Nuclei Templates Versions Save

Community curated list of templates for the nuclei engine to find security vulnerabilities.

v9.7.2

4 months ago

πŸ”₯ Release Highlights πŸ”₯

  • javascript/cves/2023/CVE-2023-46604.yaml by @Ice3man,@Mzack9999,@pdresearch πŸ”₯
  • code/cves/2023/CVE-2023-49105.yaml by @ChristianPoeschl,@FlorianDewald,@usdAG πŸ”₯
  • http/cves/2021/CVE-2021-29200.yaml by @your3cho πŸ”₯
  • http/cves/2023/CVE-2023-26035.yaml by @Unblvr1,@whotwagner πŸ”₯
  • http/cves/2023/CVE-2023-3368.yaml by @dwisiswant0 πŸ”₯
  • http/cves/2023/CVE-2023-41265.yaml by @AdamCrosser πŸ”₯
  • http/cves/2023/CVE-2023-43177.yaml by @iamnoooob,@rootxharsh,@pdresearch πŸ”₯
  • http/cves/2023/CVE-2023-49070.yaml by @your3cho πŸ”₯
  • http/cves/2023/CVE-2023-6553.yaml by @FLX πŸ”₯

What's Changed

New Templates Added: 61 | CVEs Added: 25 | First-time contributions: 8

  • javascript/cves/2023/CVE-2023-46604.yaml by @Ice3man,@Mzack9999,@pdresearch πŸ”₯
  • code/cves/2023/CVE-2023-49105.yaml by @ChristianPoeschl,@FlorianDewald,@usdAG πŸ”₯
  • headless/cves/2018/CVE-2018-25031.yaml by @DhiyaneshDK
  • http/cves/2018/CVE-2018-8823.yaml by @MaStErChO
  • http/cves/2021/CVE-2021-29200.yaml by @your3cho πŸ”₯
  • http/cves/2021/CVE-2021-44910.yaml by @lbb
  • http/cves/2022/CVE-2022-0087.yaml by @ShivanshKhari
  • http/cves/2023/CVE-2023-22232.yaml by @1337kro
  • http/cves/2023/CVE-2023-26035.yaml by @Unblvr1,@whotwagner πŸ”₯
  • http/cves/2023/CVE-2023-30534.yaml by @k0pak4
  • http/cves/2023/CVE-2023-3368.yaml by @dwisiswant0 πŸ”₯
  • http/cves/2023/CVE-2023-36144.yaml by @gy741
  • http/cves/2023/CVE-2023-39002.yaml by @Herry
  • http/cves/2023/CVE-2023-41265.yaml by @AdamCrosser πŸ”₯
  • http/cves/2023/CVE-2023-41266.yaml by @AdamCrosser πŸ”₯
  • http/cves/2023/CVE-2023-43177.yaml by @iamnoooob,@rootxharsh,@pdresearch πŸ”₯
  • http/cves/2023/CVE-2023-46359.yaml by @mlec
  • http/cves/2023/CVE-2023-49070.yaml by @your3cho πŸ”₯
  • http/cves/2023/CVE-2023-5556.yaml by @shankaracharya
  • http/cves/2023/CVE-2023-6018.yaml by @byt3bl33d3r
  • http/cves/2023/CVE-2023-6020.yaml by @byt3bl33d3r
  • http/cves/2023/CVE-2023-6021.yaml by @byt3bl33d3r
  • http/cves/2023/CVE-2023-6038.yaml by @danmcinerney,@byt3bl33d3r
  • http/cves/2023/CVE-2023-6380.yaml by @MiguelSegoviaGil
  • http/cves/2023/CVE-2023-6553.yaml by @FLX πŸ”₯
  • http/default-logins/dataease/dataease-default-login.yaml by @DhiyaneshDK
  • http/default-logins/splunk/splunk-default-login.yaml by @pussycat0x
  • http/exposed-panels/dataease-panel.yaml by @DhiyaneshDK
  • http/exposed-panels/reportico-admin-panel.yaml by @geeknik
  • http/exposed-panels/tailon-panel.yaml by @ritikchaddha
  • http/exposed-panels/vue-pacs-panel.yaml by @righettod
  • http/exposed-panels/woodwing-panel.yaml by @pdteam
  • http/exposures/configs/dompdf-config.yaml by @kazet
  • http/misconfiguration/aws/cdn-cache-poisoning.yaml by @0xcharan
  • http/misconfiguration/h2o/h2o-arbitary-file-read.yaml by @danmcinerney,@byt3bl33d3r
  • http/misconfiguration/h2o/h2o-dashboard.yaml by @byt3bl33d3r
  • http/misconfiguration/installer/businesso-installer.yaml by @ritikchaddha
  • http/misconfiguration/installer/chamilo-installer.yaml by @DhiyaneshDk
  • http/misconfiguration/installer/espocrm-installer.yaml by @DhiyaneshDk
  • http/misconfiguration/installer/knowledgetree-installer.yaml by @ritikchaddha
  • http/misconfiguration/installer/phpgedview-installer.yaml by @ritikchaddha
  • http/misconfiguration/installer/wowcms-installer.yaml by @ritikchaddha
  • http/misconfiguration/mixed-active-content.yaml by @Liwermor
  • http/misconfiguration/mixed-passive-content.yaml by @Liwermor
  • http/misconfiguration/secnet-info-leak.yaml by @DhiyaneshDk
  • http/misconfiguration/woodwing-git.yaml by @pdteam
  • http/misconfiguration/woodwing-phpinfo.yaml by @pdteam
  • http/technologies/bamboo-detect.yaml by @bhutch
  • http/technologies/element-web-detect.yaml by @davidegirardi
  • http/technologies/iparapheur-detect.yaml by @righettod
  • http/technologies/matrix-homeserver-detect.yaml by @davidegirardi
  • http/vulnerabilities/dahua/dahua-wpms-lfi.yaml by @DhiyaneshDk
  • http/vulnerabilities/dahua/dahua-wpms-rce.yaml by @DhiyaneshDK
  • http/vulnerabilities/ecstatic/node-ecstatic-internal-path.yaml by @DhiyaneshDK
  • http/vulnerabilities/ecstatic/node-ecstatic-listing.yaml by @DhiyaneshDK
  • http/vulnerabilities/huawei/huawei-authhttp-lfi.yaml by @DhiyaneshDk
  • http/vulnerabilities/jinhe/jinhe-jc6-sqli.yaml by @Ky9oss
  • http/vulnerabilities/other/sslvpn-client-rce.yaml by @DhiyaneshDK
  • http/vulnerabilities/other/yibao-sqli.yaml by @DhiyaneshDK
  • http/vulnerabilities/other/yunanbao-rce.yaml by @DhiyaneshDK
  • http/vulnerabilities/vbulletin/vbulletin-ajaxreg-sqli.yaml by @MaStErChO

New Contributors

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.7.1...v9.7.2

v9.7.1

5 months ago

What's Changed

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.7.0...v9.7.1

v9.7.0

5 months ago

πŸ”₯ Release Highlights πŸ”₯

  • code/cves/2023/CVE-2023-2640.yaml by @princechaddha πŸ”₯
  • http/cves/2023/CVE-2023-49103.yaml by @ritikchaddha πŸ”₯
  • http/cves/2023/CVE-2023-47246.yaml by @iamnoooob,@rootxharsh,@pdresearch πŸ”₯
  • http/cves/2021/CVE-2021-45382.yaml by @king-alexander πŸ”₯
  • http/cves/2021/CVE-2021-35395.yaml by @king-alexander πŸ”₯
  • http/cves/2021/CVE-2021-33690.yaml by DhiyaneshDK πŸ”₯
  • http/cves/2021/CVE-2021-26294.yaml by @johnk3r πŸ”₯

