Nuclei Templates Versions Save

Community curated list of templates for the nuclei engine to find security vulnerabilities.

v9.6.2

9 months ago

πŸ”₯ Highlight of this release:

[CVE-2023-38035] Ivanti Sentry - Authentication Bypass (@dhiyaneshdk,@iamnoooob,@rootxharsh) [critical] πŸ”₯ [CVE-2022-47615] LearnPress Plugin < 4.2.0 - Local File Inclusion (@dhiyaneshdk) [critical] πŸ”₯ [CVE-2022-46463] Harbor <=2.5.3 - Unauthorized Access (@arm!tage) [high] πŸ”₯ [CVE-2022-39986] RaspAP 2.8.7 - Unauthenticated Command Injection (@dhiyaneshdk) [critical] πŸ”₯ [CVE-2019-17662] ThinVNC 1.0b1 - Authentication Bypass (@dhiyaneshdk) [critical] πŸ”₯

What's Changed

New Templates Added : 60

New CVEs Added: 15

First-time contributions: 7

  • http/cves/2023/CVE-2023-39141.yaml by @DhiyaneshDk
  • http/cves/2023/CVE-2023-38035.yaml by @DhiyaneshDk,@iamnoooob,@rootxharsh πŸ”₯
  • http/cves/2023/CVE-2023-4173.yaml by @momika233
  • http/cves/2023/CVE-2023-3936.yaml by @luisfelipe146
  • http/cves/2022/CVE-2022-47615.yaml by @DhiyaneshDK πŸ”₯
  • http/cves/2022/CVE-2022-46463.yaml by @Arm!tage πŸ”₯
  • http/cves/2022/CVE-2022-39986.yaml by @DhiyaneshDK πŸ”₯
  • http/cves/2022/CVE-2022-1756.yaml by harsh
  • http/cves/2021/CVE-2021-41460.yaml by @SleepingBag945
  • http/cves/2021/CVE-2021-25065.yaml by harsh
  • http/cves/2021/CVE-2021-24956.yaml by @ritikchaddha
  • http/cves/2021/CVE-2021-24409.yaml by harsh
  • http/cves/2019/CVE-2019-17662.yaml by @DhiyaneshDK πŸ”₯
  • http/cves/2019/CVE-2019-1898.yaml by @SleepingBag945
  • http/cves/2015/CVE-2015-9323.yaml by Harsh
  • http/cnvd/2023/CNVD-2023-08743.yaml by @SleepingBag945
  • http/vulnerabilities/74cms/74cms-weixin-sqli.yaml by @SleepingBag945
  • http/vulnerabilities/finereport/fine-report-v9-file-upload.yaml by @SleepingBag945
  • http/vulnerabilities/jinhe/jinhe-oa-c6-lfi.yaml by @SleepingBag945
  • http/vulnerabilities/other/apache-druid-log4j.yaml by @SleepingBag945
  • http/vulnerabilities/other/aspcms-commentlist-sqli.yaml by @SleepingBag945
  • http/vulnerabilities/other/caimore-gateway-rce.yaml by @momika233
  • http/vulnerabilities/other/flir-ax8-rce.yaml by @momika233
  • http/vulnerabilities/other/h3c-cvm-arbitrary-file-upload.yaml by @SleepingBag945
  • http/vulnerabilities/other/hanta-rce.yaml by @momika233
  • http/vulnerabilities/other/hikvision-isecure-center-rce.yaml by @SleepingBag945
  • http/vulnerabilities/other/hongfan-ioffice-lfi.yaml by @SleepingBag945
  • http/vulnerabilities/other/hongfan-ioffice-rce.yaml by @SleepingBag945
  • http/vulnerabilities/other/hongfan-ioffice-sqli.yaml by @SleepingBag945
  • http/vulnerabilities/other/landray-oa-erp-data-rce.yaml by @SleepingBag945
  • http/vulnerabilities/other/maltrail-rce.yaml by @pussycat0x
  • http/vulnerabilities/other/nacos-auth-bypass.yaml by @taielab,@pikpikcu,@SleepingBag945
  • http/vulnerabilities/ruijie/ruijie-excu-shell.yaml by @momika233
  • http/vulnerabilities/wordpress/wp-real-estate-xss.yaml by harsh
  • http/misconfiguration/apache/apache-couchdb-unauth.yaml by @SleepingBag945
  • http/misconfiguration/chatgpt-web-unauth.yaml by @SleepingBag945
  • http/misconfiguration/feiyuxing-info-leak.yaml by @SleepingBag945
  • http/misconfiguration/hikivision-env.yaml by @SleepingBag945
  • http/misconfiguration/request-baskets-exposure.yaml by @DhiyaneshDk
  • http/misconfiguration/unauth-redis-insight.yaml by @ggranjus
  • http/default-logins/apache/kylin-default-login.yaml by @SleepingBag945
  • http/default-logins/caimore/caimore-default-login.yaml by @pussycat0x
  • http/default-logins/easyreport/easyreport-default-login.yaml by @SleepingBag945
  • http/default-logins/feiyuxing/feiyuxing-default-login.yaml by @SleepingBag945
  • http/default-logins/nacos/nacos-default-login.yaml by @SleepingBag945
  • http/exposures/files/core-dump.yaml by @kazet
  • http/exposed-panels/dell-bmc-panel-detect.yaml by @megamansec
  • http/exposed-panels/ibm-openadmin-panel.yaml by @DhiyaneshDK
  • http/exposed-panels/kasm-login-panel.yaml by @lum8rjack
  • http/exposed-panels/maltrail-panel.yaml by @ritikchaddha
  • http/exposed-panels/metasploit-panel.yaml by @lu4nx
  • http/exposed-panels/navicat-server-panel.yaml by @ritikchaddha
  • http/miscellaneous/defaced-website-detect.yaml by @ggranjus
  • http/technologies/besu-server-detect.yaml by @Nullfuzz
  • http/technologies/erigon-server-detect.yaml by @Nullfuzz
  • http/technologies/geth-server-detect.yaml by @Nullfuzz
  • http/technologies/nethermind-server-detect.yaml by @Nullfuzz
  • network/jarm/c2/havoc-c2-jarm.yaml by @pussycat0x
  • ssl/c2/havoc-c2.yaml by @pussycat0x
  • http/osint/vampr.yaml by @millermedia

