 - Unauth LFI (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-53991] Discourse Backup File Disclosure - Nginx Configuration (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-51378] CyberPanel - Command Injection (@ritikchaddha) [critical] 🔥
[CVE-2024-13496] GamiPress <= 2.8.9 - SQL Injection (@ritikchaddha) [high] 🔥
[CVE-2023-22952] SugarCRM Unauthenticated - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥

False Negatives

CVE-2025-24813 PUT method not sending data (Issue #11798)
Hardcoded interact.sh in 178 templates (Issue #11771)

False Positives

Missing MFA check (Issue #11761)
CVE-2022-40032 (Issue #11758)
CVE-2021-40822 (Issue #11119)
external-service-interaction.yaml (PR #11809)
internal-ip-disclosure.yaml (PR #11806)
CVE-2022-40032 (PR #11791)

Enhancements

CVE-2025-2825.yaml (PR #11839)
CVE-2025-29927.yaml (PRs #11804, #11820)
mobsf-apktool-lfi.yaml renamed and updated to CVE-2024-21633.yaml (PR #11805)
CVE-2020-28351.yaml (PR #11794)
CVE-2020-2036.yaml (PR #11795)
oracle-ebs-xss.yaml (PR #11792)
polyfill-backdoor.yaml (PR #11748)
craft-cms-detect.yaml (PR #11700)

Bug Fixes

Fixed Dell iDRAC workflow issue (Issue #10876).
Fixed GET request handling in CVE-2025-24813 (Issue #11759).

Template Updates

New Templates Added: `78` | CVEs Added: `45` | First-time contributions: `8`

[CVE-2025-30208] Vite - Arbitrary File Read (@v2htw) [medium] 🔥
[CVE-2025-29927] Next.js Middleware Bypass (@pdresearch, @pdteam, @hazedic) [critical] 🔥
[CVE-2025-26319] FlowiseAI Flowise <= 2.2.6 - Arbitrary File Upload (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2025-25291] GitLab - SAML Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-24813] Apache Tomcat Path Equivalence - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch, @themiddle) [critical] 🔥
[CVE-2025-2825] CrushFTP - Authentication Bypass (@parthmalhotra, @Ice3man, @dhiyaneshdk, @pdresearch) [critical] 🔥
[CVE-2025-2539] File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2025-2129] Mage AI - Insecure Default Authentication Setup (@zn9988, @H0j3n) [medium]
[CVE-2025-1974] Ingress-Nginx Controller - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-1661] HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-1323] WP-Recall – Plugin <= 16.26.10 - Unauthenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-57050] TP-LINK WR840N v6 up to 0.9.1 4.16 - Improper Authentication (@dhiyaneshdk) [critical]
[CVE-2024-57049] TP-Link Archer C20 - Authentication Bypass (@ritikchaddha) [critical]
[CVE-2024-57046] Netgear DGN2200 - Improper Authentication (@ritikchaddha) [high]
[CVE-2024-57045] D-Link DIR-859 - Information Disclosure (@ritikchaddha) [critical]
[CVE-2024-55556] InvoiceShelf <= 1.3.0 - PHP Deserialization (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2024-54767] AVM FRITZ!Box 7530 AX - Unauthorized Access (@dhiyaneshdk) [high]
[CVE-2024-54764] ipTIME A2004 - Unauthorized Access (@ritikchaddha) [medium]
[CVE-2024-54763] ipTIME A2004 - Unauthorized Access (@ritikchaddha) [medium]
[CVE-2024-53991] Discourse Backup File Disclosure Via Default Nginx Configuration (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-52763] Ganglia Web Interface (v3.7.3 - v3.7.5) - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2024-52762] Ganglia Web Interface (v3.7.3 - v3.7.6) - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2024-51378] CyberPanel - Command Injection (@ritikchaddha) [critical] 🔥
[CVE-2024-30570] Netgear R6850 - Information Disclosure (@ritikchaddha) [medium]
[CVE-2024-30569] Netgear R6850 - Information Disclosure (@ritikchaddha) [medium]
[CVE-2024-30568] Netgear R6850 V1.1.0.88 - Command Injection (@ritikchaddha) [critical]
[CVE-2024-21485] Dash Framework - Cross-site Scripting (@lee Changhyun(eeche)) [medium]
[CVE-2024-13853] WordPress SEO Tools Plugin 4.0.7 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2024-13624] WordPress WPMovieLibrary Plugin <= 2.1.4.8 - Cross-Site Scripting (@ritikchaddha) [high]
[CVE-2024-13496] GamiPress <= 2.8.9 - SQL Injection (@ritikchaddha) [high] 🔥
[CVE-2024-11740] Download Manager < 3.3.04 - Unauthenticated Arbitrary Shortcode Execution (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-10783] WordPress Plugin MainWP Child - Authentication Bypass (@sean Murphy, @iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-6892] Journyx 11.5.4 - Reflected Cross Site Scripting (@dhiyaneshdk) [medium]
[CVE-2024-6651] WordPress File Upload Plugin < 4.24.8 - Cross-Site Scripting (@ritikchaddha) [high]
[CVE-2024-6460] WordPress Grow by Tradedoubler Plugin < 2.0.22 - Unauthenticated Local File Inclusion (@ritikchaddha) [critical]
[CVE-2024-4399] WordPress CAS Theme <= 1.0.0 - Server-Side Request Forgery (@ritikchaddha) [critical]
[CVE-2024-3080] ASUS DSL-AC88U - Authentication Bypass (@ritikchaddha) [critical]
[CVE-2024-3032] WordPress Themify Builder < 7.5.8 - Open Redirect (@ritikchaddha) [medium]
[CVE-2023-49489] KodeExplorer 4.51 - Reflective Cross Site Scripting (XSS) (@dhiyaneshdk) [medium]
[CVE-2023-31478] GL.iNET SSID Key Disclosure (@dhiyaneshdk) [high]
[CVE-2023-22952] SugarCRM Unauthenticated - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2023-5974] WordPress WPB Show Core <= 2.2 - Server-Side Request Forgery (@ritikchaddha) [critical]
[CVE-2023-4284] WordPress Post Timeline Plugin < 2.2.6 - Cross-Site Scripting (@ritikchaddha) [high]
[CVE-2023-2518] WordPress Easy Forms for Mailchimp Plugin < 6.8.9 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-2256] WordPress Product Addons & Fields for WooCommerce < 32.0.7 - Cross-Site Scripting (@ritikchaddha) [high]
[CVE-2025-1974-k8s] Ingress-Nginx Controller - Unauthenticated Remote Code Execution (@princechaddha) [critical]
[CVE-2025-29927-HEADLESS] Next.js Middleware Authorization Bypass (@Ademking) [critical]
[insecure-powershell-execution-policy] Insecure PowerShell Execution Policy - Detect (@JeonSungHyun[nukunga]) [medium]
[powershell-script-block-logging-disabled] PowerShell Script Block Logging - Disabled (@JeonSungHyun[nukunga]) [medium]
[chirpstack-default-login] ChirpStack - Default Login (@t3l3machus) [high]
[unify-hipath-default-login] Unify HiPath Cordless IP - Default Login (@flx) [high]
[chirpstack-login] ChirpStack LoRaWAN Detection (@projectdiscoveryai) [info]
[cisco-webui-login] Cisco Web UI Login - Detect (@drewvravick) [info]
[dbt-docs-panel] dbt Docs Panel - Detect (@johnk3r) [info]
[vectoradmin-panel] VectorAdmin Panel - Detect (@s4e-io) [info]
[xphoneconnect-admin-panel] XPhone Connect Admin Interface - Detect (@flx) [info]
[dnsmasq-config] Dnsmasq Config - File Disclosure (@dhiyaneshdk) [low]
[elastic-kibana-config] Elastic Kibana Config - File Disclosure (@dhiyaneshdk) [medium]
[gunicorn-config-file] Gunicorn Config File - File Disclosure (@dhiyaneshdk) [low]
[haproxy-config-file] Haproxy Config - File Disclosure (@dhiyaneshdk) [low]
[icecast-config] Icecast Config - File Disclosure (@dhiyaneshdk) [low]
[lighttpd-config-file] Lighttpd Config File - File Disclosure (@dhiyaneshdk) [low]
[log4-properties] Log4j Properties - File Disclosure (@dhiyaneshdk) [low]
[next-js-config-file] Next JS Config - File Disclosure (@dhiyaneshdk) [low]
[nuxtjs-config-file] Nuxtjs Config File - File Disclosure (@dhiyaneshdk) [low]
[vercel-config-file] Vercel Config File - File Disclosure (@dhiyaneshdk) [low]
[vugex-source-detect] Vugex Framework Source Code - Detect (@projectdiscoveryai, @pdteam) [medium]
[hashicorp-consul-unauth] Hashicorp Consul API Unauthenticated (@pussycat0x) [medium]
[basercms-install] baserCMS Installation - Exposure (@ritikchaddha) [critical]
[kentico-13-auth-bypass-wt-2025-0006] Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006) (@dhiyaneshdk) [unknown]
[kentico-13-auth-bypass-wt-2025-0011] Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0011) (@dhiyaneshdk) [unknown]
[apache-hertzbeat-detect] Apache Hertzbeat - Detect (@icarot) [info]
[flutter-web-detect] Flutter Web Application - Detect (@incogbyte) [info]
[oqtane-cms-db] Oqtane CMS Database - Detect (@Masoud Abdaal) [info]
[drupal7-elfinder-rce] Drupal 7 Elfinder - Remote Code Execution (@1337kro) [critical]
[netgear-wnr614-auth-bypass] Netgear WNR614 - Improper Authentication (@ritikchaddha) [high]
[mockoon-lfi] Mockoon <= 9.1.0 - Path Traversal (@iamnoooob, @rootxharsh, @pdresearch) [high]
[siam-xss] SIAM 2.0 - Cross-Site Scripting (@3th1c_yuk1) [medium]

New Contributors

@felixsta made their first contribution in https://github.com/projectdis...

Contributors

lee, sean, and 30 other contributors

Assets 3

10 Mar 12:01

princechaddha

v10.1.5

f41c1e9

CSP Bypass Templates - Nuclei Templates v10.1.5 🎉

🔥 Release Highlights 🔥

With this release, we are adding new CSP Bypass (DAST) Nuclei Templates to help security teams and bug hunters efficiently identify Content Security Policy (CSP) misconfigurations. These templates automate the detection of CSP bypass techniques, allowing testers to analyze real-world attack scenarios where CSP restrictions can be circumvented in the presence of existing XSS vulnerabilities.