What's Changed

New Templates Added: 51 | CVEs Added: 18 | First-time contributions: 7

  • code/cves/2023/CVE-2023-2640.yaml by @princechaddha πŸ”₯
  • http/cves/2023/CVE-2023-49103.yaml by @ritikchaddha πŸ”₯
  • http/cves/2023/CVE-2023-47246.yaml by @iamnoooob,@rootxharsh,@pdresearch πŸ”₯
  • http/cves/2023/CVE-2023-45542.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-43326.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-43325.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-39796.yaml by @youngpope
  • http/cves/2023/CVE-2023-30258.yaml by @gy741
  • http/cves/2023/CVE-2023-26347.yaml by @salts
  • http/cves/2023/CVE-2023-5375.yaml by @shankaracharya
  • http/cves/2022/CVE-2022-1170.yaml by @Akincibor,@ritikchaddha
  • http/cves/2021/CVE-2021-45382.yaml by @king-alexander πŸ”₯
  • http/cves/2021/CVE-2021-35395.yaml by @king-alexander πŸ”₯
  • http/cves/2021/CVE-2021-33690.yaml by DhiyaneshDK πŸ”₯
  • http/cves/2021/CVE-2021-26294.yaml by @johnk3r πŸ”₯
  • http/cves/2021/CVE-2021-26292.yaml by @johnk3r
  • http/cves/2017/CVE-2017-7855.yaml by @r3Y3r53
  • javascript/cves/2016/CVE-2016-8706.yaml by @pussycat0x
  • http/vulnerabilities/other/xxljob-executor-unauth.yaml by @k3rwin
  • http/default-logins/structurizr/structurizr-default-login.yaml by DhiyaneshDK
  • http/exposed-panels/adhoc-transfer-panel.yaml by @johnk3r
  • http/exposures/configs/jsconfig-json.yaml by DhiyaneshDk
  • http/exposures/configs/phinx-config.yaml by DhiyaneshDk
  • http/exposures/configs/vite-config.yaml by DhiyaneshDk
  • http/exposures/files/apdisk-disclosure.yaml by DhiyaneshDk
  • http/exposures/files/auth-json.yaml by DhiyaneshDk
  • http/exposures/files/azuredeploy-json.yaml by DhiyaneshDk
  • http/exposures/files/php-cs-cache.yaml by DhiyaneshDk
  • http/exposed-panels/afterlogic-webmail-login.yaml by @johnk3r
  • http/exposed-panels/structurizr-panel.yaml by DhiyaneshDk
  • http/misconfiguration/installer/mosparo-install.yaml by DhiyaneshDK
  • http/misconfiguration/ms-exchange-user-enum.yaml by @righettod
  • http/misconfiguration/node-express-status.yaml by DhiyaneshDk
  • http/misconfiguration/tomcat-stacktraces.yaml by @lucky0x0d
  • http/takeovers/clever-takeover.yaml by @supr4s
  • javascript/enumeration/obsolete-ssh-version.yaml by @pussycat0x
  • javascript/enumeration/ssh-cbc-mode-ciphers.yaml by @pussycat0x
  • javascript/enumeration/ssh-diffie-hellman-logjam.yaml by @pussycat0x
  • javascript/enumeration/ssh-sha1-hmac-algo.yaml by @pussycat0x
  • javascript/enumeration/ssh-weak-algo-supported.yaml by @pussycat0x
  • javascript/enumeration/ssh-weak-mac-algo.yaml by @pussycat0x
  • javascript/enumeration/ssh-weak-public-key.yaml by @pussycat0x
  • javascript/enumeration/ssh-weakkey-exchange-algo.yaml by @pussycat0x
  • network/detection/aws-sftp-detect.yaml by @johnk3r
  • network/detection/moveit-sftp-detect.yaml by @johnk3r
  • file/keys/kubernetes/kubernetes-dockercfg-secret.yaml by @dwisiswant0
  • file/keys/kubernetes/kubernetes-dockerconfigjson-secret.yaml by @dwisiswant0
  • http/technologies/4D-detect.yaml by @righettod
  • http/technologies/aws/aws-detect.yaml by @6mile
  • http/technologies/silverback-detect.yaml by @nodauf
  • http/technologies/wordpress/plugins/templately.yaml by @ricardomaia

New Contributors

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.6.9...v9.7.0

v9.6.9

6 months ago

πŸ”₯ Release Highlights πŸ”₯

  • network/cves/2023/CVE-2023-46604.yaml by @Ice3man,@Mzack9999,@pdresearch πŸ”₯
  • javascript/cves/2023/CVE-2023-34039.yaml by @tarunKoyalwar πŸ”₯
  • code/cves/2023/CVE-2023-4911.yaml by @nybble04 πŸ”₯
  • http/cves/2023/CVE-2023-43795.yaml by @DhiyaneshDK πŸ”₯
  • http/cves/2022/CVE-2022-35653.yaml by @iamnoooob,@pdresearch πŸ”₯
  • http/cves/2023/CVE-2023-22518.yaml by @iamnoooob,@rootxharsh,@pdresearch πŸ”₯
  • http/cves/2023/CVE-2023-20198.yaml by @iamnoooob,@rootxharsh,@pdresearch πŸ”₯
  • http/cves/2020/CVE-2020-24701.yaml by @DhiyaneshDk πŸ”₯
  • http/cves/2023/CVE-2023-1719.yaml by @DhiyaneshDk πŸ”₯