New Contributors

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.6.1...v9.6.2

v9.6.1

9 months ago

What's Changed

This release introduces an extensive set of malware detection templates. These templates have been curated to facilitate the automated identification and categorization of various malware strains using file protocol.

New Templates Added: 198

New CVEs Added: 25

First-time contributions: 6

  • http/cves/2023/CVE-2023-39143.yaml by @pdteam πŸ”₯
  • http/cves/2023/CVE-2023-39120.yaml by Numan TΓΌrle
  • http/cves/2023/CVE-2023-37580.yaml by @ritikchaddha
  • http/cves/2023/CVE-2023-35082.yaml by @DhiyaneshDk πŸ”₯
  • http/cves/2023/CVE-2023-32117.yaml by @DhiyaneshDK πŸ”₯
  • http/cves/2023/CVE-2023-26067.yaml by @DhiyaneshDK πŸ”₯
  • http/cves/2023/CVE-2023-22480.yaml by @DhiyaneshDk
  • http/cves/2023/CVE-2023-22478.yaml by @DhiyaneshDk
  • http/cves/2023/CVE-2023-4174.yaml by @momika233
  • http/cves/2023/CVE-2023-1698.yaml by xianke
  • http/cves/2022/CVE-2022-46443.yaml by Harsh
  • http/cves/2022/CVE-2022-40843.yaml by @gy741
  • http/cves/2022/CVE-2022-24384.yaml by E1A
  • http/cves/2022/CVE-2022-2414.yaml by @DhiyaneshDk πŸ”₯
  • http/cves/2022/CVE-2022-0169.yaml by @ritikchaddha,@princechaddha
  • http/cves/2021/CVE-2021-22707.yaml by @ritikchaddha,@dorkerdevil
  • http/cves/2020/CVE-2020-28185.yaml by @pussycat0x
  • http/cves/2019/CVE-2019-7192.yaml by @DhiyaneshDK πŸ”₯
  • http/cves/2019/CVE-2019-16057.yaml by @DhiyaneshDk
  • http/cves/2019/CVE-2019-15642.yaml by @pussycat0x πŸ”₯
  • http/cves/2019/CVE-2019-14750.yaml by TenBird
  • http/cves/2018/CVE-2018-7653.yaml by @ritikchaddha
  • http/cves/2018/CVE-2018-18809.yaml by @DhiyaneshDK πŸ”₯
  • http/cves/2018/CVE-2018-12909.yaml by @DhiyaneshDk
  • http/cves/2017/CVE-2017-8229.yaml by @pussycat0x
  • http/cnvd/2021/CNVD-2021-43984.yaml by @DhiyaneshDk
  • http/cnvd/2021/CNVD-2021-41972.yaml by @DhiyaneshDk
  • http/vulnerabilities/bsphp-info.yaml by @ritikchaddha
  • http/vulnerabilities/discuz/discuz-api-pathinfo.yaml by @ritikchaddha
  • http/vulnerabilities/joomla/joomla-department-sqli.yaml by @ritikchaddha
  • http/vulnerabilities/netmizer/netmizer-cmd-rce.yaml by @DhiyaneshDk
  • http/vulnerabilities/netmizer/netmizer-data-listing.yaml by @DhiyaneshDk
  • http/vulnerabilities/other/acti-video-lfi.yaml by @DhiyaneshDk
  • http/vulnerabilities/other/avcon6-execl-lfi.yaml by @DhiyaneshDk
  • http/vulnerabilities/other/avcon6-lfi.yaml by @DhiyaneshDk
  • http/vulnerabilities/other/clodop-printer-lfi.yaml by @DhiyaneshDk
  • http/vulnerabilities/other/crawlab-lfi.yaml by @pussycat0x
  • http/vulnerabilities/other/eaa-app-lfi.yaml by @momika233
  • http/vulnerabilities/other/easyimage-downphp-lfi.yaml by @DhiyaneshDk
  • http/vulnerabilities/other/ecology-oa-file-sqli.yaml by @momika233
  • http/vulnerabilities/other/kodak-network-lfi.yaml by @DhiyaneshDk
  • http/vulnerabilities/other/lean-value-listing.yaml by @pussycat0x
  • http/vulnerabilities/other/panabit-ixcache-rce.yaml by @momika233
  • http/vulnerabilities/other/sangfor-cphp-rce.yaml by @DhiyaneshDk
  • http/vulnerabilities/other/sangfor-download-lfi.yaml by @DhiyaneshDk
  • http/vulnerabilities/other/sangfor-sysuser-conf.yaml by @DhiyaneshDk
  • http/vulnerabilities/other/tamronos-user-creation.yaml by @pussycat0x
  • http/vulnerabilities/other/wisegiga-nas-lfi.yaml by @pussycat0x
  • http/vulnerabilities/wordpress/photo-gallery-xss.yaml by @ritikchaddha
  • http/vulnerabilities/zzzcms/zzzcms-info-disclosure.yaml by @ritikchaddha
  • http/vulnerabilities/zzzcms/zzzcms-ssrf.yaml by @ritikchaddha
  • http/vulnerabilities/zzzcms/zzzcms-xss.yaml by @ritikchaddha
  • http/vulnerabilities/apache/apache-solr-rce.yaml by @j4vaovo
  • http/default-logins/bloofoxcms-default-login.yaml by @theamanrawat
  • http/default-logins/openmediavault/openmediavault-default-login.yaml by @DhiyaneshDK
  • http/default-logins/webmin-default-login.yaml by @pussycat0x