We encourage contributors and reviewers to provide their valuable feedback and suggestions to help enhance and update these CSP Bypass templates further. For more details, please visit our latest blog post.

Other Highlights

[CVE-2025-27218] Sitecore Experience Manager (XM)/Experience Platform (XP) 10.4 - Insecure Deserialization (@iamnoooob, @rootxharsh, @pdresearch) [medium] 🔥
[CVE-2025-26793] FREEDOM Administration - Default Login (@eric Daigle, @dhiyaneshdk) [critical] 🔥
[CVE-2025-24893] XWiki Platform - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-24752] Essential Addons for Elementor < 6.0.15 - Cross-Site Scripting (@dhiyaneshdk) [medium] 🔥
[CVE-2024-48248] NAKIVO Backup and Replication Solution - Unauthenticated Arbitrary File Read (@dhiyaneshdk) [high] 🔥
[CVE-2024-13161] Ivanti EPM - Credential Coercion Vulnerability in GetHashForSingleFile (@ritikchaddha) [critical] 🔥
[CVE-2024-13160] Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard (@ritikchaddha) [critical] 🔥
[CVE-2024-13159] Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcardRecursive (@ritikchaddha) [critical] 🔥
[CVE-2024-12356] Privileged Remote Access & Remote - Command Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2023-47248] PyArrow Flight RPC - Remote Code Execution (@smolse) [critical] 🔥
[CVE-2022-29455] WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting (@RotemBar, @daffainfo) [medium] 🔥

What's Changed

New Templates Added: `281` | CVEs Added: `23` | First-time contributions: `4`

[CVE-2025-27218] Sitecore Experience Manager (XM)/Experience Platform (XP) 10.4 - Insecure Deserialization (@iamnoooob, @rootxharsh, @pdresearch) [medium] 🔥
[CVE-2025-27112] Navidrome <=0.54.5 - Auth Bypass in Subsonic API (@iamnoooob, @rootxharsh, @pdresearch) [medium]
[CVE-2025-26793] FREEDOM Administration - Default Login (@eric Daigle, @dhiyaneshdk) [critical] 🔥
[CVE-2025-25062] Backdrop CMS - Cross-Site Scripting (@soonghee2) [medium]
[CVE-2025-24893] XWiki Platform - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-24752] Essential Addons for Elementor < 6.0.15 - Cross-Site Scripting (@dhiyaneshdk) [medium] 🔥
[CVE-2025-22952] Elestio Memos <= v0.24.0 - Server-Side Request Forgery (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2025-1025] Cockpit < 2.4.1 - Arbitrary File Upload (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2025-0868] DocsGPT - Unauthenticated Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2024-56331] Uptime-Kuma - Local File Inclusion (LFI) (@hyni03) [critical]
[CVE-2024-51228] TOTOLINK CX-A3002RU - Remote Code Execution (@dhiyaneshdk) [medium]
[CVE-2024-48248] NAKIVO Backup and Replication Solution - Unauthenticated Arbitrary File Read (@dhiyaneshdk) [high] 🔥
[CVE-2024-13888] WPMobile.App <= 11.56 - Open Redirect (@s4e-io) [high]
[CVE-2024-13161] Ivanti EPM - Credential Coercion Vulnerability in GetHashForSingleFile (@ritikchaddha) [critical] 🔥
[CVE-2024-13160] Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard (@ritikchaddha) [critical] 🔥
[CVE-2024-13159] Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcardRecursive (@ritikchaddha) [critical] 🔥
[CVE-2024-12824] Nokri – Job Board <= 1.6.2 - Unauth Password Change (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2024-12356] Privileged Remote Access & Remote - Command Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-11396] Event Monster <= 1.4.3 - Information Exposure Via Visitors List Export (@s4e-io) [medium]
[CVE-2024-9193] WHMpress <= 6.3 - Unauth LFI to Arbitrary Options Update (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2023-47248] PyArrow Flight RPC - Remote Code Execution (@smolse) [critical] 🔥
[CVE-2023-45826] Leantime < 2.4 - Authenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [medium]
[CVE-2022-29455] WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting (@RotemBar, @daffainfo) [medium] 🔥
[remote-desktop-default-port] Remote Desktop Listening Default Port - Detect (@asteria121) [info]
[python-code-injection] Python Code Injection (@ritikchaddha) [high]
[open-redirect-bypass] Open Redirect Bypass (@ritikchaddha) [medium]
[freemarker-sandbox-bypass-ssti] Freemarker < 2.3.30 Sandbox Bypass - Server Side Template Injection (@ritikchaddha) [high]
[codepen-oob] Codepen - Out of Band Template Injection (@ritikchaddha) [high]
[jinjava-ssti] Jinjava - Server Side Template Injection (@ritikchaddha) [high]
[pebble-oob] Pebble - Out of Band Template Injection (@ritikchaddha) [high]
[spring-expression-oob] Spring Expression Language - Out of Band Template Injection (@ritikchaddha) [high]
[thymeleaf-oob] Thymeleaf - Out of Band Template Injection (@ritikchaddha) [high]
[razor-ssti] Razor - Server Side Template Injection (@ritikchaddha) [high]
[smarty-ssti] Smarty - Server Side Template Injection (@ritikchaddha) [high]
[twig-ssti] Twig - Server Side Template Injection (@ritikchaddha) [high]
[adnxs-ib-csp-bypass] Content-Security-Policy Bypass - Adnxs IB (@renniepak, @dhiyaneshdk) [medium]
[adnxs-secure-csp-bypass] Content-Security-Policy Bypass - Adnxs Secure (@renniepak, @dhiyaneshdk) [medium]
[adobe-campaign-csp-bypass] Content-Security-Policy Bypass - Adobe Campaign (@renniepak, @dhiyaneshdk) [medium]
[adroll-csp-bypass] Content-Security-Policy Bypass - AdRoll (@renniepak, @dhiyaneshdk) [medium]
[afterpay-help-csp-bypass] Content-Security-Policy Bypass - Afterpay Help (@renniepak, @dhiyaneshdk) [medium]
[akamai-content-csp-bypass] Content-Security-Policy Bypass - Akamai Content (@renniepak, @dhiyaneshdk) [medium]
[alibaba-ug-csp-bypass] Content-Security-Policy Bypass - Alibaba UG (@renniepak, @dhiyaneshdk) [medium]
[aliexpress-acs-csp-bypass] Content-Security-Policy Bypass - AliExpress ACS (@renniepak, @dhiyaneshdk) [medium]
[amap-wb-csp-bypass] Content-Security-Policy Bypass - AMap WB (@renniepak, @dhiyaneshdk) [medium]
[amazon-aax-eu-csp-bypass] Content-Security-Policy Bypass - Amazon AAX EU (@renniepak, @dhiyaneshdk) [medium]
[amazon-media-csp-bypass] Content-Security-Policy Bypass - Amazon Media (@renniepak, @dhiyaneshdk) [medium]
[amazon-romania-csp-bypass] Content-Security-Policy Bypass - Amazon Romania (@renniepak, @dhiyaneshdk) [medium]
[amazon-s3-elysium-csp-bypass] Content-Security-Policy Bypass - Amazon S3 Elysium (@renniepak, @dhiyaneshdk) [medium]
[ancestrycdn-angular-csp-bypass] Content-Security-Policy Bypass - AncestryCDN Angular (@renniepak, @dhiyaneshdk) [medium]
[angularjs-code-csp-bypass] Content-Security-Policy Bypass - AngularJS Code (@renniepak, @dhiyaneshdk) [medium]
[app-link-csp-bypass] Content-Security-Policy Bypass - App Link (@renniepak, @dhiyaneshdk) [medium]
[apple-developer-csp-bypass] Content-Security-Policy Bypass - Apple Developer (@renniepak, @dhiyaneshdk) [medium]
[arkoselabs-cdn-csp-bypass] Content-Security-Policy Bypass - Arkose Labs CDN (@renniepak, @dhiyaneshdk) [medium]
[arkoselabs-client-api-csp-bypass] Content-Security-Policy Bypass - Arkose Labs Client API (@renniepak, @dhiyaneshdk) [medium]
[ayco-portal-csp-bypass] Content-Security-Policy Bypass - Ayco Portal (@renniepak, @dhiyaneshdk) [medium]
[azure-inno-csp-bypass] Content-Security-Policy Bypass - Azure Inno (@renniepak, @dhiyaneshdk) [medium]
[baidu-map-api-csp-bypass] Content-Security-Policy Bypass - Baidu Map API (@renniepak, @dhiyaneshdk) [medium]
[baidu-passport-csp-bypass] Content-Security-Policy Bypass - Baidu Passport (@renniepak, @dhiyaneshdk) [medium]
[battlenet-eu-csp-bypass] Content-Security-Policy Bypass - Battle.net EU (@renniepak, @dhiyaneshdk) [medium]
[bazaarvoice-api-csp-bypass] Content-Security-Policy Bypass - Bazaarvoice API (@renniepak, @dhiyaneshdk) [medium]
[bdimg-apps-csp-bypass] Content-Security-Policy Bypass - BDImg Apps (@renniepak, @dhiyaneshdk) [medium]
[bebezoo-1688-csp-bypass] Content-Security-Policy Bypass - Bebezoo 1688 (@renniepak, @dhiyaneshdk) [medium]
[bild-don-csp-bypass] Content-Security-Policy Bypass - Bild Don (@renniepak, @dhiyaneshdk) [medium]
[bing-api-csp-bypass] Content-Security-Policy Bypass - Bing API (@renniepak, @dhiyaneshdk) [medium]
[bing-csp-bypass] Content-Security-Policy Bypass - Bing (@renniepak, @dhiyaneshdk) [medium]
[blogger-api-csp-bypass] Content-Security-Policy Bypass - Blogger API (@renniepak, @dhiyaneshdk) [medium]
[buzzfeed-mango-csp-bypass] Content-Security-Policy Bypass - BuzzFeed Mango (@renniepak, @dhiyaneshdk) [medium]
[bytedance-sso-csp-bypass] Content-Security-Policy Bypass - ByteDance SSO (@renniepak, @dhiyaneshdk) [medium]
[carbonads-srv-csp-bypass] Content-Security-Policy Bypass - CarbonAds SRV (@renniepak, @dhiyaneshdk) [medium]
[chartbeat-api-csp-bypass] Content-Security-Policy Bypass - Chartbeat API (@renniepak, @dhiyaneshdk) [medium]
[clearbit-reveal-csp-bypass] Content-Security-Policy Bypass - Clearbit Reveal (@renniepak, @dhiyaneshdk) [medium]
[cloudflare-cdn-csp-bypass] Content-Security-Policy Bypass - Cloudflare CDN (@renniepak, @dhiyaneshdk) [medium]
[cloudflare-challenges-csp-bypass] Content-Security-Policy Bypass - Cloudflare Challenges (@renniepak, @DH...