What's Changed

New Templates Added: 73 | CVEs Added: 13 | First-time contributions: 7

  • network/cves/2023/CVE-2023-46604.yaml by @Ice3man,@Mzack9999,@pdresearch πŸ”₯
  • javascript/cves/2023/CVE-2023-34039.yaml by @tarunKoyalwar πŸ”₯
  • code/cves/2023/CVE-2023-4911.yaml by @nybble04 πŸ”₯
  • http/cves/2023/CVE-2023-43795.yaml by @DhiyaneshDK πŸ”₯
  • http/cves/2023/CVE-2023-40068.yaml by @E1A
  • http/cves/2022/CVE-2022-35653.yaml by @iamnoooob,@pdresearch πŸ”₯
  • http/cves/2023/CVE-2023-34020.yaml by @LeDoubleTake
  • http/cves/2023/CVE-2023-33629.yaml by @DhiyaneshDK
  • http/cves/2023/CVE-2023-22518.yaml by @iamnoooob,@rootxharsh,@pdresearch πŸ”₯
  • http/cves/2023/CVE-2023-20198.yaml by @iamnoooob,@rootxharsh,@pdresearch πŸ”₯
  • http/cves/2020/CVE-2020-24701.yaml by @DhiyaneshDk πŸ”₯
  • http/cves/2023/CVE-2023-1719.yaml by @DhiyaneshDk πŸ”₯
  • http/cves/2023/CVE-2023-4169.yaml by @DhiyaneshDK
  • http/cves/2023/CVE-2023-4415.yaml by @DhiyaneshDK
  • http/default-logins/dell/dell-dpi-default-login.yaml by @megamansec
  • http/default-logins/goip-default-login.yaml by @drfabiocastro
  • http/exposed-panels/appsuite-panel.yaml by @DhiyaneshDK
  • http/exposed-panels/cisco/cisco-ios-xe-panel.yaml by @bhutch
  • http/exposed-panels/fusionauth-admin-panel.yaml by @ritikchaddha
  • http/exposed-panels/homer-panel.yaml by @rxerium
  • http/exposed-panels/kiteworks-pcn-panel.yaml by @righettod
  • http/exposed-panels/librephotos-panel.yaml by @ritikchaddha
  • http/exposed-panels/librespeed-panel.yaml by @ritikchaddha
  • http/exposed-panels/office-webapps-panel.yaml by @DhiyaneshDK
  • http/exposed-panels/overseerr-panel.yaml by @rxerium
  • http/exposed-panels/plausible-panel.yaml by @rxerium
  • http/exposed-panels/rdweb-panel.yaml by @rxerium,@sorrowx3
  • http/exposed-panels/servicenow-panel.yaml by @righettod
  • http/exposed-panels/truenas-scale-panel.yaml by @rxerium
  • http/exposed-panels/unauth/tautulli-unauth.yaml by @ritikchaddha
  • http/honeypot/citrix-honeypot-detect.yaml by @UnaPibaGeek
  • http/honeypot/dionaea-http-honeypot-detect.yaml by @UnaPibaGeek
  • http/honeypot/elasticpot-honeypot-detect.yaml by @UnaPibaGeek
  • http/honeypot/snare-honeypot-detect.yaml by @UnaPibaGeek
  • http/misconfiguration/fusionauth-admin-setup.yaml by @ritikchaddha
  • http/misconfiguration/installer/cube-105-install.yaml by @ritikchaddha
  • http/misconfiguration/installer/imprivata-installer.yaml by @ritikchaddha
  • http/misconfiguration/installer/orangescrum-install.yaml by @ritikchaddha
  • http/misconfiguration/installer/ruckus-smartzone-install.yaml by @ritikchaddha
  • http/misconfiguration/installer/ruckus-unleashed-install.yaml by @ritikchaddha
  • http/misconfiguration/installer/sugarcrm-install.yaml by @ritikchaddha
  • http/misconfiguration/installer/tautulli-install.yaml by @ritikchaddha
  • http/misconfiguration/installer/webcalendar-install.yaml by @ritikchaddha
  • http/misconfiguration/installer/webtrees-install.yaml by @ritikchaddha
  • http/misconfiguration/less-history.yaml by @kazet
  • http/misconfiguration/mysql-history.yaml by @kazet
  • http/misconfiguration/searchreplacedb2-exposure.yaml by @kazet
  • http/misconfiguration/untangle-admin-setup.yaml by @ritikchaddha
  • http/technologies/dell/dell-dpi-panel.yaml by @megamansec
  • http/technologies/wordpress/plugins/hostinger.yaml by @ricardomaia
  • http/technologies/wordpress/plugins/metform.yaml by @ricardomaia
  • http/vulnerabilities/hikvision/hikvision-js-files-upload.yaml by @Xc1Ym
  • http/vulnerabilities/microsoft/office-webapps-ssrf.yaml by @DhiyaneshDK
  • http/vulnerabilities/other/podcast-generator-ssrf.yaml by @ritikchaddha,@MrHarshvardhan
  • javascript/default-logins/mssql-default-logins.yaml by @Ice3man543,@tarunKoyalwar
  • javascript/default-logins/postgres-default-logins.yaml by @Ice3man
  • javascript/default-logins/redis-default-logins.yaml by @tarunKoyalwar
  • javascript/default-logins/ssh-default-logins.yaml by @tarunKoyalwar
  • javascript/detection/mssql-detect.yaml by @Ice3man543,@tarunKoyalwar
  • javascript/detection/ssh-auth-methods.yaml by @Ice3man543
  • javascript/enumeration/ssh-password-auth.yaml by @princechaddha
  • javascript/enumeration/ssh-server-enumeration.yaml by @Ice3man543,@tarunKoyalwar
  • network/honeypot/adbhoney-honeypot-cnxn-detect.yaml by @UnaPibaGeek
  • network/honeypot/adbhoney-honeypot-shell-detect.yaml by @UnaPibaGeek
  • network/honeypot/conpot-siemens-honeypot-detect.yaml by @UnaPibaGeek
  • network/honeypot/cowrie-ssh-honeypot-detect.yaml by @UnaPibaGeek
  • network/honeypot/dionaea-ftp-honeypot-detect.yaml by @UnaPibaGeek
  • network/honeypot/dionaea-mqtt-honeypot-detect.yaml by @UnaPibaGeek
  • network/honeypot/dionaea-mysql-honeypot-detect.yaml by @UnaPibaGeek
  • network/honeypot/dionaea-smb-honeypot-detect.yaml by @UnaPibaGeek
  • network/honeypot/gaspot-honeypot-detect.yaml by @UnaPibaGeek
  • network/honeypot/mailoney-honeypot-detect.yaml by @UnaPibaGeek
  • network/honeypot/redis-honeypot-detect.yaml by @UnaPibaGeek

New Contributors

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.6.8...v9.6.9

v9.6.8

6 months ago

πŸ”₯ Release Highlights πŸ”₯

  • CVE-2023-46747 (F5 BIG-IP - Unauthenticated RCE via AJP Smuggling)
  • CVE-2023-37679 (NextGen Mirth Connect - Remote Code Execution)
  • CVE-2023-45852 (Viessmann Vitogate 300 - Remote Code Execution)
  • CVE-2023-4966 (Citrix Bleed - Leaking Session Tokens)

What's Changed

New Templates Added: 79 (CVE: 33)

  • http/cves/2023/CVE-2023-46747.yaml by @iamnoooob,@rootxharsh,@pdresearch
  • http/cves/2023/CVE-2023-45852.yaml by @iamnoooob,@rootxharsh,@pdresearch
  • http/cves/2023/CVE-2023-37679.yaml by @iamnoooob,@rootxharsh,@pdresearch
  • http/cves/2023/CVE-2023-4966.yaml by @DhiyaneshDK
  • http/cves/2022/CVE-2022-36553.yaml by @HuTa0
  • http/cves/2017/CVE-2017-18566.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18565.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18564.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18562.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18558.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18557.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18556.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18542.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18537.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18532.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18530.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18529.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18528.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18527.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18518.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18517.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18516.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18505.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18502.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18501.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18500.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18496.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18494.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18493.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18492.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18491.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18490.yaml by @luisfelipe146
  • http/cves/2017/CVE-2017-18487.yaml by @luisfelipe146
  • http/misconfiguration/tiny-file-manager-unauth.yaml by @ritikchaddha,@HuTa0
  • http/misconfiguration/unauth-opache-control-panel.yaml by @pussycat0x
  • http/vulnerabilities/backdoor/cisco-implant-detect.yaml by @DhiyaneshDK,@rxerium
  • http/vulnerabilities/cisco/cisco-broadworks-log4j-rce.yaml by @shaikhyaser
  • http/vulnerabilities/cisco/cisco-webex-log4j-rce.yaml by @shaikhyaser
  • http/vulnerabilities/other/citrix-xenapp-log4j-rce.yaml by @shaikhyaser
  • http/vulnerabilities/other/f-secure-policymanager-log4j-rce.yaml by @shaikhyaser
  • http/vulnerabilities/other/flexnet-log4j-rce.yaml by @shaikhyaser
  • http/vulnerabilities/other/fortiportal-log4j-rce.yaml by @shaikhyaser
  • http/vulnerabilities/other/jitsi-meet-log4j-rce.yaml by @shaikhyaser
  • http/vulnerabilities/other/livebos-file-read.yaml by @yusakie
  • http/vulnerabilities/other/logstash-log4j-rce.yaml by @shaikhyaser
  • http/vulnerabilities/other/manage-engine-dc-log4j-rce.yaml by @shaikhyaser
  • http/vulnerabilities/other/okta-log4j-rce.yaml by @shaikhyaser
  • http/vulnerabilities/other/openshift-log4j-rce.yaml by @shaikhyaser
  • http/vulnerabilities/other/papercut-log4j-rce.yaml by @shaikhyaser
  • http/vulnerabilities/other/pega-log4j-rce.yaml by @shaikhyaser
  • http/vulnerabilities/other/sonicwall-nsm-log4j-rce.yaml by @shaikhyaser
  • http/vulnerabilities/other/splunk-enterprise-log4j-rce.yaml by @shaikhyaser
  • http/vulnerabilities/other/symantec-sepm-log4j-rce.yaml by @shaikhyaser
  • http/vulnerabilities/wordpress/blog-designer-pack-rce.yaml by @iamnoooob,@rootxharsh,@pdresearch
  • http/vulnerabilities/wordpress/wp-kadence-blocks-rce.yaml by @theamanrawat
  • http/exposed-panels/authelia-panel.yaml by @rxerium
  • http/exposed-panels/automatisch-panel.yaml by @rxerium
  • http/exposed-panels/changedetection-panel.yaml by @rxerium
  • http/exposed-panels/chronos-panel.yaml by @righettod
  • http/exposed-panels/homebridge-panel.yaml by @rxerium
  • http/exposed-panels/immich-panel.yaml by @rxerium
  • http/exposed-panels/memos-panel.yaml by @rxerium
  • http/exposed-panels/opentouch-multimediaservices-panel.yaml by @righettod
  • http/exposed-panels/rcdevs-webadm-panel.yaml by @righettod
  • http/exposed-panels/regify-panel.yaml by @righettod
  • http/exposed-panels/scribble-diffusion-panel.yaml by @rxerium
  • http/exposed-panels/security-onion-panel.yaml by @rxerium
  • http/exposed-panels/solarwinds-arm-panel.yaml by @bhutch
  • http/exposed-panels/speedtest-panel.yaml by @rxerium
  • http/exposed-panels/tautulli-panel.yaml by @rxerium
  • http/exposed-panels/vinchin-panel.yaml by @pussycat0x
  • http/exposed-panels/webtitan-cloud-panel.yaml by @ritikchaddha
  • http/technologies/atlassian-connect-descriptor.yaml by @pussycat0x
  • http/technologies/mappproxy-detect.yaml by @philippedelteil
  • http/technologies/orbit-telephone-detect.yaml by @HeeresS
  • http/token-spray/api-onyphe.yaml by @0xpugazh
  • headless/technologies/js-libraries-detect.yaml by @adamparsons,@cbadke,@ChetGan,@ErikOwen,@jacalynli
  • javascript/detection/oracle-tns-listner.yaml by @pussycat0x
  • javascript/enumeration/smb-enum.yaml by @pussycat0x