  • http/exposures/files/socks5-vpn-config.yaml by @DhiyaneshDk
  • http/misconfiguration/bitbucket-auth-bypass.yaml by @DhiyaneshDk
  • http/misconfiguration/casdoor-users-password.yaml by @DhiyaneshDk
  • http/misconfiguration/clickhouse-unauth-api.yaml by @DhiyaneshDk
  • http/misconfiguration/installer/combodo-itop-installer.yaml by @DhiyaneshDK
  • http/misconfiguration/installer/yzmcms-installer.yaml by @ritikchaddha
  • http/misconfiguration/mobsf-framework-exposure.yaml by Shine
  • http/misconfiguration/openstack-config.yaml by @MayankPandey01
  • http/misconfiguration/oracle-reports-services.yaml by @dogasantos
  • http/misconfiguration/sonarqube-projects-disclosure.yaml by @DhiyaneshDk
  • http/exposed-panels/acenet-panel.yaml by @DhiyaneshDk
  • http/exposed-panels/acti-panel.yaml by @DhiyaneshDk
  • http/exposed-panels/bloofoxcms-login-panel.yaml by @theamanrawat
  • http/exposed-panels/discuz-panel.yaml by @ritikchaddha
  • http/exposed-panels/evlink/evlink-panel.yaml by @ritikchaddha
  • http/exposed-panels/evlink/evse-web-panel.yaml by @ritikchaddha
  • http/exposed-panels/kodak-network-panel.yaml by @DhiyaneshDk
  • http/exposed-panels/mpsec-isg1000-panel.yaml by @DhiyaneshDk
  • file/malware/aar-malware.yaml by @daffainfo
  • file/malware/adzok-malware.yaml by @daffainfo
  • file/malware/alfa-malware.yaml by @daffainfo
  • file/malware/alienspy-malware.yaml by @daffainfo
  • file/malware/alina-malware.yaml by @daffainfo
  • file/malware/alpha-malware.yaml by @daffainfo
  • file/malware/andromeda-malware.yaml by @daffainfo
  • file/malware/ap0calypse-malware.yaml by @daffainfo
  • file/malware/arcom-malware.yaml by @daffainfo
  • file/malware/arkei-malware.yaml by @daffainfo
  • file/malware/backoff-malware.yaml by @daffainfo
  • file/malware/bandook-malware.yaml by @daffainfo
  • file/malware/basicrat-malware.yaml by @daffainfo
  • file/malware/blacknix-malware.yaml by @daffainfo
  • file/malware/blackworm-malware.yaml by @daffainfo
  • file/malware/bluebanana-malware.yaml by @daffainfo
  • file/malware/bozok-malware.yaml by @daffainfo
  • file/malware/bublik-malware.yaml by @daffainfo
  • file/malware/cap-hookexkeylogger-malware.yaml by @daffainfo
  • file/malware/cerber-malware.yaml by @daffainfo
  • file/malware/cerberus-malware.yaml by @daffainfo
  • file/malware/clientmesh-malware.yaml by @daffainfo
  • file/malware/crimson-malware.yaml by @daffainfo
  • file/malware/crunchrat-malware.yaml by @daffainfo
  • file/malware/cryptxxx-dropper-malware.yaml by @daffainfo
  • file/malware/cryptxxx-malware.yaml by @daffainfo
  • file/malware/cxpid-malware.yaml by @daffainfo
  • file/malware/cythosia-malware.yaml by @daffainfo
  • file/malware/darkrat-malware.yaml by @daffainfo
  • file/malware/ddostf-malware.yaml by @daffainfo
  • file/malware/derkziel-malware.yaml by @daffainfo
  • file/malware/dexter-malware.yaml by @daffainfo
  • file/malware/diamondfox-malware.yaml by @daffainfo
  • file/malware/dmalocker-malware.yaml by @daffainfo
  • file/malware/doublepulsar-malware.yaml by @daffainfo
  • file/malware/eicar-malware.yaml by @daffainfo
  • file/malware/erebus-malware.yaml by @daffainfo
  • file/malware/ezcob-malware.yaml by @daffainfo
  • file/malware/fudcrypt-malware.yaml by @daffainfo
  • file/malware/gafgyt-bash-malware.yaml by @daffainfo
  • file/malware/gafgyt-generic-malware.yaml by @daffainfo
  • file/malware/gafgyt-hihi-malware.yaml by @daffainfo
  • file/malware/gafgyt-hoho-malware.yaml by @daffainfo
  • file/malware/gafgyt-jackmy-malware.yaml by @daffainfo
  • file/malware/gafgyt-oh-malware.yaml by @daffainfo
  • file/malware/genome-malware.yaml by @daffainfo
  • file/malware/glass-malware.yaml by @daffainfo
  • file/malware/glasses-malware.yaml by @daffainfo
  • file/malware/gozi-malware.yaml by @daffainfo
  • file/malware/gpgqwerty-malware.yaml by @daffainfo
  • file/malware/greame-malware.yaml by @daffainfo