Contributors

eric, geeknik, and 24 other contributors

Assets 3

21 Feb 18:41

princechaddha

v10.1.3

b98b28b

v10.1.3

What's Changed

🔥 Release Highlights 🔥

[CVE-2025-0108] PAN-OS Management Interface - Path Confusion to Auth Bypass (@halencarjunior, @ritikchaddha) [critical] 🔥
[CVE-2024-55415] DevDojo Voyager <=1.8.0 - Arbitrary File Read (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-53704] SSL VPN Session Hijacking (@johnk3r) [critical] 🔥
[CVE-2024-46507] Yeti Platform < 2.1.12 - Server-Side Template Injection RCE (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-27115] SOPlanning - Remote Code Execution (@[email protected]) [high] 🔥
[CVE-2024-24759] MindsDB - DNS Rebinding SSRF Protection Bypass (@lee Changhyun(eeche)) [high] 🔥
[CVE-2024-5082] Nexus Repository 2 - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2022-25226] ThinVNC - Authentication Bypass (@ritikchaddha) [critical] 🔥

False Negatives

[FALSE-NEGATIVE] wp-user-enum.yaml #11533
Fix FN wp-user-enum.yaml #11556

False Positives

[FALSE-POSITIVE] CVE-2024-4439 #11496
[FALSE-POSITIVE] http/technologies/ivanti-epm-detect.yaml #11483
[FALSE-POSITIVE] Next.js - Cache Poisoning - Headers #11473
Fixed FP in CVE-2022-2535.yaml #11510
Fixed Flase Positive | Next.js - Cache Poisoning - Headers #11532

Enhancements

Update CVE-2023-26360.yaml #11524
Update Duplicate id #11530
Update prestashop-cartabandonmentpro-file-upload.yaml (Added Additional Path) #11573
fix(apache): make reference links correct #11604
Add new title support for jenkins-openuser-register.yaml #11606
Update siteminder-dom-xss.yaml #11613
Update CVE-2020-11710.yaml #11619
Update fingerprinthub-web-fingerprints.yaml #11622
Disabling redirects for mixed-active-content template #11628
Refactor the "NETDATA" template. #11629

Bug Fixes

Template Updates

New Templates Added: `52` | CVEs Added: `25` | First-time contributions: `11`

[CVE-2025-24963] Vitest Browser Mode - Local File Read (@iamnoooob, @rootxharsh, @pdresearch) [medium]
[CVE-2025-1035] KLog Server - Path Traversal (@s4e-io) [medium]
[CVE-2025-0108] PAN-OS Management Interface - Path Confusion to Authentication Bypass (@halencarjunior, @ritikchaddha) [critical] 🔥
[CVE-2024-57514] TP-Link Archer A20 v3 Router - Cross-site Scripting (@s4e-io) [medium]
[CVE-2024-55417] DevDojo Voyager <= 1.8.0 - Arbitrary File Write vulnerability (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-55416] DevDojo Voyager <=1.8.0 - Cross-Site Scripting (@iamnoooob, @rootxharsh, @pdresearch) [low]
[CVE-2024-55415] DevDojo Voyager <=1.8.0 - Arbitrary File Read (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-53704] SSL VPN Session Hijacking (@johnk3r) [critical] 🔥
[CVE-2024-50967] DATAGERRY - Improper Access Control (@s4e-io, @0xByteHunter) [high]
[CVE-2024-48766] NetAlert X - Arbitary File Read (@s4e-io) [critical]
[CVE-2024-46507] Yeti Platform < 2.1.12 - Server-Side Template Injection to RCE (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-45591] XWiki Platform - Unauthorized Document History Access (@pd-bot) [medium]
[CVE-2024-27115] SOPlanning - Remote Code Execution (@[email protected]) [high] 🔥
[CVE-2024-24759] MindsDB - DNS Rebinding SSRF Protection Bypass (@lee Changhyun(eeche)) [high] 🔥
[CVE-2024-13726] Themes Coder Ecommerce <= 1.3.4 - SQL Injection (@s4e-io) [high]
[CVE-2024-12760] BentoML v1.3.9 - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2024-11044] Stable Diffusion Webui 1.10.0 - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2024-10908] FastChat - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2024-10812] GPT Academic v1.3.9 - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2024-6886] Gitea 1.22.0 - Cross-Site Scripting (@soonghee2) [medium]
[CVE-2024-5082] Nexus Repository 2 - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2022-26271] 74cmsSE v3.4.1 - Arbitrary File Read (@ritikchaddha) [high]
[CVE-2022-25226] ThinVNC - Authentication Bypass (@ritikchaddha) [critical] 🔥
[CVE-2022-3766] phpMyFAQ < 3.1.8 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2021-45793] Slims9 Bulian 9.4.2 - SQL Injection (@nblirwn) [high]
[shopify-shared-secret-key] Shopify Shared Secret (@gaurang) [high]
[devdojo-voyager-default-login] DevDojo Voyager - Default login (@iamnoooob, @rootxharsh, @pdresearch) [high]
[datagerry-panel] Datagerry Panel - Detect (@s4e-io) [info]
[dify-panel] Dify Panel - Detect (@s4e-io) [info]
[klog-server-panel] Klog Server Panel - Detect (@s4e-io) [info]
[netalertx-panel] NetAlert X Panel - Detect (@s4e-io) [info]
[opentext-contentserver-panel] OpenText Content Server Login Panel - Detect (@righettod) [info]
[reposilite-panel] Reposilite Login Panel - Detect (@righettod) [info]
[supertokens-login-panel] Supertokens Login Panel - Detect (@rxerium) [info]
[tenemos-t24-panel] Tenemos T24 Login Panel - Detect (@righettod) [info]
[veracore-panel] Veracore Login - Detect (@rxerium) [info]
[secrets-patterns-rules] Secrets Patterns (Rules) (@dwisiswant0) [info]
[casdoor-unauth-operations] Casdoor <=v1.811.0 - Unauthenticated SCIM Operations (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[netalertx-dashboard] NetAlert X Admin Dashboard - Exposed (@s4e-io) [medium]
[attu-detect] Attu - Detect (@s4e-io) [info]
[caobox-cms-detect] Caobox CMS - Detect (@chirag Mistry) [info]
[frappe-framework-detect] Frappe Framework - Detect (@righettod) [info]
[ivanti-endpoint-manager] Ivanti Endpoint Manager - Detect (@ritikchaddha) [info]
[jway-products-detect] JWay Products - Detect (@righettod) [info]
[powerbi-report-server-detect] PowerBI Report Server - Detect (@righettod) [info]
[milvus-detect] Milvus - Detect (@s4e-io) [info]
[nextchat-detect] NextChat - Detect (@s4e-io) [info]
[sekolahku-cms-detect] Sekolahku CMS - Detect (@nblirwn) [info]
[slims-cms-detect] Slims CMS - Detect (@nblirwn) [info]
[netgear-dgn-rce] Netgear DGN Devices - Command Execution (@3th1c_yuk1) [critical]
[slims-8-akasia-xss] Senayan Library Management System v8.3.1 (Akasia) - Cross-Site Scripting (@nblirwn) [medium]
[slims-9-xss-index] Senayan Library Management System v9.5.2 (Bulian) - Cross-Site Scripting (@nblirwn) [medium]

New Contributors

@Sechunt3r made their first contribution in #11531
@mistry4592 made their first contribution in #11516
@nblirwn made their first contribution in #11550
@VulnScout-Chris made their first contribution in #11570
@missing0x00 made their first contribution in #11577
@babariviere made their first contribution in #11604
@kee-reel made their first contribution in #11606
@halil-s4e made their first contribution in #11633
@domwhewell-sage made their first contribution in #11619
@mpatil-netspi made their first contribution in #11613
@halencarjunior made their first contribution in #11623

Full Changelog: v10.1.2...v10.1.3

Contributors

lee, chirag, and 24 other contributors

Assets 3

22 Jan 07:04

princechaddha

v10.1.2

7c90874

v10.1.2

What's Changed

🔥 Release Highlights 🔥

[CVE-2024-57727] SimpleHelp <= 5.5.7 - Unauth Path Traversal (@iamnoooob, @rootxharsh, @pdresearch, @3th1cyuk1) [high] 🔥
[CVE-2024-56145] Craft CMS - Remote Code Execution via Template Path Manipulation (@jackhax) [critical] 🔥
[CVE-2024-50603] Aviatrix Controller - Remote Code Execution (@newlinesec, @securing.pl) [critical] 🔥
[CVE-2024-9264] Grafana Post-Auth DuckDB - SQL Injection To File Read (@princechaddha) [critical] 🔥
[CVE-2024-9047] WordPress File Upload <= 4.24.11 - Arbitrary File Read (@s4e-io) [critical] 🔥
[CVE-2024-7097] WSO2 User Registration - Arbitrary Account Creation (@iamnoooob, @rootxharsh, @pdresearch) [medium] 🔥
[CVE-2023-48788] Fortinet Forticlient Endpoint Management Server - SQL Injection (@james Horseman, @ItshMoh) [critical] 🔥
[CVE-2021-35394] RealTek AP Router SDK - Arbitrary Command Injection (@king-alexander) [critical] 🔥

Bug Fixes

False Negatives

Report Google Client ID from headers #11443
kong-detect misses valid kong endpoint [nuclei-template] #11468
False Negatives in missing-sri #11337

False Positives

False positive templates #11233 CVE-2024-25600
CVE-2024-32651 #10804 false-positive

Enhancements

Update crxde-lite.yaml #11477 (Based on AdobeDocs for AEM 6.5)
Update kong-detect.yaml #11484
Update google-client-id.yaml #11470
Update mfa-console-password-disabled.yaml #11437
Updated hybris-default-login template with default HAC locations #11431
Update jolokia-createstandardhost-rce.yaml #11428
Update old-copyright.yaml #11425
Update sonarqube-cloud-token.yaml #11422
Severity Update Of DAST Templates #11413
Update missing-sri.yaml with css checks #11338
Update php-debugbar-exposure.yaml #10968