New Contributors

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.6.7...v9.6.8

v9.6.7

6 months ago

What's Changed

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.6.6...v9.6.7

v9.6.6

7 months ago

πŸ”₯ Highlight of this release:

βœ… [servicenow-widget-misconfig] ServiceNow Widget-Simple-List - Misconfiguration (@dhiyaneshdk) πŸ”₯ βœ… [CVE-2023-37979] Ninja Forms < 3.6.26 - Cross-Site Scripting (@r3y3r53) [medium] πŸ”₯ βœ… [CVE-2021-25016] Chaty < 2.8.2 - Cross-Site Scripting (@luisfelipe146) [medium] πŸ”₯ βœ… [CVE-2020-6950] Eclipse Mojarra - Local File Read (@iamnoooob,@pdresearch) [medium] πŸ”₯ βœ… [CVE-2023-4451] Cockpit - Cross-Site Scripting (@iamnoooob,@pdresearch) [medium] πŸ”₯ βœ… [CVE-2023-3710] Honeywell PM43 Printers - Command Injection (@win3zz) [critical] πŸ”₯ βœ… [CVE-2023-3219] EventON Lite < 2.1.2 - Arbitrary File Download (@r3y3r53) [medium] πŸ”₯

What's Changed

New Templates Added : 161

New CVEs Added:99

  • http/cves/2022/CVE-2022-47075.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-44957.yaml by @theamanrawat
  • http/cves/2022/CVE-2022-45365.yaml by @theamanrawat
  • http/cves/2022/CVE-2022-44291.yaml by @theamanrawat
  • http/cves/2022/CVE-2022-44290.yaml by @theamanrawat
  • http/cves/2023/CVE-2023-41538.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-40779.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-40032.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-40047.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-40208.yaml by @theamanrawat
  • http/cves/2023/CVE-2023-39700.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-39110.yaml by @theamanrawat
  • http/cves/2023/CVE-2023-39109.yaml by @theamanrawat
  • http/cves/2023/CVE-2023-39108.yaml by @theamanrawat
  • http/cves/2023/CVE-2023-37979.yaml by @r3Y3r53 πŸ”₯
  • http/cves/2023/CVE-2023-37728.yaml by @technicaljunkie,@r3Y3r53
  • http/cves/2022/CVE-2022-34093.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-34094.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-39048.yaml by @theamanrawat
  • http/cves/2023/CVE-2023-36306.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-34756.yaml by @theamanrawat
  • http/cves/2023/CVE-2023-34755.yaml by @theamanrawat
  • http/cves/2023/CVE-2023-34753.yaml by @theamanrawat
  • http/cves/2023/CVE-2023-34752.yaml by @theamanrawat
  • http/cves/2023/CVE-2023-34751.yaml by @theamanrawat
  • http/cves/2023/CVE-2023-33584.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-29439.yaml by @theamanrawat
  • http/cves/2021/CVE-2021-29006.yaml by @r3Y3r53
  • http/cves/2021/CVE-2021-25079.yaml by @r3Y3r53
  • http/cves/2021/CVE-2021-25016.yaml by @luisfelipe146 πŸ”₯
  • http/cves/2021/CVE-2021-24979.yaml by @r3Y3r53
  • http/cves/2021/CVE-2021-24915.yaml by @r3Y3r53
  • http/cves/2021/CVE-2021-24791.yaml by @r3Y3r53
  • http/cves/2021/CVE-2021-24627.yaml by @theamanrawat
  • http/cves/2021/CVE-2021-24286.yaml by @r3Y3r53
  • http/cves/2021/CVE-2021-24215.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-27922.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-25148.yaml by @theamanrawat
  • http/cves/2022/CVE-2022-25149.yaml by @theamanrawat
  • http/cves/2023/CVE-2023-5244.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-4974.yaml by @theamanrawat
  • http/cves/2023/CVE-2023-4547.yaml by @theamanrawat
  • http/cves/2023/CVE-2023-4451.yaml by @iamnoooob,@pdresearch πŸ”₯
  • http/cves/2023/CVE-2023-4168.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-4148.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-4116.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-4115.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-4114.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-4113.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-4112.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-4111.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-4110.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-3849.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-3848.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-3847.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-3846.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-3845.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-3844.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-3843.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-3710.yaml by @win3zz πŸ”₯
  • http/cves/2023/CVE-2023-3219.yaml by @r3Y3r53 πŸ”₯
  • http/cves/2023/CVE-2023-2779.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-2009.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-1880.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-1780.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-1408.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-1263.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-0947.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-0900.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-0777.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-0602.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-0600.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-0334.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-0228.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-0533.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-0597.yaml by @Farish
  • http/cves/2022/CVE-2022-0651.yaml by @theamanrawat
  • http/cves/2022/CVE-2022-0658.yaml by @theamanrawat
  • http/cves/2022/CVE-2022-0787.yaml by @theamanrawat
  • http/cves/2022/CVE-2022-0814.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-0899.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-2174.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-2535.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-3142.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-3242.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-4049.yaml by @theamanrawat