  • file/malware/grozlex-malware.yaml by @daffainfo
  • file/malware/hawkeye-malware.yaml by @daffainfo
  • file/malware/hydracrypt-malware.yaml by @daffainfo
  • file/malware/imminent-malware.yaml by @daffainfo
  • file/malware/infinity-malware.yaml by @daffainfo
  • file/malware/insta11-malware.yaml by @daffainfo
  • file/malware/intel-virtualization-malware.yaml by @daffainfo
  • file/malware/iotreaper-malware.yaml by @daffainfo
  • file/malware/linux-aesddos-malware.yaml by @daffainfo
  • file/malware/linux-billgates-malware.yaml by @daffainfo
  • file/malware/linux-elknot-malware.yaml by @daffainfo
  • file/malware/linux-mrblack-malware.yaml by @daffainfo
  • file/malware/linux-tsunami-malware.yaml by @daffainfo
  • file/malware/locky-malware.yaml by @daffainfo
  • file/malware/lostdoor-malware.yaml by @daffainfo
  • file/malware/luminositylink-malware.yaml by @daffainfo
  • file/malware/luxnet-malware.yaml by @daffainfo
  • file/malware/macgyver-installer-malware.yaml by @daffainfo
  • file/malware/macgyver-malware.yaml by @daffainfo
  • file/malware/macos-bella-malware.yaml by @daffainfo
  • file/malware/madness-malware.yaml by @daffainfo
  • file/malware/miner--malware.yaml by @daffainfo
  • file/malware/miniasp3-malware.yaml by @daffainfo
  • file/malware/naikon-malware.yaml by @daffainfo
  • file/malware/naspyupdate-malware.yaml by @daffainfo
  • file/malware/notepad-malware.yaml by @daffainfo
  • file/malware/olyx-malware.yaml by @daffainfo
  • file/malware/osx-leverage-malware.yaml by @daffainfo
  • file/malware/paradox-malware.yaml by @daffainfo
  • file/malware/petya-malware-variant-1.yaml by @daffainfo
  • file/malware/petya-malware-variant-3.yaml by @daffainfo
  • file/malware/petya-malware-variant-bitcoin.yaml by @daffainfo
  • file/malware/plasma-malware.yaml by @daffainfo
  • file/malware/poetrat-malware.yaml by @daffainfo
  • file/malware/pony-malware.yaml by @daffainfo
  • file/malware/pony-stealer-malware.yaml by @daffainfo
  • file/malware/powerware-malware.yaml by @daffainfo
  • file/malware/pubsab-malware.yaml by @daffainfo
  • file/malware/punisher-malware.yaml by @daffainfo
  • file/malware/pypi-malware.yaml by @daffainfo
  • file/malware/pythorat-malware.yaml by @daffainfo
  • file/malware/qrat-malware.yaml by @daffainfo
  • file/malware/satana-dropper-malware.yaml by @daffainfo
  • file/malware/satana-malware.yaml by @daffainfo
  • file/malware/shimrat-malware.yaml by @daffainfo
  • file/malware/shimratreporter-malware.yaml by @daffainfo
  • file/malware/sigma-malware.yaml by @daffainfo
  • file/malware/smallnet-malware.yaml by @daffainfo
  • file/malware/snake-malware.yaml by @daffainfo
  • file/malware/sub7nation-malware.yaml by @daffainfo
  • file/malware/t5000-malware.yaml by @daffainfo
  • file/malware/tedroo-malware.yaml by @daffainfo
  • file/malware/terminator-malware.yaml by @daffainfo
  • file/malware/teslacrypt-malware.yaml by @daffainfo
  • file/malware/tox-malware.yaml by @daffainfo
  • file/malware/treasurehunt-malware.yaml by @daffainfo
  • file/malware/trickbot-malware.yaml by @daffainfo
  • file/malware/trumpbot-malware.yaml by @daffainfo
  • file/malware/universal-1337-malware.yaml by @daffainfo
  • file/malware/unrecom-malware.yaml by @daffainfo
  • file/malware/urausy-malware.yaml by @daffainfo
  • file/malware/vertex-malware.yaml by @daffainfo
  • file/malware/virusrat-malware.yaml by @daffainfo
  • file/malware/wabot-malware.yaml by @daffainfo
  • file/malware/wannacry-malware.yaml by @daffainfo
  • file/malware/warp-malware.yaml by @daffainfo
  • file/malware/xhide-malware.yaml by @daffainfo
  • file/malware/xor-ddos-malware.yaml by @daffainfo
  • file/malware/yayih-malware.yaml by @daffainfo
  • file/malware/zeghost-malware.yaml by @daffainfo
  • file/malware/zoxpng-malware.yaml by @daffainfo
  • file/malware/zrypt-malware.yaml by @daffainfo
  • file/url-analyse/url-extension-inspector.yaml by @ayadim