Template Updates

New Templates Added: `52` | CVEs Added: `23` | First-time contributions: `14`

[CVE-2024-57727] SimpleHelp <= 5.5.7 - Unauth Path Traversal (@iamnoooob, @rootxharsh, @pdresearch, @3th1cyuk1) [high] 🔥
[CVE-2024-56512] Apache NiFi - Information Disclosure (@dhiyaneshdk) [medium]
[CVE-2024-56145] Craft CMS - Remote Code Execution via Template Path Manipulation (@jackhax) [critical] 🔥
[CVE-2024-55457] MasterSAM Star Gate v11 - Local File Inclusion (@dhiyaneshdk) [high]
[CVE-2024-55218] IceWarp Server 10.2.1 - Cross-Site Scripting (@s4e-io) [medium]
[CVE-2024-54385] Radio Player <= 2.0.82 - Server-Side Request Forgery (@s4e-io) [high]
[CVE-2024-54330] Hurrakify <= 2.4 - Server-Side Request Forgery (@s4e-io) [high]
[CVE-2024-50603] Aviatrix Controller - Remote Code Execution (@newlinesec, @securing.pl) [critical] 🔥
[CVE-2024-48455] Netis Wifi Router - Information Disclosure (@s4e-io) [high]
[CVE-2024-38353] CodiMD <2.5.4 - Insecure Filename Randomization (@denandz, @PulseSecurity.co.nz) [medium]
[CVE-2024-12849] Error Log Viewer By WP Guru <= 1.0.1.3 - Missing Authorization to Arbitrary File Read (@s4e-io) [high]
[CVE-2024-11921] Give WP Plugin < 3.19.0 - Cross-Site Scripting (@Splint3r7) [high]
[CVE-2024-9989] Crypto <= 2.15 - Authentication Bypass (@s4e-io) [critical]
[CVE-2024-9264] Grafana Post-Auth DuckDB - SQL Injection To File Read (@princechaddha) [critical] 🔥
[CVE-2024-9047] WordPress File Upload <= 4.24.11 - Arbitrary File Read (@s4e-io) [critical] 🔥
[CVE-2024-7097] WSO2 User Registration - Arbitrary Account Creation (@iamnoooob, @rootxharsh, @pdresearch) [medium] 🔥
[CVE-2024-0986] Issabel Authenticated - Remote Code Execution (@EunJi) [medium]
[CVE-2023-48788] Fortinet Forticlient Endpoint Management Server - SQL Injection (@james Horseman, @ItshMoh) [critical] 🔥
[CVE-2022-40624] pfSense pfBlockerNG - OS Command Injection (@ritikchaddha) [critical]
[CVE-2022-40443] ZZCMS 2022 - Path Information Disclosure (@ritikchaddha) [low]
[CVE-2021-35394] RealTek AP Router SDK - Arbitrary Command Injection (@king-alexander) [critical] 🔥
[CVE-2021-31324] CentOS Web Panel - OS Command Injection (@ritikchaddha) [critical]
[CVE-2021-31316] CentOS Web Panel - SQL Injection (@ritikchaddha) [critical]
[privesc-agetty] agetty - Privilege Escalation (@bobAKAbill) [high]
[CNVD-2024-33023] UFIDA U8 Cloud - SQL Injection (@s4e-io) [high]
[cloudlog-panel] Cloudlog Panel - Detect (@s4e-io) [info]
[frappe-helpdesk-panel] Frappe Helpdesk Login Panel - Detect (@righettod) [info]
[huly-panel] Huly Login Panel - Detect (@righettod) [info]
[i-librarian-panel] I-Librarian Panel - Detect (@s4e-io) [info]
[opnsense-panel] OPNsense Panel - Detect (@Splint3r7, @johnk3r) [info]
[stirling-pdf-panel] Stirling PDF Panel - Detect (@s4e-io) [info]
[tabby-panel] Tabby Panel - Detect (@s4e-io) [info]
[vaultwarden-panel] Vaultwarden Login Panel - Detect (@righettod) [info]
[yunohost-admin-panel] YunoHost Admin Panel - Detect (@s4e-io) [info]
[javascript-env] JavaScript Environment Configuration - Detect (@pdp, @geeknik, @hetyh) [low]
[sonarqube-cloud-token] SonarQube Cloud Token Disclosure (@dhiyaneshdk) [high]
[crxde-lite] CRXDE Lite - Exposure (@Nadino) [low]
[symfony-rce] Symfony _fragment - Default Key RCE (@Yablargo) [critical]
[khoj-detect] Khoj - Detect (@s4e-io) [info]
[stirling-pdf-detect] Stirling PDF - Detect (@s4e-io) [info]
[tyk-gateway-detect] Tyk API Gateway - Detection (@davidfegyver) [info]
[codimd-unauth-file-upload] CodiMD - File Upload (@denandz, @PulseSecurity.co.nz) [medium]
[jolokia-acceslogvalve-rce] Jolokia write to RCE valve (@pathtaga) [critical]
[jolokia-createstandardhost-rce] Jolokia file write to RCE jfr (@laluka, @pathtaga) [critical]
[jolokia-tomcat-creds-leak] Jolokia <= 1.7.1 Information Leakage (@pathtaga) [critical]
[mamp-server-xss] MAMP Server - Cross-Site Scripting (@ritikchaddha) [medium]
[cloudlog-system-sqli] Cloudlog System - SQL Injection (@s4e-io) [high]
[cpas-managment-lfi] CPAS Management System - Arbitrary Fi23le Read (@s4e-io) [high]
[cpas-managment-sqli] CPAS Management System - SQL Injection (@s4e-io) [high]
[jeeplus-cms-resetpassword-sqli] JeePlus CMS - SQL Injection (@WingBy_fkalis) [high]
[xhibiter-nft-sqli] Xhibiter NFT Marketplace 1.10.2 - SQL Injection (@projectdiscoveryai) [high]
[lantronix-xport-unauth] Lantronix XPort 6.10.0.1 - Unauthenticated Access (@john Osborn (Summit Security Group, @LLC)) [high]

New Contributors

@seqre made their first contribution in #11414
@ItshMoh made their first contribution in #11269
@jackhax made their first contribution in #11421
@malwarework made their first contribution in #10338
@JasonnnW3000 made their first contribution in #11424
@WingBy-Fkalis made their first contribution in #11403
@SuperXiaoxiong made their first contribution in #11449
@hyni03 made their first contribution in #11451
@kayra-s4e made their first contribution in #11458
@newlinesec made their first contribution in #11460
@bobAKAbill made their first contribution in #10391
@amarsct made their first contribution in #11338
@JohnAsbjorn made their first contribution in #11471
@Mahmoud0x00 made their first contribution in #11508

Full Changelog: v10.1.1...v10.1.2

Contributors

james, john, and 35 other contributors

Assets 2

23 Dec 10:40

princechaddha

v10.1.1

0783b20

Alibaba Cloud Config Review - Nuclei Templates v10.1.1 🎉

🔥 Release Highlights 🔥

We’re excited to announce the expansion of the Nuclei Templates with new templates specifically for Alibaba Cloud Configurations. This release introduces a series of specialized security checks tailored for the comprehensive components of Alibaba Cloud services, including ECS instances, RDS databases, OSS buckets, and more. These new templates are crafted to pinpoint common misconfigurations, ensure compliance with regulatory standards, and maintain adherence to industry best practices, leveraging advanced features such as flow and code analysis.

The introduction of these Alibaba Cloud-specific templates empowers security teams to conduct thorough security audits of their Alibaba Cloud environments, uncovering crucial misconfigurations and vulnerabilities. Moreover, this release offers customizable checks that can be tailored to meet the unique operational demands of different teams, aiding in the prompt detection and remediation of security issues.

We encourage contributors and reviewers to provide their valuable feedback and suggestions to help enhance and evolve these Alibaba Cloud security templates further. For more details, please visit our latest blog post.

Other Highlights

[CVE-2024-55956] Cleo Harmony < 5.8.0.24 - File Upload Vulnerability (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-52875] Kerio Control v9.2.5 - CRLF Injection (@ritikchaddha, @iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-50623] Cleo Harmony < 5.8.0.21 - Arbitary File Read (@dhiyaneshdk) [high] 🔥
[CVE-2024-45309] OneDev.io < 11.0.9 - Arbitrary File Read (@isacaya) [high] 🔥
[CVE-2024-41713] Mitel MiCollab - Authentication Bypass (@dhiyaneshdk, @watchtowr) [high] 🔥
[CVE-2024-36404] GeoServer and GeoTools - Remote Code Execution (@ritikchaddha) [critical] 🔥
[CVE-2024-12209] WP Umbrella Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion (@s4e-io) [critical] 🔥
[CVE-2024-8856] WP Time Capsule Plugin - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2020-15906] TikiWiki GroupWare - Auth Bypass (@JeonSungHyun, @gy741, @oIfloraIo, @nechyo, @harksu) [critical] 🔥
[CVE-2020-13935] Apache Tomcat WebSocket Frame Payload Length Validation Denial of Service (@sttlr) [high] 🔥
[CVE-2017-1000353] Jenkins CLI - Java Deserialization (@hnd3884) [critical] 🔥