  • http/cves/2022/CVE-2022-4059.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-4305.yaml by @r3Y3r53
  • http/cves/2021/CVE-2021-35323.yaml by @r3Y3r53
  • http/cves/2021/CVE-2021-41749.yaml by @iamnoooob,@ritikchaddha
  • http/cves/2020/CVE-2020-12256.yaml by @r3Y3r53
  • http/cves/2020/CVE-2020-12259.yaml by @r3Y3r53
  • http/cves/2020/CVE-2020-13638.yaml by @theamanrawat
  • http/cves/2020/CVE-2020-13851.yaml by @theamanrawat
  • http/cves/2020/CVE-2020-6950.yaml by @iamnoooob,@pdresearch πŸ”₯
  • http/cves/2020/CVE-2020-8615.yaml by @r3Y3r53
  • http/cves/2019/CVE-2019-15829.yaml by @r3Y3r53
  • http/cves/2018/CVE-2018-7282.yaml by @theamanrawat
  • http/cves/2015/CVE-2015-20067.yaml by @r3Y3r53
  • http/vulnerabilities/joomla/joomla-com-booking-component.yaml by @r3Y3r53
  • http/vulnerabilities/joomla/joomla-iproperty-real-estate-xss.yaml by @r3Y3r53
  • http/vulnerabilities/joomla/joomla-joombri-careers-xss.yaml by @r3Y3r53
  • http/vulnerabilities/joomla/joomla-jvtwitter-xss.yaml by @r3Y3r53
  • http/vulnerabilities/joomla/joomla-marvikshop-sqli.yaml by @r3Y3r53
  • http/vulnerabilities/joomla/joomla-marvikshop-xss.yaml by @r3Y3r53
  • http/vulnerabilities/joomla/joomla-solidres-xss.yaml by @r3Y3r53
  • http/vulnerabilities/other/applezeed-sqli.yaml by @r3Y3r53
  • http/vulnerabilities/other/beyond-trust-xss.yaml by @r3Y3r53
  • http/vulnerabilities/other/csz-cms-sqli.yaml by @r3Y3r53
  • http/vulnerabilities/other/doorgets-info-disclosure.yaml by @r3Y3r53
  • http/vulnerabilities/other/ep-web-cms-xss.yaml by @r3Y3r53
  • http/vulnerabilities/other/erensoft-sqli.yaml by @r3Y3r53
  • http/vulnerabilities/other/groomify-sqli.yaml by @theamanrawat
  • http/vulnerabilities/other/gz-forum-script-xss.yaml by @r3Y3r53
  • http/vulnerabilities/other/indonasia-toko-cms-sql.yaml by @r3Y3r53
  • http/vulnerabilities/other/joomla-jlex-review-xss.yaml by @r3Y3r53
  • http/vulnerabilities/other/joomla-jmarket-xss.yaml by @r3Y3r53
  • http/vulnerabilities/other/khodrochi-cms-xss.yaml by @r3Y3r53
  • http/vulnerabilities/other/kingsoft-vgm-lfi.yaml by @abbas.heybati
  • http/vulnerabilities/other/lokomedia-cms-lfi.yaml by @r3Y3r53
  • http/vulnerabilities/other/news-script-xss.yaml by @r3Y3r53
  • http/vulnerabilities/other/office-suite-xss.yaml by @r3Y3r53
  • http/vulnerabilities/other/ozeki-10-sms-gateway.yaml by @r3Y3r53
  • http/vulnerabilities/other/phuket-cms-sqli.yaml by @r3Y3r53
  • http/vulnerabilities/other/phuket-cms-xss.yaml by @r3Y3r53
  • http/vulnerabilities/other/pmb-sqli.yaml by @r3Y3r53
  • http/vulnerabilities/other/rentequip-xss.yaml by @r3Y3r53
  • http/vulnerabilities/other/shoowbiz-xss.yaml by @r3Y3r53
  • http/vulnerabilities/other/sound4-impact-auth-bypass.yaml by @r3Y3r53
  • http/vulnerabilities/other/sound4-impact-password-auth-bypass.yaml by @r3Y3r53
  • http/vulnerabilities/other/stackposts-sqli.yaml by @r3Y3r53
  • http/vulnerabilities/other/taiwanese-travel-lfi.yaml by @r3Y3r53
  • http/vulnerabilities/other/talroo-jobs-xss.yaml by @r3Y3r53
  • http/vulnerabilities/other/webigniter-xss.yaml by @theamanrawat
  • http/vulnerabilities/wordpress/knr-widget-xss.yaml by @theamanrawat
  • http/vulnerabilities/wordpress/photoblocks-grid-gallery-xss.yaml by @r3Y3r53
  • http/vulnerabilities/wordpress/wp-adivaha-sqli.yaml by @theamanrawat
  • http/vulnerabilities/wordpress/wp-adivaha-xss.yaml by @r3Y3r53
  • http/vulnerabilities/wordpress/wp-ellipsis-xss.yaml by @r3Y3r53
  • http/vulnerabilities/wordpress/wp-gallery-file-upload.yaml by @r3Y3r53
  • http/vulnerabilities/wordpress/wp-googlemp3-lfi.yaml by @theamanrawat
  • http/vulnerabilities/wordpress/wp-mega-theme.yaml by @r3Y3r53
  • http/vulnerabilities/wordpress/wp-portrait-archiv-xss.yaml by @r3Y3r53
  • http/vulnerabilities/wordpress/wp-qwiz-online-xss.yaml by @r3Y3r53
  • http/vulnerabilities/wordpress/wp-reality-estate-theme.yaml by @r3Y3r53
  • http/vulnerabilities/wordpress/wp-smart-manager-sqli.yaml by @r3Y3r53
  • http/vulnerabilities/wordpress/wp-social-warfare-rce.yaml by @theamanrawat
  • http/vulnerabilities/wordpress/wp-statistics-sqli.yaml by @r3Y3r53
  • http/vulnerabilities/wordpress/wp-superstorefinder-misconfig.yaml by @r3Y3r53
  • http/vulnerabilities/wordpress/wp-upward-theme-redirect.yaml by @r3Y3r53
  • http/misconfiguration/servicenow-widget-misconfig.yaml by @DhiyaneshDk
  • http/default-logins/batflat/batflat-default-login.yaml by @r3Y3r53
  • http/default-logins/eurotel/etl3100-default-login.yaml by @r3Y3r53
  • http/default-logins/franklin-fueling-default-login.yaml by @r3Y3r53
  • http/default-logins/rconfig-default-login.yaml by @theamanrawat
  • http/default-logins/timekeeper/timekeeper-default-login.yaml by @theamanrawat
  • http/default-logins/wazuh-default-login.yaml by @theamanrawat
  • http/exposures/logs/redv-super-logs.yaml by @r3Y3r53
  • http/exposed-panels/sphinxonline-panel.yaml by @righettod
  • http/exposed-panels/unibox-panel.yaml by @theamanrawat
  • http/technologies/checkpoint-mobile-detect.yaml by @righettod

New Contributors

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.6.5...v9.6.6

v9.6.5

7 months ago

πŸ”₯ Highlight of this release:

βœ… [CVE-2023-43261] Milesight Routers - Information Disclosure (@gy741) [high] πŸ”₯ βœ… [CVE-2023-42793] JetBrains TeamCity < 2023.05.4 - Remote Code Execution (@iamnoooob,@rootxharsh,@pdresearch) [critical] πŸ”₯ βœ… [CVE-2023-42442] JumpServer > 3.6.4 - Information Disclosure (@xianke) [high] πŸ”₯ βœ… [CVE-2023-36845] Juniper J-Web - Remote Code Execution (@yaser_s) [medium] πŸ”₯ βœ… [CVE-2023-35813] Sitecore - Remote Code Execution (@dhiyaneshdk,@iamnoooob) [critical] πŸ”₯ βœ… [CVE-2023-29357] Microsoft SharePoint - Authentication Bypass (@pdteam) [critical] πŸ”₯ βœ… [CVE-2023-22515] Atlassian Confluence - Privilege Escalation (@s1r1us,@iamnoooob,@rootxharsh,@pdresearch) [critical] πŸ”₯ βœ… [CVE-2023-5074] D-Link D-View 8 v2.0.1.28 - Authentication Bypass (@dhiyaneshdk) [critical] πŸ”₯