New Contributors

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.6.0...v9.6.1

v9.6.0

10 months ago

What's Changed

New Contributors

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.5.8...v9.5.9

v9.5.8

10 months ago

πŸ”₯ Highlight of this release:

This release adds a collection of C2 server detection templates. These templates can be used for automating the identification and classification of various C2 servers based on their JARM fingerprints.

  • network/jarm/c2/cobalt-strike-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/covenant-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/deimos-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/evilginx2-jarm.yaml by @pussycat0x
  • network/jarm/c2/grat2-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/mac-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/macshell-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/merlin-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/metasploit-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/mythic-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/posh-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/shad0w-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/silenttrinity-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/sliver-c2-jarm.yaml by @pussycat0x

What's Changed

New Templates Added : 113

New CVEs Added: 9

  • http/cves/2023/CVE-2023-37270.yaml by @ritikchaddha
  • http/cves/2023/CVE-2023-28665.yaml by Aaban SOlutions,@harsh
  • http/cves/2023/CVE-2023-23491.yaml by @ritikchaddha
  • http/cves/2023/CVE-2023-3460.yaml by @DhiyaneshDk πŸ”₯
  • http/cves/2023/CVE-2023-3345.yaml by @DhiyaneshDK
  • http/cves/2023/CVE-2023-1546.yaml by Harsh
  • http/cves/2023/CVE-2023-0448.yaml by @ritikchaddha
  • http/cves/2020/CVE-2020-17463.yaml by @Thirukrishnan
  • http/cves/2017/CVE-2017-7925.yaml by @E1A,none
  • http/default-logins/yealink/yealink-default-login.yaml by parzival
  • http/exposed-panels/anaqua-login-panel.yaml by @Ep1cSage
  • http/exposures/tokens/beamer/beamer-token.yaml by @DhiyaneshDK
  • http/exposures/tokens/bitbucket/bitbucket-clientid.yaml by @DhiyaneshDK
  • http/exposures/tokens/bitbucket/bitbucket-clientsecret.yaml by @DhiyaneshDK
  • http/exposures/tokens/bittrex/bittrex-accesskey.yaml by @DhiyaneshDK
  • http/exposures/tokens/bittrex/bittrex-secretkey.yaml by @DhiyaneshDK
  • http/exposures/tokens/clojars/clojars-token.yaml by @DhiyaneshDK
  • http/exposures/tokens/codecov/codecov-accesstoken.yaml by @DhiyaneshDK
  • http/exposures/tokens/coinbase/coinbase-accesstoken.yaml by @DhiyaneshDK
  • http/exposures/tokens/confluent/confluent-accesstoken.yaml by @DhiyaneshDK
  • http/exposures/tokens/confluent/confluent-secretkey.yaml by @DhiyaneshDK
  • http/exposures/tokens/contentful/contentful-token.yaml by @DhiyaneshDK
  • http/exposures/tokens/databricks/databricks-token.yaml by @DhiyaneshDK
  • http/exposures/tokens/datadog/datadog-accesstoken.yaml by @DhiyaneshDK
  • http/exposures/tokens/discord/discord-clientid.yaml by @DhiyaneshDK
  • http/exposures/tokens/discord/discord-clientsecret.yaml by @DhiyaneshDK
  • http/exposures/tokens/discord/discord-token.yaml by @DhiyaneshDK
  • http/exposures/tokens/doppler/doppler-token.yaml by @DhiyaneshDK
  • http/exposures/tokens/droneci/droneci-accesstoken.yaml by @DhiyaneshDK
  • http/exposures/tokens/dropbox/dropbox-long-token.yaml by @DhiyaneshDK
  • http/exposures/tokens/dropbox/dropbox-short-token.yaml by @DhiyaneshDK
  • http/exposures/tokens/dropbox/dropbox-token.yaml by @DhiyaneshDK
  • http/exposures/tokens/duffel/duffel-token.yaml by @DhiyaneshDK
  • http/exposures/tokens/easypost/easypost-testtoken.yaml by @DhiyaneshDK
  • http/exposures/tokens/easypost/easypost-token.yaml by @DhiyaneshDK
  • http/exposures/tokens/etsy/etsy-accesstoken.yaml by @DhiyaneshDK
  • http/exposures/tokens/facebook/facebook-token.yaml by @DhiyaneshDK
  • http/exposures/tokens/fastly/fastly-token.yaml by @DhiyaneshDK
  • http/exposures/tokens/finicity/finicity-clientsecret.yaml by @DhiyaneshDK
  • http/exposures/tokens/finicity/finicity-token.yaml by @DhiyaneshDK
  • http/exposures/tokens/finnhub/finnhub-accesstoken.yaml by @DhiyaneshDK
  • http/exposures/tokens/flickr/flickr-accesstoken.yaml by @DhiyaneshDK
  • http/exposures/tokens/flutter/flutterwave-encryptionkey.yaml by @DhiyaneshDK