What's Changed

New Templates Added: `154` | CVEs Added: `31` | First-time contributions: `4`

[CVE-2024-55956] Cleo Harmony < 5.8.0.24 - File Upload Vulnerability (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-52875] Kerio Control v9.2.5 - CRLF Injection (@ritikchaddha, @iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-52433] My Geo Posts Free <= 1.2 - PHP Object Injection (@s4e-io) [critical]
[CVE-2024-50623] Cleo Harmony < 5.8.0.21 - Arbitary File Read (@dhiyaneshdk) [high] 🔥
[CVE-2024-48307] JeecgBoot v3.7.1 - SQL Injection (@lbb, @s4e-io) [critical]
[CVE-2024-45309] OneDev.io < 11.0.9 - Arbitrary File Read (@isacaya) [high] 🔥
[CVE-2024-45293] TablePress < 2.4.3 - XXE Injection (@iamnoooob, @ritikchaddha) [high]
[CVE-2024-41713] Mitel MiCollab - Authentication Bypass (@dhiyaneshdk, @watchtowr) [high] 🔥
[CVE-2024-39887] Apache Superset < 4.0.2 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [medium]
[CVE-2024-36404] GeoServer and GeoTools - Remote Code Execution (@ritikchaddha) [critical] 🔥
[CVE-2024-24116] Ruijie RG-NBS2009G-P - Improper Authentication (@friea) [critical]
[CVE-2024-12209] WP Umbrella Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion (@s4e-io) [critical] 🔥
[CVE-2024-11728] KiviCare Clinic & Patient Management System (EHR) <= 3.6.4 - SQL Injection (@samogod, @s4e-io) [high]
[CVE-2024-11305] Altenergy Power Control Software - SQL Injection (@s4e-io) [medium]
[CVE-2024-11303] Korenix JetPort 5601v3 - Path Traversal (@geeknik) [high]
[CVE-2024-10516] Swift Performance Lite < 2.3.7.2 - Local PHP File Inclusion (@ritikchaddha) [high]
[CVE-2024-10400] Tutor LMS <= 2.7.6 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-8859] Mlflow < 2.17.0 - Local File Inclusion (@gy741) [critical]
[CVE-2024-8856] WP Time Capsule Plugin - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2023-50094] reNgine 2.2.0 - Command Injection (@Zierax) [high]
[CVE-2023-46455] GL.iNet <= 4.3.7 - Arbitrary File Write (@Zierax) [high]
[CVE-2023-37599] Issabel PBX 4.0.0-6 - Directory Listing (@ritikchaddha) [high]
[CVE-2023-6697] WP Go Maps (formerly WP Google Maps) < 9.0.29 - Cross-Site Scripting (@iamnoooob, @ritikchaddha) [medium]
[CVE-2023-3990] Mingsoft MCMS < 5.3.1 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-1119] WP-Optimize WordPress plugin < 3.2.13 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2022-4375] Mingsoft MCMS - SQL Injection (@ritikchaddha) [critical]
[CVE-2022-2552] Duplicator < 1.4.7.1 - Information Disclosure (@iamnoooob, @ritikchaddha) [medium]
[CVE-2020-15906] Tiki Wiki CMS GroupWare - Authentication Bypass (@JeonSungHyun[nukunga], @gy741, @oIfloraIo, @nechyo, @harksu) [critical] 🔥
[CVE-2020-13935] Apache Tomcat WebSocket Frame Payload Length Validation Denial of Service (@sttlr) [high] 🔥
[CVE-2019-9912] WP Google Maps < 7.10.43 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2017-1000353] Jenkins CLI - Java Deserialization (@hnd3884) [critical] 🔥
[ack-cluster-api-public] Public Access to ACK Cluster's API Server - Enabled (@ritikchaddha) [high]
[ack-cluster-auditing-disable] Cluster Auditing with Simple Log Service - Disabled (@ritikchaddha) [low]
[ack-cluster-cloud-monitor-disable] Cloud Monitor for ACK Clusters - Disable (@ritikchaddha) [medium]
[ack-cluster-health-disable] ACK Clusters Check - Disable (@ritikchaddha) [medium]
[ack-cluster-network-policies-disable] Enforced Cluster Support for Network Policies - Disabled (@ritikchaddha) [medium]
[ack-cluster-network-policies-missing] Cluster Support for Network Policies - Missing (@ritikchaddha) [medium]
[kubernetes-dashboard-enabled] Kubernetes Dashboard for ACK Clusters - Enabled (@ritikchaddha) [medium]
[multi-region-logging-disabled] Global Service (Multi-Region) Logging - Disabled (@dhiyaneshdk) [high]
[public-actiontrail-bucket] ActionTrail Log Buckets - Publicly Exposed (@ritikchaddha) [high]
[alibaba-cloud-code-env] Alibaba Cloud Environment Validation (@dhiyaneshdk) [info]
[os-patches-outdated] OS Patches - Outdated (@dhiyaneshdk) [medium]
[unattached-disk-encryption-disabled] Encryption for Unattached Disks - Disabled (@dhiyaneshdk) [high]
[unattached-vminstance-encryption-disabled] Encryption for VM Instance Disks - Disabled (@dhiyaneshdk) [high]
[unrestricted-rdp-access] Unrestricted - RDP Access (@dhiyaneshdk) [high]
[unrestricted-ssh-access] Unrestricted - SSH Access (@dhiyaneshdk) [high]
[access-logoss-disabled] Access Logging for OSS Buckets - Disabled (@dhiyaneshdk) [medium]
[improper-bucket-sse] Improper Bucket Server-Side Encryption (@ritikchaddha) [medium]
[limit-networkaccess-disabled] Limit Network Access to Selected Networks - Disabled (@dhiyaneshdk) [medium]
[oos-bucket-public-access] OSS Bucket Public Accessible (@dhiyaneshdk) [high]
[secure-transfeross-disabled] Secure Transfer for OSS Buckets - Disabled (@dhiyaneshdk) [medium]
[sse-cmk-disabled] Server-Side Encryption with Customer Managed Key - Disabled (@ritikchaddha) [high]
[sse-smk-disabled] Server-Side Encryption with Service Managed Key - Disabled (@ritikchaddha) [high]
[custom-ram-policy-admin-priv] Custom RAM Policies With Full Administrative Privileges (@dhiyaneshdk) [high]
[max-password-retry-disabled] Maximum Password Retry Constraint Policy - Disabled (@dhiyaneshdk) [medium]
[mfa-console-password-disabled] MFA For RAM Users With Console Password - Disabled (@dhiyaneshdk) [medium]
[password-policy-expiration-unconfigured] RAM Password Policy Expiration - Unconfigured (@dhiyaneshdk) [medium]
[password-policy-length-unconfigured] RAM Password Policy requires Minimum Length 14 or Greater (@dhiyaneshdk) [medium]
[password-policy-lowercase-unconfigured] RAM Password Policy requires atleast One Lowercase - Unconfigured (@dhiyaneshdk) [medium]
[password-policy-num-unconfigured] RAM Password Policy requires atleast One Number - Unconfigured (@dhiyaneshdk) [medium]
[password-policy-reuse-enabled] RAM Password Policy Reuse - Enabled (@dhiyaneshdk) [medium]
[password-policy-symbol-unconfigured] RAM Password Policy requires atleast One Symbol - Unconfigured (@dhiyaneshdk) [medium]
[password-policy-uppercase-unconfigured] RAM Password Policy requires atleast One Uppercase - Unconfigured (@dhiyaneshdk) [medium]
[encryption-intransit-disabled] RDS Encryption in Transit - Disabled (@dhiyaneshdk) [high]
[log-connections-disabled] PostgreSQL "log_connections" Parameter - Disabled (@dhiyaneshdk) [medium]
[log-disconnections-disabled] PostgreSQL "log_disconnections" Parameter - Disabled (@dhiyaneshdk) [medium]
[log-duration-disabled] PostgreSQL "log_duration" Parameter - Disabled (@dhiyaneshdk) [medium]
[mssql-audit-disabled] Microsoft SQLServer Database Instances - SQL Auditing Disabled (@dhiyaneshdk) [high]
[mysql-audit-disabled] MySQL Database Instances - SQL Auditing Disabled (@dhiyaneshdk) [high]
[postgresql-audit-disabled] PostgreSQL Database Instances - SQL Auditing Disabled (@dhiyaneshdk) [high]
[rds-audit-disabled] RDS Database Instances - SQL Auditing Disabled (@dhiyaneshdk) [high]
[transparent-encryption-disabled] Transparent Data Encryption - Disabled (@dhiyaneshdk) [medium]
[scheduled-vulnscan-disabled] Scheduled Vulnerability Scan - Disabled (@dhiyaneshdk) [medium]
[security-notificati...

Contributors

geeknik, stealthcopter, and 29 other contributors

Assets 3

04 Dec 15:15

princechaddha

v10.1.0

f2a6d1c

Windows Security Hardening and Auditing - Nuclei Templates v10.1.0 🎉

🔥 Release Highlights 🔥

We're excited to announce the latest expansion of the Nuclei Templates with a new set of templates tailored for Windows Security Hardening and Auditing. This update introduces a comprehensive array of security checks specifically designed for Windows environments, covering crucial areas such as password policies, encryption settings, certificate validation, and remote access configurations. These templates are added to detect common misconfigurations, ensure compliance with regulatory standards, and uphold adherence to industry best practices.

The introduction of these Windows-specific templates equips security teams to conduct audits of their Windows configurations, uncovering critical vulnerabilities and misconfigurations that could lead to potential security breaches.

We encourage contributors and reviewers to provide their valuable feedback and suggestions to help further enhance and update these Windows security templates. For more details, please visit our latest blog post.

Other Highlights

[CVE-2024-51482] ZoneMinder v1.37.* <= 1.37.64 - SQL Injection (@ritikchaddha) [critical] 🔥
[CVE-2024-50498] WP Query Console <= 1.0 - Remote Code Execution (@s4e-io) [critical] 🔥
[CVE-2024-46938] Sitecore Experience Platform <= 10.4 - Arbitrary File Read (@dhiyaneshdk) [high] 🔥
[CVE-2024-42640] Angular-Base64-Upload - Remote Code Execution (@s4e-io) [critical] 🔥
[CVE-2024-38653] Ivanti Avalanche SmartDeviceServer - XML External Entity (@dhiyaneshdk) [high] 🔥
[CVE-2024-10924] Really Simple Security < 9.1.2 - Authentication Bypass (@yaser_s) [critical] 🔥
[CVE-2024-9474] PAN-OS Management - Command Injection (@watchtowr, @iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-0012] PAN-OS Management Web Interface - Authentication Bypass (@johnk3r, @watchtowr) [critical] 🔥
[CVE-2022-41800] F5 BIG-IP Appliance Mode - Command Injection (@dwisiswant0) [high] 🔥
[CVE-2016-8735] Apache Tomcat - Remote Code Execution via JMX Ports (@hnd3884) [critical] 🔥