What's Changed

New Templates Added : 75

New CVEs Added: 25

First-time contributions: 12

  • http/cves/2023/CVE-2023-43261.yaml by @gy741 πŸ”₯
  • http/cves/2023/CVE-2023-42793.yaml by @iamnoooob,@rootxharsh,@pdresearch πŸ”₯
  • http/cves/2023/CVE-2023-42442.yaml by @xianke πŸ”₯
  • http/cves/2023/CVE-2023-41642.yaml by @ritikchaddha
  • http/cves/2023/CVE-2023-38501.yaml by @ctflearner
  • http/cves/2023/CVE-2023-37474.yaml by @shankar acharya,@theamanrawat
  • http/cves/2023/CVE-2023-36845.yaml by @yaser_s πŸ”₯
  • http/cves/2023/CVE-2023-35813.yaml by @DhiyaneshDk,@iamnoooob πŸ”₯
  • http/cves/2023/CVE-2023-34259.yaml by @gy741
  • http/cves/2023/CVE-2023-33831.yaml by @gy741
  • http/cves/2023/CVE-2023-33405.yaml by @Shankar Acharya
  • http/cves/2023/CVE-2023-31465.yaml by @ritikchaddha
  • http/cves/2023/CVE-2023-30625.yaml by @gy741
  • http/cves/2023/CVE-2023-30013.yaml by @gy741
  • http/cves/2023/CVE-2023-29357.yaml by @pdteam πŸ”₯
  • http/cves/2023/CVE-2023-22515.yaml by @s1r1us,@iamnoooob,@rootxharsh,@pdresearch πŸ”₯
  • http/cves/2023/CVE-2023-22432.yaml by @DhiyaneshDK
  • http/cves/2023/CVE-2023-5074.yaml by @DhiyaneshDK πŸ”₯
  • http/cves/2023/CVE-2023-4568.yaml by @DhiyaneshDK
  • http/cves/2023/CVE-2023-2766.yaml by @DhiyaneshDK
  • http/cves/2023/CVE-2023-2479.yaml by @zn9988
  • http/cves/2023/CVE-2023-2224.yaml by @luisfelipe146
  • http/cves/2022/CVE-2022-48197.yaml by @ctflearner
  • http/cves/2022/CVE-2022-25568.yaml by @DhiyaneshDK
  • http/cves/2014/CVE-2014-9180.yaml by @Shankar Acharya
  • http/default-logins/xploitspy/xploitspy-default-login.yaml by @andreluna
  • http/exposed-panels/audiobookshelf-panel.yaml by @ritikchaddha
  • http/exposed-panels/bitwarden-vault-panel.yaml by @ritikchaddha
  • http/exposed-panels/dashy-panel.yaml by @ritikchaddha
  • http/exposed-panels/filebrowser-login-panel.yaml by @ritikchaddha
  • http/exposed-panels/jellyseerr-login-panel.yaml by @ritikchaddha
  • http/exposed-panels/klr300n-panel.yaml by @andreluna
  • http/exposed-panels/portainer-panel.yaml by @ritikchaddha
  • http/exposed-panels/qBittorrent-panel.yaml by @ritikchaddha
  • http/exposed-panels/ws_ftp-server-web-transfer.yaml by @johnk3r
  • http/exposures/configs/mercurial-hgignore.yaml by @DhiyaneshDK
  • http/exposures/configs/phpcs-config.yaml by @DhiyaneshDK
  • http/exposures/configs/phpsys-info.yaml by @fpatrik
  • http/exposures/configs/protractor-config.yaml by @DhiyaneshDK
  • http/exposures/configs/psalm-config.yaml by @DhiyaneshDK
  • http/exposures/configs/rakefile-disclosure.yaml by @DhiyaneshDK
  • http/exposures/files/viminfo-disclosure.yaml by @DhiyaneshDK
  • http/exposures/logs/milesight-system-log.yaml by @ritikchaddha
  • http/exposures/tokens/jotform/jotform-api-key.yaml by @Shankar Acharya
  • http/iot/kyocera-printer-panel.yaml by @gy741
  • http/misconfiguration/filebrowser-unauth.yaml by @ritikchaddha
  • http/misconfiguration/installer/akeeba-installer.yaml by @DhiyaneshDK
  • http/misconfiguration/installer/alma-installer.yaml by @DhiyaneshDK
  • http/misconfiguration/installer/bitrix24-installer.yaml by @DhiyaneshDK
  • http/misconfiguration/installer/clipbucket-installer.yaml by @DhiyaneshDk
  • http/misconfiguration/installer/dolphin-installer.yaml by @DhiyaneshDk
  • http/misconfiguration/installer/gibbon-installer.yaml by @DhiyaneshDK
  • http/misconfiguration/installer/klr300n-installer.yaml by @andreluna
  • http/misconfiguration/installer/mantisbt-installer.yaml by @DhiyaneshDK
  • http/misconfiguration/installer/ojs-installer.yaml by @DhiyaneshDK
  • http/misconfiguration/installer/shopware-installer.yaml by @DhiyaneshDk
  • http/misconfiguration/installer/spa-cart-installer.yaml by @pussycat0x
  • http/misconfiguration/installer/vironeer-installer.yaml by @DhiyaneshDk
  • http/misconfiguration/installer/zabbix-installer.yaml by @DhiyaneshDK
  • http/misconfiguration/installer/zencart-installer.yaml by @DhiyaneshDk
  • http/misconfiguration/unauth-celery-flower.yaml by @DhiyaneshDK
  • http/misconfiguration/vercel-source-exposure.yaml by @hlop
  • http/technologies/blazor-webassembly-detect.yaml by @righettod
  • http/technologies/default-amazon-cognito.yaml by @pussycat0x
  • http/technologies/devexpress-detect.yaml by @CravateRouge
  • http/vulnerabilities/apache/shiro/shiro-deserialization-detection.yaml by @hotpot,@j4vaovo
  • http/vulnerabilities/copyparty-xss.yaml by @theamanrawat
  • http/vulnerabilities/sangfor/sangfor-ngaf-lfi.yaml by @DhiyaneshDk
  • http/vulnerabilities/wordpress/wp-yoast-user-enumeration.yaml by @FLX
  • http/vulnerabilities/yonyou/yonyou-u8-sqli.yaml by @xianke
  • network/detection/bgp-detect.yaml by @danfaizer
  • network/detection/exim-detect.yaml by @ricardomaia
  • network/detection/ws_ftp-ssh-detect.yaml by @johnk3r
  • ssl/wildcard-tls.yaml by @lucky0x0d
  • file/android/google-storage-bucket.yaml by @Thabisocn

New Contributors

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.6.4...v9.6.5

v9.6.4

8 months ago

πŸ”₯ Highlight of this release:

βœ… [CVE-2023-41892] CraftCMS < 4.4.15 - Unauth Remote Code Execution (@iamnoooob,@rootxharsh,@pdresearch) [critical] πŸ”₯ βœ… [CVE-2023-30943] Moodle - Cross-Site Scripting/Remote Code Execution (@ritikchaddha) [medium] πŸ”₯ βœ… [CVE-2023-25573] Metersphere - Arbitrary File Read (@dhiyaneshdk) [high] πŸ”₯ βœ… [CVE-2023-2813] Wordpress Multiple Themes - Reflected Cross-Site Scripting (@dhiyaneshdk) [medium] πŸ”₯ βœ… [CVE-2022-0342] Zyxel - Authentication Bypass (@sleepingbag945,@powerexploit) [critical] πŸ”₯