  • http/exposures/tokens/flutter/flutterwave-publickey.yaml by @DhiyaneshDK
  • http/exposures/tokens/flutter/flutterwave-secretkey.yaml by @DhiyaneshDK
  • http/exposures/tokens/frameio/frameio-token.yaml by @DhiyaneshDK
  • http/exposures/tokens/freshbooks/freshbooks-accesstoken.yaml by @DhiyaneshDK
  • http/exposures/tokens/gitter/gitter-token.yaml by @DhiyaneshDK
  • http/exposures/tokens/gocardless/gocardless-token.yaml by @DhiyaneshDK
  • http/exposures/tokens/grafana/grafana-cloud-token.yaml by @DhiyaneshDK
  • http/exposures/tokens/grafana/grafana-key.yaml by @DhiyaneshDK
  • http/exposures/tokens/grafana/grafana-serviceaccount-token.yaml by @DhiyaneshDK
  • http/exposures/tokens/hashicorp/hashicorp-token.yaml by @DhiyaneshDK
  • http/exposures/tokens/zendesk/zendesk-key.yaml by @DhiyaneshDK
  • network/jarm/c2/cobalt-strike-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/covenant-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/deimos-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/evilginx2-jarm.yaml by @pussycat0x
  • network/jarm/c2/grat2-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/mac-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/macshell-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/merlin-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/metasploit-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/mythic-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/posh-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/shad0w-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/silenttrinity-c2-jarm.yaml by @pussycat0x
  • network/jarm/c2/sliver-c2-jarm.yaml by @pussycat0x
  • http/miscellaneous/spnego-detect.yaml by @lady_bug,ruppde
  • http/technologies/graylog/graylog-api-exposure.yaml by Arqsz
  • file/keys/beamer-api-token.yaml by @DhiyaneshDK
  • file/keys/bitbucket/bitbucket-client-id.yaml by @DhiyaneshDK
  • file/keys/bitbucket/bitbucket-client-secret.yaml by @DhiyaneshDK
  • file/keys/bittrex/bittrex-access-key.yaml by @DhiyaneshDK
  • file/keys/bittrex/bittrex-secret-key.yaml by @DhiyaneshDK
  • file/keys/clojars-api-token.yaml by @DhiyaneshDK
  • file/keys/codecov-access-token.yaml by @DhiyaneshDK
  • file/keys/coinbase-access-token.yaml by @DhiyaneshDK
  • file/keys/confluent/confluent-access-token.yaml by @DhiyaneshDK
  • file/keys/confluent/confluent-secret-token.yaml by @DhiyaneshDK
  • file/keys/contentful-api-token.yaml by @DhiyaneshDK
  • file/keys/databricks-api-token.yaml by @DhiyaneshDK
  • file/keys/datadog-access-token.yaml by @DhiyaneshDK
  • file/keys/discord/discord-api-token.yaml by @DhiyaneshDK
  • file/keys/discord/discord-cilent-secret.yaml by @DhiyaneshDK
  • file/keys/discord/discord-client-id.yaml by @DhiyaneshDK
  • file/keys/doppler-api-token.yaml by @DhiyaneshDK
  • file/keys/droneci-access-token.yaml by @DhiyaneshDK
  • file/keys/dropbox/dropbox-api-token.yaml by @DhiyaneshDK
  • file/keys/dropbox/dropbox-longlived-token.yaml by @DhiyaneshDK
  • file/keys/dropbox/dropbox-shortlived-token.yaml by @DhiyaneshDK
  • file/keys/duffel-api-token.yaml by @DhiyaneshDK
  • file/keys/easypost/easypost-api-token.yaml by @DhiyaneshDK
  • file/keys/easypost/easypost-test-token.yaml by @DhiyaneshDK
  • file/keys/etsy-access-token.yaml by @DhiyaneshDK
  • file/keys/facebook/facebook-api-token.yaml by @DhiyaneshDK
  • file/keys/fastly-api-token.yaml by @DhiyaneshDK
  • file/keys/finicity/finicity-api-token.yaml by @DhiyaneshDK
  • file/keys/finicity/finicity-client-secret.yaml by @DhiyaneshDK
  • file/keys/finnhub-access-token.yaml by @DhiyaneshDK
  • file/keys/flickr-access-token.yaml by @DhiyaneshDK
  • file/keys/flutter/flutterwave-encryption-key.yaml by @DhiyaneshDK
  • file/keys/flutter/flutterwave-public-key.yaml by @DhiyaneshDK
  • file/keys/flutter/flutterwave-secret-key.yaml by @DhiyaneshDK
  • file/keys/frameio-api-token.yaml by @DhiyaneshDK
  • file/keys/freshbooks-access-token.yaml by @DhiyaneshDK
  • file/keys/gitter-access-token.yaml by @DhiyaneshDK
  • file/keys/gocardless-api-token.yaml by @DhiyaneshDK
  • file/keys/grafana/grafana-api-key.yaml by @DhiyaneshDK
  • file/keys/grafana/grafana-cloud-api-token.yaml by @DhiyaneshDK
  • file/keys/grafana/grafana-service-account-token.yaml by @DhiyaneshDK
  • file/keys/hashicorp-api-token.yaml by @DhiyaneshDK
  • file/keys/zendesk-secret-key.yaml by @DhiyaneshDK