What's Changed

New Templates Added: `110` | CVEs Added: `23` | First-time contributions: `5`

[CVE-2024-51482] ZoneMinder v1.37.* <= 1.37.64 - SQL Injection (@ritikchaddha) [critical] 🔥
[CVE-2024-50498] WP Query Console <= 1.0 - Remote Code Execution (@s4e-io) [critical] 🔥
[CVE-2024-46938] Sitecore Experience Platform <= 10.4 - Arbitrary File Read (@dhiyaneshdk) [high] 🔥
[CVE-2024-43919] YARPP <= 5.30.10 - Missing Authorization (@s4e-io) [critical]
[CVE-2024-42640] Angular-Base64-Upload - Remote Code Execution (@s4e-io) [critical] 🔥
[CVE-2024-38653] Ivanti Avalanche SmartDeviceServer - XML External Entity (@dhiyaneshdk) [high] 🔥
[CVE-2024-10924] Really Simple Security < 9.1.2 - Authentication Bypass (@yaser_s) [critical] 🔥
[CVE-2024-9935] PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Arbitrary File Download (@s4e-io) [high]
[CVE-2024-9474] PAN-OS Management Web Interface - Command Injection (@watchtowr, @iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-9186] Automation By Autonami < 3.3.0 - SQL Injection (@s4e-io) [high]
[CVE-2024-3848] Mlflow < 2.11.0 - Path Traversal (@gy741) [high]
[CVE-2024-1483] Mlflow < 2.9.2 - Path Traversal (@gy741) [high]
[CVE-2024-0012] PAN-OS Management Web Interface - Authentication Bypass (@johnk3r, @watchtowr) [critical] 🔥
[CVE-2022-48166] Wavlink WL-WN530HG4 M30HG4.V5030.201217 - Information Disclosure (@ritikchaddha) [high]
[CVE-2022-48164] Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure (@ritikchaddha) [high]
[CVE-2022-44356] WAVLINK Quantum D4G (WL-WN531G3) - Information Disclosure (@ritikchaddha) [high]
[CVE-2022-41800] F5 BIG-IP Appliance Mode - Command Injection (@dwisiswant0) [high] 🔥
[CVE-2022-24819] XWiki < 12.10.11, 13.4.4 & 13.9-rc-1 - Information Disclosure (@ritikchaddha) [medium]
[CVE-2022-2130] Microweber < 1.2.17 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2022-0250] Redirection for Contact Form 7 < 2.5.0 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2021-34630] GTranslate < 2.8.65 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2020-24881] OsTicket < 1.14.3 - Server Side Request Forgery (@hnd3884) [critical]
[CVE-2016-8735] Apache Tomcat - Remote Code Execution via JMX Ports (@hnd3884) [critical] 🔥
[k8s-missing-network-policies] Check for Missing Network Policies in Kubernetes (@princechaddha) [medium]
[allow-unencrypted-ftp] Allow Unencrypted FTP (@princechaddha) [high]
[allow-untrusted-certificates] System Allows Untrusted Certificates (@princechaddha) [medium]
[anonymous-sam-enumeration-enabled] Anonymous Enumeration of SAM Accounts Enabled (@princechaddha) [high]
[anonymous-sid-enumeration-enabled] Anonymous SID Enumeration Enabled (@princechaddha) [medium]
[audit-logging-disabled] Audit Logging Disabled (@princechaddha) [high]
[audit-logs-not-archived] Audit Logs Not Archived When Full (@princechaddha) [high]
[auto-logon-enabled] AutoLogon Enabled (@princechaddha) [medium]
[automatic-windows-updates-disabled] Automatic Windows Updates Disabled (@princechaddha) [medium]
[autoplay-removable-media-enabled] AutoPlay Enabled for Removable Media (@princechaddha) [medium]
[autorun-scripts-startup-folder] Autorun Scripts in Startup Folder (@princechaddha) [medium]
[credential-guard-disabled] Credential Guard Not Enabled (@princechaddha) [high]
[device-guard-not-configured] Device Guard Not Configured (@princechaddha) [high]
[display-last-username-enabled] Do Not Display Last User Name Disabled (@princechaddha) [medium]
[download-unsigned-activex-allowed] Download of Unsigned ActiveX Controls Allowed (@princechaddha) [high]
[ftp-service-running] FTP Service Running (@princechaddha) [high]
[guest-account-enabled] Guest Account Enabled (@princechaddha) [high]
[hyperv-enhanced-session-mode-enabled] Hyper-V Enhanced Session Mode Enabled (@princechaddha) [medium]
[insecure-cipher-suites-enabled] Insecure Cipher Suites Enabled (@princechaddha) [high]
[llmnr-disabled] LLMNR Disabled (@princechaddha) [medium]
[lm-hash-storage-enabled] LM Hash Storage Enabled (@princechaddha) [high]
[lm-ntlmv1-authentication-enabled] LM and NTLMv1 Authentication Enabled (@princechaddha) [high]
[max-password-age-too-high] Maximum Password Age Set Too High or Unlimited (@princechaddha) [medium]
[minimum-password-age-zero] Minimum Password Age Set to Zero (@princechaddha) [medium]
[netbios-disabled] NetBIOS Disabled (@princechaddha) [medium]
[network-discovery-public-disabled] Network Discovery Disabled on Public Networks (@princechaddha) [medium]
[null-session-allowed] Null Session Allowed (@princechaddha) [high]
[password-complexity-disabled] Password Complexity Requirements Disabled (@princechaddha) [high]
[password-history-size-low] Password History Size Too Low (@princechaddha) [medium]
[password-reset-lock-screen-enabled] Password Reset from Lock Screen Enabled (@princechaddha) [medium]
[plaintext-passwords-in-memory] Plaintext Passwords Stored in Memory (@princechaddha) [high]
[rdp-connections-without-password-allowed] Remote Desktop Connections Allowed Without Password (@princechaddha) [high]
[rdp-drive-redirection-allowed] Remote Desktop Users Can Redirect Drives (@princechaddha) [medium]
[rdp-nla-disabled] Network Level Authentication for RDP Disabled (@princechaddha) [high]
[remote-assistance-enabled] Check Remote Assistance Misconfiguration (@princechaddha) [medium]
[remote-desktop-enabled-non-server] Remote Desktop Enabled on Non-Server OS (@princechaddha) [high]
[restrict-anonymous-access-disabled] Restrict Anonymous Access Disabled (@princechaddha) [high]
[reversible-encryption-passwords-enabled] Store Passwords Using Reversible Encryption Enabled (@princechaddha) [critical]
[safe-dll-search-mode-disabled] Safe DLL Search Mode Disabled (@princechaddha) [high]
[secure-boot-disabled] Secure Boot Not Enabled (@princechaddha) [high]
[shutdown-without-logon-allowed] System Allows Shutdown Without Logging On (@princechaddha) [medium]
[smb-allow-unencrypted-passwords] Unencrypted Passwords to SMB Servers Allowed (@princechaddha) [high]
[smb-signing-not-required] SMB Signing Not Required (@princechaddha) [high]
[smb-v1-enabled] SMB v1 Protocol Enabled (@princechaddha) [critical]
[sticky-keys-enabled-login] Sticky Keys Enabled at Login Screen (@princechaddha) [high]
[telnet-service-misconfiguration] Check for Misconfigured Telnet Service (@princechaddha) [high]
[uac-elevate-without-prompt] UAC Elevate Without Prompting Enabled (@princechaddha) [high]
[unencrypted-file-sharing-enabled] Unencrypted File Sharing Enabled (@princechaddha) [medium]
[unsigned-kernel-mode-drivers-allowed] Installation of Unsigned Kernel-Mode Drivers Allowed (@princechaddha) [high]
[usb-storage-not-restricted] USB Storage Devices Not Restricted (@princechaddha) [medium]
[weak-ssl-tls-protocols-enabled] Weak SSL/TLS Protocols Enabled (@princechaddha) [critical]
[windows-active-desktop-enabled] Active Desktop Enabled (@princechaddha) [medium]
[windows-administrative-shares-enabled] Administrative Shares Enabled (@princechaddha) [high]
[windows-administrator-blank-password] Built-in Administrator Account Has Blank Password (@princechaddha) [high]
[windows-anonymous-sid-enumeration-allowed] Windows Allows Anonymous SID Enumeration (@princechaddha) [medium]
[windows-autorun-enabled] AutoRun Enabled (@princechaddha) [medium]
[windows-credential-manager-plaintext-passwords-allowed] Credential Manager Allows Storing of Plain Text Passwords (@princechaddha) [high]
[windows-defender-realtime-protection-disabled] Windows Defender Real-Time Protection Disabled (@princechaddha) [high]
[windows-dep-disabled] Dat...

Contributors

ricardomaia, righettod, and 19 other contributors

Assets 3

18 Nov 06:26

princechaddha

v10.0.4

e10543a

v10.0.4

What's Changed

🔥 Release Highlights 🔥

[CVE-2024-50340] Symfony Profiler - Remote Access via Injected Arguments (@dhiyaneshdk) [high] 🔥
[CVE-2024-35219] OpenAPI Generator <= 7.5.0 - Arbitrary File Read/Delete (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-10914] D-Link NAS - Command Injection via Name Parameter (@s4e-io) [critical] 🔥
[CVE-2024-9487] GitHub Enterprise - SAML Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-8963] Ivanti Cloud Services Appliance - Path Traversal (@johnk3r) [critical] 🔥
[CVE-2024-6049] Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal (@s4e-io) [high] 🔥
[CVE-2019-0192] Apache Solr - Deserialization of Untrusted Data (@hnd3884) [critical] 🔥

Bug Fixes

Merging Duplicate - CVE-2024-7928 & fastadmin-lfi (Issue #11135).

False Negatives

No updates

False Positives

False Positive Detection for Cloudflare in CSP (Issues #11138, #11139).
CVE-2018-11784 FP (Issue #10495).
False Positive … CVE-2023-46805 (Issue #11170).
Fix FP CVE-2023-46805.yaml (Issue #11198).
Fixfp phpwind-installer (Issue #11168).
Fix: fp CVE-2023-43373.yaml (Issue #11130).
Removing one case of FPs http/fuzzing/xff-403-bypass.yaml (Issue #10998).
Fix fp http/misconfiguration/proxy/metadata-alibaba.yaml (Issue #10976).

Enhancements

Refactor the “Thruk Panel” template (Issue #11206).
Rename spring4shell-CVE-2022-22965.yaml to CVE-2022-22965.yaml for consistency (Issue #11204).
Update linux-lfi-fuzz.yaml (Issue #11169).
Update CVE-2022-0968.yaml (Issue #11150).