What's Changed

New Templates Added: 121

New CVEs Added: 10

First-time contributions: 3

  • http/cves/2023/CVE-2023-41892.yaml by @iamnoooob,@rootxharsh,@pdresearch πŸ”₯
  • http/cves/2023/CVE-2023-39677.yaml by @meme-lord
  • http/cves/2023/CVE-2023-39676.yaml by @meme-lord
  • http/cves/2023/CVE-2023-37629.yaml by @Harsh
  • http/cves/2023/CVE-2023-30943.yaml by @ritikchaddha πŸ”₯
  • http/cves/2023/CVE-2023-4714.yaml by @Farish
  • http/cves/2023/CVE-2023-2813.yaml by @DhiyaneshDK
  • http/cves/2023/CVE-2023-25573.yaml by @DhiyaneshDK
  • http/cves/2023/CVE-2023-22463.yaml by @DhiyaneshDK
  • http/cves/2022/CVE-2022-0342.yaml by @SleepingBag945,@Powerexploit πŸ”₯
  • http/cnvd/2023/CNVD-C-2023-76801.yaml by @SleepingBag945
  • http/cnvd/2022/CNVD-2022-43245.yaml by @SleepingBag945
  • http/cnvd/2021/CNVD-2021-33202.yaml by @SleepingBag945
  • http/vulnerabilities/chanjet-tplus-rce.yaml by @SleepingBag945
  • http/vulnerabilities/dbgate-unauth-rce.yaml by @h0j3n
  • http/vulnerabilities/landray/landray-oa-sysSearchMain-editParam-rce.yaml by @SleepingBag945
  • http/vulnerabilities/landray/landray-oa-treexml-rce.yaml by @tangxiaofeng7,@SleepingBag945
  • http/vulnerabilities/other/aic-intelligent-password-exposure.yaml by @SleepingBag945
  • http/vulnerabilities/other/cloud-oa-system-sqli.yaml by @SleepingBag945
  • http/vulnerabilities/other/cmseasy-crossall-act-sqli.yaml by @SleepingBag945
  • http/vulnerabilities/other/comai-ras-cookie-bypass.yaml by @SleepingBag945
  • http/vulnerabilities/other/huiwen-bibliographic-info-leak.yaml by @SleepingBag945
  • http/vulnerabilities/other/phpldapadmin-xss.yaml by @GodfatherOrwa,@herry
  • http/vulnerabilities/other/sanhui-smg-file-read.yaml by @SleepingBag945
  • http/vulnerabilities/other/seeyon-oa-log4j.yaml by @SleepingBag945
  • http/vulnerabilities/other/zhixiang-oa-msglog-sqli.yaml by @SleepingBag945
  • http/vulnerabilities/qax/secsslvpn-auth-bypass.yaml by @SleepingBag945
  • http/vulnerabilities/realor/realor-gwt-system-sqli.yaml by @SleepingBag945
  • http/vulnerabilities/ruijie/ruijie-nbr-fileupload.yaml by @SleepingBag945
  • http/vulnerabilities/sangfor/sangfor-login-rce.yaml by @SleepingBag945
  • http/vulnerabilities/secworld/secgate-3600-file-upload.yaml by @SleepingBag945
  • http/vulnerabilities/seeyon/seeyon-config-exposure.yaml by @SleepingBag945
  • http/vulnerabilities/seeyon/seeyon-createmysql-exposure.yaml by @SleepingBag945
  • http/vulnerabilities/seeyon/seeyon-initdata-exposure.yaml by @SleepingBag945
  • http/vulnerabilities/seeyon/seeyon-oa-fastjson-rce.yaml by @SleepingBag945
  • http/vulnerabilities/seeyon/seeyon-oa-setextno-sqli.yaml by @SleepingBag945
  • http/vulnerabilities/seeyon/seeyon-oa-sp2-file-upload.yaml by @SleepingBag945
  • http/vulnerabilities/shiziyu-cms/shiziyu-cms-apicontroller-sqli.yaml by @SleepingBag945
  • http/vulnerabilities/smartbi/smartbi-deserialization.yaml by @SleepingBag945
  • http/vulnerabilities/spring/jolokia-logback-jndi-rce.yaml by @SleepingBag945
  • http/vulnerabilities/tongda/tongda-action-uploadfile.yaml by @SleepingBag945
  • http/vulnerabilities/tongda/tongda-api-file-upload.yaml by @SleepingBag945
  • http/vulnerabilities/tongda/tongda-arbitrary-login.yaml by @SleepingBag945
  • http/vulnerabilities/tongda/tongda-contact-list-exposure.yaml by @SleepingBag945
  • http/vulnerabilities/tongda/tongda-getdata-rce.yaml by @SleepingBag945
  • http/vulnerabilities/tongda/tongda-getway-rfi.yaml by @SleepingBag945,@pussycat0x
  • http/vulnerabilities/tongda/tongda-insert-sqli.yaml by @SleepingBag945
  • http/vulnerabilities/tongda/tongda-login-code-authbypass.yaml by @SleepingBag945
  • http/vulnerabilities/tongda/tongda-meeting-unauth.yaml by @SleepingBag945
  • http/vulnerabilities/tongda/tongda-oa-swfupload-sqli.yaml by @SleepingBag945
  • http/vulnerabilities/tongda/tongda-report-func-sqli.yaml by @SleepingBag945
  • http/vulnerabilities/tongda/tongda-video-file-read.yaml by @SleepingBag945
  • http/vulnerabilities/topsec/topsec-topacm-rce.yaml by @SleepingBag945
  • http/vulnerabilities/topsec/topsec-topapplb-auth-bypass.yaml by @SleepingBag945
  • http/vulnerabilities/wanhu/wanhu-documentedit-sqli.yaml by @SleepingBag945
  • http/vulnerabilities/wanhu/wanhu-download-ftp-file-read.yaml by @SleepingBag945
  • http/vulnerabilities/wanhu/wanhu-download-old-file-read.yaml by @SleepingBag945
  • http/vulnerabilities/wanhu/wanhu-oa-fileupload-controller-arbitrary-file-upload.yaml by @SleepingBag945
  • http/vulnerabilities/wanhu/wanhu-teleconferenceservice-xxe.yaml by @SleepingBag945
  • http/vulnerabilities/wanhu/wanhuoa-officeserverservlet-file-upload.yaml by @SleepingBag945
  • http/vulnerabilities/wanhu/wanhuoa-smartupload-file-upload.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/ecology-jqueryfiletree-traversal.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/ecology-verifyquicklogin-auth-bypass.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/ecology/ecology-oa-byxml-xxe.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/weaver-checkserver-sqli.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/weaver-e-cology-validate-sqli.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/weaver-e-mobile-rce.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/weaver-ebridge-lfi.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/weaver-ecology-bshservlet-rce.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/weaver-ecology-getsqldata-sqli.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/weaver-ecology-hrmcareer-sqli.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/weaver-group-xml-sqli.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/weaver-jquery-file-upload.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/weaver-ktreeuploadaction-file-upload.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/weaver-lazyuploadify-file-upload.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/weaver-login-sessionkey.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/weaver-mysql-config-info-leak.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/weaver-office-server-file-upload.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/weaver-officeserver-lfi.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/weaver-signaturedownload-lfi.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/weaver-sptmforportalthumbnail-lfi.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/weaver-uploadify-file-upload.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/weaver-uploadoperation-file-upload.yaml by @SleepingBag945
  • http/vulnerabilities/weaver/weaver-userselect-unauth.yaml by @SleepingBag945
  • http/vulnerabilities/wechat/wechat-info-leak.yaml by @SleepingBag945
  • http/vulnerabilities/yonyou/chanjet-gnremote-sqli.yaml by @SleepingBag945
  • http/vulnerabilities/yonyou/chanjet-tplus-checkmutex-sqli.yaml by @unknown
  • http/vulnerabilities/yonyou/chanjet-tplus-file-read.yaml by @SleepingBag945
  • http/vulnerabilities/yonyou/chanjet-tplus-fileupload.yaml by @SleepingBag945
  • http/vulnerabilities/yonyou/chanjet-tplus-ufida-sqli.yaml by @SleepingBag945
  • http/vulnerabilities/yonyou/grp-u8-uploadfiledata-fileupload.yaml by @SleepingBag945
  • http/vulnerabilities/yonyou/yonyou-fe-directory-traversal.yaml by @SleepingBag945
  • http/vulnerabilities/yonyou/yonyou-filereceiveservlet-fileupload.yaml by @bjxsec
  • http/vulnerabilities/yonyou/yonyou-grp-u8-xxe.yaml by @SleepingBag945
  • http/vulnerabilities/yonyou/yonyou-nc-accept-fileupload.yaml by @SleepingBag945
  • http/vulnerabilities/yonyou/yonyou-nc-baseapp-deserialization.yaml by @SleepingBag945
  • http/vulnerabilities/yonyou/yonyou-nc-dispatcher-fileupload.yaml by @SleepingBag945
  • http/vulnerabilities/yonyou/yonyou-nc-grouptemplet-fileupload.yaml by @SleepingBag945
  • http/vulnerabilities/yonyou/yonyou-nc-info-leak.yaml by @SleepingBag945
  • http/vulnerabilities/yonyou/yonyou-nc-ncmessageservlet-rce.yaml by @SleepingBag945
  • http/vulnerabilities/yonyou/yonyou-u8-crm-fileupload.yaml by @SleepingBag945,@pussycat0x
  • http/vulnerabilities/yonyou/yonyou-u8-crm-lfi.yaml by @SleepingBag945
  • http/default-logins/d-link/dlink-centralized-default-login.yaml by @SleepingBag945
  • http/default-logins/o2oa/o2oa-default-login.yaml by @SleepingBag945
  • http/default-logins/others/aruba-instant-default-login.yaml by @SleepingBag945
  • http/default-logins/others/ciphertrust-default-login.yaml by @SleepingBag945
  • http/default-logins/others/cnzxsoft-default-login.yaml by @SleepingBag945
  • http/default-logins/others/supershell-default-login.yaml by @SleepingBag945
  • http/default-logins/seeyon/seeyon-a8-default-login.yaml by @SleepingBag945
  • http/default-logins/seeyon/seeyon-monitor-default-login.yaml by @SleepingBag945
  • http/default-logins/smartbi/smartbi-default-login.yaml by @SleepingBag945
  • http/default-logins/wayos/ac-weak-login.yaml by @SleepingBag945
  • http/misconfiguration/gitlab/gitlab-public-registration.yaml by @axrk
  • http/exposed-panels/dbgate-panel.yaml by @h0j3n
  • http/exposed-panels/phpldapadmin-panel.yaml by @ritikchaddha,@DhiyaneshDk
  • http/exposed-panels/quilium-panel.yaml by @righettod
  • http/exposed-panels/satis-repository.yaml by @FlorianMaak
  • http/exposed-panels/symantec/symantec-phishing-panel.yaml by @andreluna
  • http/osint/hackenproof.yaml by @philippedelteil
  • http/osint/intigriti.yaml by @philippedelteil
  • http/osint/yeswehack.yaml by @philippedelteil