New Contributors

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.5.7...v9.5.8

v9.5.7

10 months ago

What's Changed

New Contributors

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.5.6...v9.5.7

v9.5.6

10 months ago

What's Changed

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.5.5...v9.5.6

v9.5.5

10 months ago

What's Changed

πŸ”₯ Highlights of this release:

[CVE-2023-30777] Advanced Custom Fields < 6.1.6 - Cross-Site Scripting (@r3y3r53) [medium] πŸ”₯ [CVE-2023-28121] WooCommerce Payments - Unauthorized Admin Access (@dhiyaneshdk) [critical] πŸ”₯ [CVE-2023-2822] Ellucian Ethos Identity CAS - Cross-Site Scripting (@guax1) [medium] πŸ”₯ [CVE-2023-0297] PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE) (@mrharshvardhan,@dhiyaneshdk) [critical] πŸ”₯ [CVE-2022-4295] Show all comments < 7.0.1 - Cross-Site Scripting (@r3y3r53) [medium] πŸ”₯

New Templates Added: 90

New CVEs Added: 41

  • http/cves/2023/CVE-2023-36346.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-36289.yaml by @theamanrawat
  • http/cves/2023/CVE-2023-36287.yaml by @theamanrawat
  • http/cves/2023/CVE-2023-33439.yaml by @Harsh
  • http/cves/2023/CVE-2023-30777.yaml by @r3Y3r53 πŸ”₯
  • http/cves/2023/CVE-2023-30256.yaml by @theamanrawat
  • http/cves/2023/CVE-2023-2822.yaml by @Guax1 πŸ”₯
  • http/cves/2023/CVE-2023-28121.yaml by @DhiyaneshDK πŸ”₯
  • http/cves/2023/CVE-2023-2272.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-2252.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-2023.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-1890.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-1835.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-1730.yaml by @theamanrawat
  • http/cves/2023/CVE-2023-0514.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-0297.yaml by @MrHarshvardhan, @DhiyaneshDk πŸ”₯
  • http/cves/2022/CVE-2022-44952.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-44951.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-44950.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-44949.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-44948.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-44947.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-44946.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-44944.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-43185.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-43170.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-43169.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-43167.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-43166.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-43165.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-43164.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-4295.yaml by @r3Y3r53 πŸ”₯
  • http/cves/2020/CVE-2020-35987.yaml by @r3Y3r53
  • http/cves/2020/CVE-2020-35986.yaml by @r3Y3r53
  • http/cves/2020/CVE-2020-35985.yaml by @r3Y3r53
  • http/cves/2020/CVE-2020-35984.yaml by @r3Y3r53
  • http/cves/2020/CVE-2020-19515.yaml by @theamanrawat
  • http/cves/2019/CVE-2019-8390.yaml by @theamanrawat
  • http/cves/2019/CVE-2019-14789.yaml by @r3Y3r53
  • http/cves/2018/CVE-2018-6530.yaml by @gy741
  • http/cves/2012/CVE-2012-5321.yaml by @ctflearner
  • http/cnvd/2022/CNVD-2022-86535.yaml by @arliya,@ritikchaddha
  • http/vulnerabilities/other/sitemap-sql-injection.yaml by @Aravind
  • http/vulnerabilities/wordpress/contus-video-gallery-sqli.yaml by @theamanrawat
  • http/vulnerabilities/wordpress/leaguemanager-sql-injection.yaml by @theamanrawat
  • http/vulnerabilities/wordpress/notificationx-sqli.yaml by @theamanrawat
  • http/vulnerabilities/wordpress/zero-spam-sql-injection.yaml by @theamanrawat
  • http/default-logins/esafenet-cdg-default-login.yaml by @chesterblue
  • http/default-logins/leostream/leostream-default-login.yaml by @bhutch
  • http/default-logins/pyload/pyload-default-login.yaml by @DhiyaneshDk
  • http/misconfiguration/proxy/open-proxy-external.yaml by @gtrrnr
  • http/misconfiguration/unauth-temporal-web-ui.yaml by @ggranjus
  • network/misconfig/apache-dubbo-unauth.yaml by @j4vaovo
  • network/misconfig/apache-rocketmq-broker-unauth.yaml by @j4vaovo
  • http/exposures/configs/collibra-properties.yaml by @0xPugazh
  • http/exposures/files/pnpm-lock.yaml by @noraj
  • http/exposures/tokens/adafruit/adafruit-api-key.yaml by @DhiyaneshDK
  • http/exposures/tokens/adobe/adobe-client-id.yaml by @DhiyaneshDK
  • http/exposures/tokens/airtable/airtable-api-key.yaml by @DhiyaneshDK
  • http/exposures/tokens/algolia/algolia-api-key.yaml by @DhiyaneshDK
  • http/exposures/tokens/alibaba/alibaba-accesskey-id.yaml by @DhiyaneshDK
  • http/exposures/tokens/alibaba/alibaba-secretkey-id.yaml by @DhiyaneshDK
  • http/exposures/tokens/asana/asana-client-id.yaml by @DhiyaneshDK
  • http/exposures/tokens/asana/asana-client-secret.yaml by @DhiyaneshDK
  • http/exposures/tokens/atlassian-token.yaml by @DhiyaneshDK
  • http/exposed-panels/arangodb-web-Interface.yaml by @pussycat0x
  • http/exposed-panels/arcserve-panel.yaml by @DhiyaneshDk
  • http/exposed-panels/c2/hookbot-rat.yaml by @pussycat0x
  • http/exposed-panels/c2/mystic-stealer.yaml by @pussycat0x
  • http/exposed-panels/cloudpanel-login.yaml by @DhiyaneshDk
  • http/exposed-panels/dell-idrac.yaml by @kazet
  • http/exposed-panels/efak-login-panel.yaml by @irshad ahamed
  • http/exposed-panels/pritunl-panel.yaml by @irshad ahamed
  • http/exposed-panels/pyload-panel.yaml by @DhiyaneshDk
  • http/exposed-panels/qdpm-login-panel.yaml by @theamanrawat
  • http/exposed-panels/shell-box.yaml by @irshad ahamed
  • http/exposed-panels/untangle-admin-login.yaml by @irshad ahamed
  • http/exposed-panels/uptime-kuma-panel.yaml by @irshad ahamed
  • file/keys/adafruit-key.yaml by @DhiyaneshDK
  • file/keys/adobe/adobe-client.yaml by @DhiyaneshDK
  • file/keys/airtable-key.yaml by @DhiyaneshDK
  • file/keys/algolia-key.yaml by @DhiyaneshDK
  • file/keys/alibaba/alibaba-key-id.yaml by @DhiyaneshDK
  • file/keys/alibaba/alibaba-secret-id.yaml by @DhiyaneshDK
  • file/keys/asana/asana-clientid.yaml by @DhiyaneshDK
  • file/keys/asana/asana-clientsecret.yaml by @DhiyaneshDK
  • file/keys/atlassian/atlassian-api-token.yaml by @DhiyaneshDK
  • file/webshell/asp-webshell.yaml by @lu4nx
  • file/webshell/jsp-webshell.yaml by @lu4nx
  • file/webshell/php-webshell.yaml by @lu4nx