Template Updates

New Templates Added: `74` | CVEs Added: `26` | First-time contributions: `7`

[CVE-2024-51483] Changedetection.io <= 0.47.4 - Path Traversal (@iamnoooob, @rootxharsh, @pdresearch) [medium]
[CVE-2024-50340] Symfony Profiler - Remote Access via Injected Arguments (@dhiyaneshdk) [high] 🔥
[CVE-2024-48360] Qualitor <= v8.24 - Server-Side Request Forgery (@s4e-io) [high]
[CVE-2024-36117] Reposilite >= 3.3.0, < 3.5.12 - Arbitrary File Read (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-35219] OpenAPI Generator <= 7.5.0 - Arbitrary File Read/Delete (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-10915] D-Link NAS - Command Injection via Group Parameter (@s4e-io) [critical]
[CVE-2024-10914] D-Link NAS - Command Injection via Name Parameter (@s4e-io) [critical] 🔥
[CVE-2024-10081] CodeChecker <= 6.24.1 - Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2024-9487] GitHub Enterprise - SAML Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-8963] Ivanti Cloud Services Appliance - Path Traversal (@johnk3r) [critical] 🔥
[CVE-2024-8673] Z-Downloads < 1.11.7 - Cross-Site Scripting (@Splint3r7) [low]
[CVE-2024-6420] Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure (@JPG0mez) [high]
[CVE-2024-6049] Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal (@s4e-io) [high] 🔥
[CVE-2024-4841] LoLLMS WebUI - Subfolder Prediction via Path Traversal (@s4e-io) [medium]
[CVE-2023-49494] DedeCMS v5.7.111 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2022-31260] ResourceSpace - Metadata Export (@ritikchaddha) [medium]
[CVE-2022-28033] Atom.CMS 2.0 - SQL Injection (@ritikchaddha) [critical]
[CVE-2022-0479] Popup Builder Plugin - SQL Injection and Cross-Site Scripting (@ritikchaddha) [critical]
[CVE-2021-44260] WAVLINK AC1200 - Information Disclosure (@ritikchaddha) [high]
[CVE-2021-24934] Visual CSS Style Editor < 7.5.4 - Cross-Site Scripting (@Splint3r7) [medium]
[CVE-2019-1003000] Jenkins Script Security Plugin <=1.49 - Sandbox Bypass (@sttlr) [high]
[CVE-2019-0192] Apache Solr - Deserialization of Untrusted Data (@hnd3884) [critical] 🔥
[CVE-2018-10383] Lantronix SecureLinx Spider (SLS) 2.2+ - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2017-18590] Timesheet Plugin < 0.1.5 - Cross-Site Scripting (@Spling3r7) [medium]
[CVE-2016-10976] Safe Editor Plugin < 1.2 - CSS/JS-injection (@Splint3r7) [medium]
[CVE-2014-0160] OpenSSL Heartbleed Vulnerability (@pussycat0x) [high]
[stack-notification-disabled] CloudFormation Stack Notification - Disabled (@dhiyaneshdk) [medium]
[stack-policy-not-inuse] CloudFormation Stack Policy - Not In Use (@dhiyaneshdk) [medium]
[stack-termination-disabled] CloudFormation Termination Protection - Disabled (@dhiyaneshdk) [medium]
[cloudfront-compress-object] CloudFront Compress Objects Automatically (@dhiyaneshdk) [low]
[cloudfront-custom-certificates] Cloudfront Custom SSL/TLS Certificates - In Use (@dhiyaneshdk) [medium]
[cloudfront-geo-restriction] CloudFront Geo Restriction - Not Enabled (@dhiyaneshdk) [info]
[cloudfront-insecure-protocol] CloudFront Insecure Origin SSL Protocols (@dhiyaneshdk) [medium]
[cloudfront-integrated-waf] CloudFront Integrated With WAF (@dhiyaneshdk) [medium]
[cloudfront-logging-disabled] Cloudfront Logging Disabled (@dhiyaneshdk) [medium]
[cloudfront-origin-shield] CloudFront Origin Shield - Not Enabled (@dhiyaneshdk) [info]
[cloudfront-security-policy] CloudFront Security Policy (@dhiyaneshdk) [medium]
[cloudfront-traffic-unencrypted] CloudFront Traffic To Origin Unencrypted (@dhiyaneshdk) [medium]
[cloudfront-viewer-policy] CloudFront Viewer Protocol Policy (@dhiyaneshdk) [medium]
[secret-manager-not-inuse] Secrets Manager Not In Use (@dhiyaneshdk) [info]
[secret-rotation-interval] Secret Rotation Interval (@dhiyaneshdk) [medium]
[secrets-rotation-disabled] Secret Rotation Disabled (@dhiyaneshdk) [medium]
[aspnet-framework-exceptions] ASP.NET Framework Exceptions (@aayush Dhakal) [info]
[nodejs-framework-exceptions] Node.js Framework Exceptions (@aayush Dhakal) [info]
[bigant-default-login] BigAnt - Default Password (@ritikchaddha) [critical]
[minio-object-default-login] MinIO Console Object Store - Default Login (@johnk3r) [high]
[actifio-panel] Actifio Resource Center - Panel (@Splint3r7) [info]
[adapt-panel] Adapt Authoring Tool - Panel (@Splint3r7) [info]
[aethra-panel] Aethra Telecommunications Login - Panel (@Splint3r7) [info]
[akuiteo-panel] Akuiteo Login Panel - Detect (@righettod) [info]
[alamos-panel] Alamos GmbH Panel - Detect (@Splint3r7) [info]
[alfresco-panel] Alfresco Content App Panel - Detect (@Splint3r7) [info]
[alternc-panel] AlternC Desktop Panel - Detect (@Splint3r7) [info]
[anmelden-panel] Anmelden | OPNsense Panel - Detect (@Splint3r7) [info]
[cyberpanel-panel] Cyberpanel Login Panel - Detect (@mailler) [info]
[deepmail-panel] Advanced eMail Solution DEEPMail - Panel (@Splint3r7) [info]
[ghe-encrypt-saml] GitHub Enterprise - Encrypted SAML (@rootxharsh, @iamnoooob, @pdresearch) [info]
[hyperplanning-panel] HYPERPLANNING Login Panel - Detect (@righettod) [info]
[nexpose-panel] Rapid7 Nexpose VM Security Console - Detect (@johnk3r) [info]
[panos-management-panel] PAN-OS Management Panel - Detect (@bhutch) [info]
[pronote-panel] PRONOTE Login Panel - Detect (@righettod) [info]
[quest-panel] Quest Modem Configuration Login - Panel (@Splint3r7) [info]
[quivr-panel] Quivr Panel - Detect (@s4e-io) [info]
[thruk-panel] Thruk Login Panel - Detect (@ffffffff0x, @righettod) [info]
[ip-webcam] IP Webcam Viewer Page - Detect (@gy741) [low]
[azure-blob-core-detect] Azure Blob Core Service - Detect (@projectdiscoveryai) [info]
[atlantis-dashboard] Atlantis Dashboard - Exposure (@dhiyaneshdk) [medium]
[pgwatch2-db-exposure] Pgwatch2 DBs to monitor - Exposure (@dhiyaneshdk) [high]
[amazon-ecs-defualt-page] Amazon ECS Sample App Default Page - Detect (@Splint3r7) [info]
[hubble-detect] Hubble - Detect (@righettod) [info]
[localai-detect] LocalAI - Detect (@s4e-io) [info]
[pghero-detect] PgHero - Detect (@righettod) [info]
[flexmls-idx-detect] Flexmls IDX - Detect (@rxerium, @sorrowx3) [info]
[lottie-backdoor] Lottie Player - Backdoor (@nagli-wiz) [critical]

New Contributors

@AV-IO made their first contribution in #11132
@aayush2561 made their first contribution in #11104
@hnd3884 made their first contribution in #11127
@s4hm4d made their first contribution in #11149
@00xSayDoo made their first contribution in #11139
@andymcao made their first contribution in #11169
@cxbt made their first contribution in #11204

Full Changelog: v10.0.3...v10.0.4

Contributors

aayush, righettod, and 23 other contributors

Assets 3

01 Nov 13:55

princechaddha

v10.0.3

28cf30d

v10.0.3

What's Changed

🔥 Release Highlights 🔥

[CVE-2024-48914] Vendure - Arbitrary File Read (@s4e-io) [critical] 🔥
[CVE-2024-45216] Apache Solr - Authentication Bypass (@gumgum) [critical] 🔥
[CVE-2024-44349] AnteeoWMS < v4.7.34 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-43360] ZoneMinder - SQL Injection (@s4e-io) [critical] 🔥
[CVE-2024-40711] Veeam Backup & Replication - Unauth (@rootxharsh, @iamnoooob, @dhiyaneshdk) [critical] 🔥
[CVE-2024-39713] Rocket.Chat - Server-Side Request Forgery (SSRF) (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-32735] CyberPower - Missing Authentication (@dhiyaneshdk) [critical] 🔥
[CVE-2024-9593] Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Remote Code Execution (@s4e-io) [high] 🔥
[CVE-2024-9234] GutenKit <= 2.1.0 - Arbitrary File Upload (@s4e-io) [critical] 🔥
[CVE-2024-3656] Keycloak < 24.0.5 - Broken Access Control (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-2961] PHP - LFR to RCE (@kim Dongyoung (Kairos-hk), @bolkv, @n0ming, @RoughBoy0723) [high]
[CVE-2023-43373] Hoteldruid v3.0.5 - SQL Injection (@ritikchaddha) [critical] 🔥
[CVE-2016-9299] Jenkins CLI - HTTP Java Deserialization (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[cyberpanel-rce] CyberPanel v2.3.6 Pre-Auth RCE (@dhiyaneshdk) [critical] 🔥

Bug Fixes

Resolved issue with time-based SQL injection flow (Issue #11029).
Corrected detection for CVE-2016-9299 (Issue #11121).
Fixed false positive for appspec-yml-disclosure.yaml template (Issue #11112).
Refactored "Django Admin Panel" template (Issue #11044).
Improved prototype pollution checks to prevent insecure sanitization bypass (Issue #10589).

False Negatives

Corrected false negative in CVE-2024-34982 detection (Issue #11111).
Fixed false negative in CVE-2023-39650 (Issue #11043).
Addressed false negative for iam-user-password-change detection (Issue #11027).

False Positives

Reduced false positives in weaver-checkserver-sqli template (Issue #11123).

Enhancements

Added templates for AWS services: EFS, Inspector2, GuardDuty, Firehose, DMS, EBS, ElastiCache, Route53, and RDS.
Introduced time-based tags for improved classification (Issue #11006).