New Contributors

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.6.3...v9.6.4

v9.6.3

8 months ago

πŸ”₯ Highlight of this release:

:white_check_mark: [CVE-2023-39361] Cacti 1.2.24 - SQL Injection (@ritikchaddha) [critical] :fire: :white_check_mark: [CVE-2023-36844] Juniper Devices - Remote Code Execution (@princechaddha,@ritikchaddha) [medium] :fire: :white_check_mark: [CVE-2023-34124] SonicWall GMS and Analytics Web Services - Shell Injection (@iamnoooob,@rootxharsh,@pdresearch) [critical] :fire: :white_check_mark: [CVE-2023-32563] Ivanti Avalanche - Remote Code Execution (@princechaddha) [critical] :fire: :white_check_mark: [CVE-2023-26469] Jorani 1.0.0 - Remote Code Execution (@pussycat0x) [critical] :fire: :white_check_mark: [CVE-2023-20073] Cisco VPN Routers - Unauthenticated Arbitrary File Upload (@princechaddha,@ritikchaddha) [critical] :fire: :white_check_mark: [CVE-2023-4634] Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion (@pepitoh,@ritikchaddha) [critical] :fire:

What's Changed

New Templates Added: 54

New CVEs Added: 21

First-time contributions: 6

  • http/cves/2023/CVE-2023-39600.yaml by Imjust0
  • http/cves/2023/CVE-2023-39598.yaml by Imjust0
  • http/cves/2023/CVE-2023-39361.yaml by @ritikchaddha πŸ”₯
  • http/cves/2023/CVE-2023-38433.yaml by @AdnaneKhan
  • http/cves/2023/CVE-2023-36844.yaml by @princechaddha, @ritikchaddha πŸ”₯
  • http/cves/2023/CVE-2023-34192.yaml by @ritikchaddhaπŸ”₯
  • http/cves/2023/CVE-2023-34124.yaml by @iamnoooob, @rootxharsh, @pdresearch πŸ”₯
  • http/cves/2023/CVE-2023-32563.yaml by @princechaddha πŸ”₯
  • http/cves/2023/CVE-2023-30150.yaml by @mastercho
  • http/cves/2023/CVE-2023-27034.yaml by @MaStErChO
  • http/cves/2023/CVE-2023-2648.yaml by @ritikchaddha
  • http/cves/2023/CVE-2023-26469.yaml by @pussycat0x πŸ”₯
  • http/cves/2023/CVE-2023-20073.yaml by @princechaddha, @ritikchaddha πŸ”₯
  • http/cves/2023/CVE-2023-4634.yaml by @Pepitoh,@ritikchaddha πŸ”₯
  • http/cves/2022/CVE-2022-22897.yaml by @mastercho
  • http/cves/2021/CVE-2021-46107.yaml by @ritikchaddha
  • http/cves/2020/CVE-2020-11798.yaml by @ritikchaddha
  • http/cves/2020/CVE-2020-10220.yaml by @ritikchaddha
  • http/cves/2018/CVE-2018-17153.yaml by @DhiyaneshDk
  • http/cves/2018/CVE-2018-15917.yaml by @ritikchaddha
  • http/cves/2016/CVE-2016-10108.yaml by @DhiyaneshDk
  • http/cnvd/2021/CNVD-2021-32799.yaml by @SleepingBag945
  • http/vulnerabilities/hikvision/hikvision-fastjson-rce.yaml by @SleepingBag945
  • http/vulnerabilities/hikvision/hikvision-ivms-file-upload-bypass.yaml by @SleepingBag945
  • http/vulnerabilities/jorani/jorani-benjamin-xss.yaml by @ritikchaddha
  • http/vulnerabilities/other/huatian-oa8000-sqli.yaml by @SleepingBag945
  • http/vulnerabilities/other/kingdee-erp-rce.yaml by @SleepingBag945
  • http/vulnerabilities/other/landray-oa-datajson-rce.yaml by @SleepingBag945
  • http/vulnerabilities/prestashop/prestashop-apmarketplace-sqli.yaml by @mastercho
  • http/vulnerabilities/weaver/eoffice/weaver-eoffice-file-upload.yaml by @princechaddha
  • http/misconfiguration/ecology-info-leak.yaml by @qianbenhyu
  • http/misconfiguration/mingyu-xmlrpc-sock-adduser.yaml by @SleepingBag945
  • http/misconfiguration/missing-sri.yaml by @lucky0x0d,@PulseSecurity.co.nz
  • http/misconfiguration/nacos/nacos-create-user.yaml by @SleepingBag945
  • http/misconfiguration/php-debugbar-exposure.yaml by @ritikchaddha,@pdteam
  • http/exposures/apis/seafile-api.yaml by @righettod
  • http/exposures/files/bun-lock.yaml by noraj
  • http/takeovers/lemlist-takeover.yaml by kresec
  • ssl/c2/mythic-c2-ssl.yaml by @johnk3r
  • http/exposed-panels/aspcms-backend-panel.yaml by @SleepingBag945
  • http/exposed-panels/dxplanning-panel.yaml by @righettod
  • http/exposed-panels/greenbone-panel.yaml by @pbuff07
  • http/exposed-panels/jorani-panel.yaml by @DhiyaneshDK
  • http/exposed-panels/snapcomms-panel.yaml by @righettod
  • http/miscellaneous/external-service-interaction.yaml by @andreluna
  • http/miscellaneous/rdap-whois.yaml by @ricardomaia
  • http/osint/gist.yaml by @philippedelteil
  • http/technologies/burp-collaborator-detect.yaml by @lum8rjack
  • http/technologies/honeypot-detect.yaml by @j4vaovo
  • http/technologies/wordpress/plugins/pinterest-for-woocommerce.yaml by @ricardomaia
  • http/technologies/wordpress/plugins/wp-reviews-plugin-for-google.yaml by @ricardomaia
  • http/technologies/wordpress/plugins/wp-seopress.yaml by @ricardomaia
  • http/token-spray/api-notolytix.yaml by @0xPugazh
  • workflows/kev-workflow.yaml by @king-alexander

New Contributors

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.6.2...v9.6.3