Community curated list of templates for the nuclei engine to find security vulnerabilities.
π₯ Highlight of this release:
[CVE-2023-38035] Ivanti Sentry - Authentication Bypass (@dhiyaneshdk,@iamnoooob,@rootxharsh) [critical] π₯ [CVE-2022-47615] LearnPress Plugin < 4.2.0 - Local File Inclusion (@dhiyaneshdk) [critical] π₯ [CVE-2022-46463] Harbor <=2.5.3 - Unauthorized Access (@arm!tage) [high] π₯ [CVE-2022-39986] RaspAP 2.8.7 - Unauthenticated Command Injection (@dhiyaneshdk) [critical] π₯ [CVE-2019-17662] ThinVNC 1.0b1 - Authentication Bypass (@dhiyaneshdk) [critical] π₯
60
15
7
Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.6.1...v9.6.2
This release introduces an extensive set of malware detection templates. These templates have been curated to facilitate the automated identification and categorization of various malware strains using file protocol.
198
25
6
Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.6.0...v9.6.1
Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.5.8...v9.5.9
π₯ Highlight of this release:
This release adds a collection of C2 server detection templates. These templates can be used for automating the identification and classification of various C2 servers based on their JARM fingerprints.
113
9
Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.5.7...v9.5.8
Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.5.6...v9.5.7
Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.5.5...v9.5.6
π₯ Highlights of this release:
[CVE-2023-30777] Advanced Custom Fields < 6.1.6 - Cross-Site Scripting (@r3y3r53) [medium] π₯ [CVE-2023-28121] WooCommerce Payments - Unauthorized Admin Access (@dhiyaneshdk) [critical] π₯ [CVE-2023-2822] Ellucian Ethos Identity CAS - Cross-Site Scripting (@guax1) [medium] π₯ [CVE-2023-0297] PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE) (@mrharshvardhan,@dhiyaneshdk) [critical] π₯ [CVE-2022-4295] Show all comments < 7.0.1 - Cross-Site Scripting (@r3y3r53) [medium] π₯
90
41
Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.5.4...v9.5.5
51
26
Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.5.3...v9.5.4
π₯ Highlights of this release:
β [CVE-2023-34362] MOVEit Transfer - Remote Code Execution (@princechaddha,@rootxharsh,@ritikchaddha,@pdresearch) [critical] β [CVE-2023-34960] Chamilo Command Injection (@dhiyaneshdk) [high] β [CVE-2023-33246] RocketMQ <= 5.1.0 - Remote Code Execution (@iamnoooob,@rootxharsh,@pdresearch) [critical] β [CVE-2023-25157] GeoServer OGC Filter - SQL Injection (@ritikchaddha,@dhiyaneshdk,@iamnoooob,@rootxharsh) [critical] β [CVE-2023-23333] SolarView Compact 6.00 - OS Command Injection (@mr-xn) [critical] β [CVE-2023-20887] VMware VRealize Network Insight - Remote Code Execution (@sinsinology) [critical] β [CVE-2022-23544] MeterSphere < 2.5.0 SSRF (@j4vaovo) [medium] β [CVE-2022-24706] CouchDB Erlang Distribution - Remote Command Execution (@mzack9999,@pussycat0x) [critical] β [CVE-2017-12617] Apache Tomcat - Remote Code Execution (@pussycat0x) [high] β [CVE-2016-6195] vBulletin <= 4.2.3 - SQL Injection (@mastercho) [high]
Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.5.2...v9.5.3
This release adds a collection of credential-stuffing templates for both cloud and self-hosted services. These templates can be used for automating the identification and prevention of credential stuffing attempts across your organization's websites and applications.
44
29
Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.5.1...v9.5.2