Template Updates

New Templates Added: `116` | CVEs Added: `52` | First-time contributions: `7`

[CVE-2024-49757] Zitadel - User Registration Bypass (@sujal Tuladhar) [high]
[CVE-2024-48914] Vendure - Arbitrary File Read (@s4e-io) [critical] 🔥
[CVE-2024-46310] FXServer < v9601 - Information Exposure (@s4e-io) [medium]
[CVE-2024-45488] SafeGuard for Privileged Passwords < 7.5.2 - Auth Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2024-45216] Apache Solr - Authentication Bypass (@gumgum) [critical] 🔥
[CVE-2024-44349] AnteeoWMS < v4.7.34 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-43360] ZoneMinder - SQL Injection (@s4e-io) [critical] 🔥
[CVE-2024-40711] Veeam Backup & Replication - Unauth (@rootxharsh, @iamnoooob, @dhiyaneshdk) [critical] 🔥
[CVE-2024-39713] Rocket.Chat - Server-Side Request Forgery (SSRF) (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-35584] openSIS < 9.1 - SQL Injection (@s4e-io) [high]
[CVE-2024-32739] CyberPower < v2.8.3 - SQL Injection (@dhiyaneshdk) [high]
[CVE-2024-32738] CyberPower - SQL Injection (@dhiyaneshdk) [high]
[CVE-2024-32737] CyberPower - SQL Injection (@dhiyaneshdk) [high]
[CVE-2024-32736] CyberPower < v2.8.3 - SQL Injection (@dhiyaneshdk) [high]
[CVE-2024-32735] CyberPower - Missing Authentication (@dhiyaneshdk) [critical] 🔥
[CVE-2024-22476] Intel Neural Compressor <2.5.0 - SQL Injection (@ritikchaddha) [critical]
[CVE-2024-9796] WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection (@s4e-io) [critical]
[CVE-2024-9617] Danswer - Insecure Direct Object Reference (@s4e-io) [medium]
[CVE-2024-9593] Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Remote Code Execution (@s4e-io) [high] 🔥
[CVE-2024-9234] GutenKit <= 2.1.0 - Arbitrary File Upload (@s4e-io) [critical] 🔥
[CVE-2024-9061] WP Popup Builder Popup Forms <= 1.3.5 - Arbitrary Shortcode Execution (@s4e-io) [high]
[CVE-2024-8698] Keycloak - SAML Core Package Signature Validation Flaw (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-5910] Palo Alto Expedition - Admin Account Takeover (@johnk3r) [critical]
[CVE-2024-4439] WordPress Core <6.5.2 - Cross-Site Scripting (@nqdung2002) [high]
[CVE-2024-3656] Keycloak < 24.0.5 - Broken Access Control (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-2961] PHP - LFR to RCE (@kim Dongyoung (Kairos-hk), @bolkv, @n0ming, @RoughBoy0723) [high]
[CVE-2023-43373] Hoteldruid v3.0.5 - SQL Injection (@ritikchaddha) [critical] 🔥
[CVE-2023-40931] Nagios XI v5.11.0 - SQL Injection (@ritikchaddha) [medium]
[CVE-2023-40755] PHPJabbers Callback Widget v1.0 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-40753] PHPJabbers Ticket Support Script v3.2 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-40752] PHPJabbers Make an Offer Widget v1.0 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-40751] PHPJabbers Fundraising Script v1.0 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-40750] PHPJabbers Yacht Listing Script v1.0 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-40749] PHPJabbers Food Delivery Script v3.0 - SQL Injection (@ritikchaddha) [critical]
[CVE-2023-40748] PHPJabbers Food Delivery Script - SQL Injection (@ritikchaddha) [critical]
[CVE-2023-39560] ECTouch v2 - SQL Injection (@s4e-io) [critical]
[CVE-2023-38040] Revive Adserver 5.4.1 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-5561] WordPress Core - Post Author Email Disclosure (@nqdung2002) [medium]
[CVE-2023-5558] LearnPress < 4.2.5.5 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-2745] WordPress Core <=6.2 - Directory Traversal (@nqdung2002) [medium]
[CVE-2023-1318] osTicket < v1.16.6 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-1317] osTicket < v1.16.6 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-1315] osTicket < v1.16.6 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2021-45811] osTicket 1.15.x - SQL Injection (@ritikchaddha) [medium]
[CVE-2021-38156] Nagios XI < 5.8.6 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2019-8943] WordPress Core 5.0.0 - Crop-image Shell Upload (@sttlr) [medium]
[CVE-2018-7196] osTicket < 1.10.2 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2018-7193] osTicket < 1.10.2 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2018-7192] osTicket < 1.10.2 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2017-5868] OpenVPN Access Server 2.1.4 - CRLF Injection (@ritikchaddha) [medium]
[CVE-2016-9299] Jenkins CLI - HTTP Java Deserialization (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2015-8562] Joomla HTTP Header Unauth - RCE (@kairos-hk, @bolkv, @n0ming, @RoughBoy0723) [high]
[dms-multi-az] DMS Multi-AZ Not Enabled (@dhiyaneshdk) [medium]
[dms-public-access] Publicly Accessible DMS Replication Instances (@dhiyaneshdk) [medium]
[dms-version-upgrade] DMS Auto Minor Version Upgrade (@dhiyaneshdk) [medium]
[ebs-encryption-disabled] EBS Encryption - Disabled (@dhiyaneshdk) [high]
[efs-encryption-disabled] EFS Encryption - Disabled (@dhiyaneshdk) [medium]
[cache-automatic-backups-disabled] ElastiCache Automatic Backups - Disabled (@dhiyaneshdk) [medium]
[cache-event-notification-disabled] ElastiCache Event Notifications - Disabled (@dhiyaneshdk) [medium]
[cache-redis-encryption-disabled] ElastiCache Redis In-Transit and At-Rest Encryption - Disabled (@dhiyaneshdk) [high]
[cache-redis-multiaz-disabled] ElastiCache Redis Multi-AZ - Disabled (@dhiyaneshdk) [medium]
[firehose-server-destination-encryption] Firehose Delivery Stream Destination Encryption - Disabled (@dhiyaneshdk) [medium]
[firehose-server-side-encryption] Firehose Delivery Stream Server-Side Encryption - Disabled (@dhiyaneshdk) [high]
[guardduty-findings] Open GuardDuty Findings (@dhiyaneshdk) [medium]
[guardduty-not-enabled] GuardDuty Not Enabled (@dhiyaneshdk) [info]
[malware-protection-disabled] GuardDuty Malware Protection - Disabled (@dhiyaneshdk) [info]
[s3-protection-disabled] GuardDuty S3 Protection - Disabled (@dhiyaneshdk) [medium]
[inspector2-disabled] Amazon Inspector 2 - Disabled (@dhiyaneshdk) [info]
[rds-auto-minor-upgrade-disabled] RDS Auto Minor Version Upgrade - Disabled (@dhiyaneshdk) [medium]
[rds-automated-backup-disabled] RDS Automated Backups - Disabled (@dhiyaneshdk) [high]
[rds-backtrack-disabled] AWS RDS Backtrack - Disabled (@dhiyaneshdk) [low]
[rds-cluster-protection-disabled] RDS Cluster Deletion Protection - Disabled (@dhiyaneshdk) [medium]
[rds-copy-snap] RDS Copy Tags to Snapshots - Disabled (@dhiyaneshdk) [low]
[rds-insights-disabled] RDS Performance Insights - Disabled (@dhiyaneshdk) [low]
[rds-instance-autoscaling-disabled] RDS Instance Storage AutoScaling - Disabled (@dhiyaneshdk) [medium]
[rds-log-export-disabled] RDS Log Exports - Disabled (@dhiyaneshdk) [low]
[rds-multi-az] RDS Multi-AZ - Disabled (@dhiyaneshdk) [medium]
[rds-public-access] RDS Publicly Accessible - Enabled (@dhiyaneshdk) [high]
[route53-dns-query-disabled] DNS Query Logging for Route 53 Hosted Zones - Disabled (@dhiyaneshdk) [medium]
[route53-dnssec-signing-disabled] DNSSEC Signing for Route 53 Hosted Zones - Disabled (@dhiyaneshdk) [medium]
[CNVD-2024-38747] Zhejiang Dahua Smart Cloud Gateway Registration Platform - SQL Injection (@s4e-io) [high]
[doris-default-login] Apache Doris - Default Login (@icarot) [high]
[sato-default-login] Sato - Default Login (@y0no) [high]
[zebra-default-login] Zebra - Default Login (@y0no) [high]
[...

Contributors

gumgum, kim, and 25 other contributors

Assets 3

Releases: projectdiscovery/nuclei-templates

GCP Cloud Configuration Templates - Nuclei Templates v10.2.0 🎉

🔥 Release Highlights 🔥

Other Highlights

What's Changed

New Templates Added: 268 | CVEs Added: 11 | First-time contributions: 4

Contributors

Uh oh!

v10.1.7

What's Changed

🔥 Release Highlights 🔥

False Negatives

False Positives

Enhancements

Bug Fixes

Template Updates

New Templates Added: 64 | CVEs Added: 28 | First-time contributions: 6

New Contributors

Contributors

Uh oh!

v10.1.6

What's Changed

🔥 Release Highlights 🔥

False Negatives

False Positives

Enhancements

Bug Fixes

Template Updates

New Templates Added: 78 | CVEs Added: 45 | First-time contributions: 8

New Contributors

Contributors

Uh oh!

CSP Bypass Templates - Nuclei Templates v10.1.5 🎉

🔥 Release Highlights 🔥

Other Highlights

What's Changed

New Templates Added: 281 | CVEs Added: 23 | First-time contributions: 4

Contributors

Uh oh!

v10.1.3

What's Changed

🔥 Release Highlights 🔥

False Negatives

False Positives

Enhancements

Bug Fixes

Template Updates

New Templates Added: 52 | CVEs Added: 25 | First-time contributions: 11

New Contributors

Contributors

Uh oh!

v10.1.2

What's Changed

🔥 Release Highlights 🔥

Bug Fixes

False Negatives

False Positives

Enhancements

Template Updates

New Templates Added: 52 | CVEs Added: 23 | First-time contributions: 14

New Contributors

Contributors

Uh oh!

Alibaba Cloud Config Review - Nuclei Templates v10.1.1 🎉

🔥 Release Highlights 🔥

Other Highlights

What's Changed

New Templates Added: 154 | CVEs Added: 31 | First-time contributions: 4

Contributors

Uh oh!

Windows Security Hardening and Auditing - Nuclei Templates v10.1.0 🎉

🔥 Release Highlights 🔥

Other Highlights

What's Changed

New Templates Added: 110 | CVEs Added: 23 | First-time contributions: 5

Contributors

Uh oh!

v10.0.4

What's Changed

🔥 Release Highlights 🔥

New Templates Added: `268` | CVEs Added: `11` | First-time contributions: `4`

New Templates Added: `64` | CVEs Added: `28` | First-time contributions: `6`

New Templates Added: `78` | CVEs Added: `45` | First-time contributions: `8`

New Templates Added: `281` | CVEs Added: `23` | First-time contributions: `4`

New Templates Added: `52` | CVEs Added: `25` | First-time contributions: `11`

New Templates Added: `52` | CVEs Added: `23` | First-time contributions: `14`

New Templates Added: `154` | CVEs Added: `31` | First-time contributions: `4`

New Templates Added: `110` | CVEs Added: `23` | First-time contributions: `5`

New Templates Added: `74` | CVEs Added: `26` | First-time contributions: `7`

New Templates Added: `116` | CVEs Added: `52` | First-time contributions: `7`