New Contributors

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.5.4...v9.5.5

v9.5.4

10 months ago

What's Changed

New Templates Added : 51

New CVEs Added: 26

  • http/cves/2023/CVE-2023-35844.yaml by @dwisiswant0 πŸ”₯
  • http/cves/2023/CVE-2023-35843.yaml by @dwisiswant0
  • http/cves/2023/CVE-2023-34843.yaml by @DhiyaneshDk
  • http/cves/2023/CVE-2023-34659.yaml by @ritikchaddha
  • http/cves/2023/CVE-2023-34599.yaml by @ritikchaddha
  • http/cves/2023/CVE-2023-34598.yaml by @DhiyaneshDk
  • http/cves/2023/CVE-2023-34537.yaml by @Harsh
  • http/cves/2023/CVE-2023-33510.yaml by @DhiyaneshDK
  • http/cves/2023/CVE-2023-31548.yaml by @Harsh
  • http/cves/2023/CVE-2023-30019.yaml by @DhiyaneshDK
  • http/cves/2023/CVE-2023-27372.yaml by @DhiyaneshDK,@nuts7 πŸ”₯
  • http/cves/2023/CVE-2023-26843.yaml by @Harsh
  • http/cves/2023/CVE-2023-26842.yaml by @Harsh
  • http/cves/2023/CVE-2023-25346.yaml by @Harsh
  • http/cves/2023/CVE-2023-24488.yaml by @johnk3r πŸ”₯
  • http/cves/2023/CVE-2023-20889.yaml by @iamnoooob,@rootxharsh,@pdresearch
  • http/cves/2023/CVE-2023-20888.yaml by @iamnoooob,@rootxharsh,@pdresearch
  • http/cves/2023/CVE-2023-1496.yaml by @pdteam
  • http/cves/2023/CVE-2023-1454.yaml by @DhiyaneshDK πŸ”₯
  • http/cves/2023/CVE-2023-0563.yaml by @Harsh
  • http/cves/2023/CVE-2023-0562.yaml by @Harsh
  • http/cves/2023/CVE-2023-0527.yaml by @Harsh
  • http/cves/2023/CVE-2023-0126.yaml by @tess
  • http/cves/2022/CVE-2022-40022.yaml by @DhiyaneshDK
  • http/cves/2021/CVE-2021-46704.yaml by @DhiyaneshDK
  • http/cves/2012/CVE-2012-6499.yaml by @ctflearner
  • http/cnvd/2020/CNVD-2020-63964.yaml by @brucelsone
  • http/vulnerabilities/hikvision-ivms-file-upload-rce.yaml by @brucelsone
  • http/vulnerabilities/kkfileview-ssrf.yaml by @Arm!tage
  • http/vulnerabilities/vbulletin/arcade-php-sqli.yaml by @MaStErChO
  • http/misconfiguration/codeigniter-errorpage.yaml by @j4vaovo
  • http/misconfiguration/genieacs-default-jwt.yaml by @DhiyaneshDK,@pussycat0x
  • http/misconfiguration/grav-register-admin.yaml by @DhiyaneshDk
  • http/misconfiguration/installer/spip-install.yaml by @DhiyaneshDK
  • http/misconfiguration/odoo-unprotected-database.yaml by @pdteam
  • network/enumeration/psql-user-enum.yaml by @pussycat0x
  • network/misconfig/unauth-psql.yaml by @pussycat0x
  • http/exposed-panels/axxon-client-panel.yaml by @irshadahamed
  • http/exposed-panels/jsherp-boot-panel.yaml by @DhiyaneshDk
  • http/exposed-panels/openbullet2-panel.yaml by @MaStErChO
  • http/exposed-panels/syncserver-panel.yaml by @DhiyaneshDk
  • http/exposed-panels/wd-mycloud-panel.yaml by @DhiyaneshDk
  • http/exposures/configs/aws-config.yaml by @m4lwhere
  • http/exposures/configs/aws-credentials.yaml by @m4lwhere
  • http/technologies/wordpress/plugins/wp-rollback.yaml by @ricardomaia
  • file/nodejs/admzip-path-overwrite.yaml by @me_dheeraj (https://twitter.com/Dheerajmadhukar)
  • file/nodejs/express-lfr.yaml by @me_dheeraj (https://twitter.com/Dheerajmadhukar)
  • file/nodejs/generic-path-traversal.yaml by @me_dheeraj (https://twitter.com/Dheerajmadhukar)
  • file/nodejs/tar-path-overwrite.yaml by @me_dheeraj (https://twitter.com/Dheerajmadhukar)
  • file/nodejs/xss-serialize-javascript.yaml by @me_dheeraj (https://twitter.com/Dheerajmadhukar)
  • file/nodejs/zip-path-overwrite.yaml by @me_dheeraj (https://twitter.com/Dheerajmadhukar)

New Contributors

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.5.3...v9.5.4

v9.5.3

11 months ago

πŸ”₯ Highlights of this release:

βœ… [CVE-2023-34362] MOVEit Transfer - Remote Code Execution (@princechaddha,@rootxharsh,@ritikchaddha,@pdresearch) [critical] βœ… [CVE-2023-34960] Chamilo Command Injection (@dhiyaneshdk) [high] βœ… [CVE-2023-33246] RocketMQ <= 5.1.0 - Remote Code Execution (@iamnoooob,@rootxharsh,@pdresearch) [critical] βœ… [CVE-2023-25157] GeoServer OGC Filter - SQL Injection (@ritikchaddha,@dhiyaneshdk,@iamnoooob,@rootxharsh) [critical] βœ… [CVE-2023-23333] SolarView Compact 6.00 - OS Command Injection (@mr-xn) [critical] βœ… [CVE-2023-20887] VMware VRealize Network Insight - Remote Code Execution (@sinsinology) [critical] βœ… [CVE-2022-23544] MeterSphere < 2.5.0 SSRF (@j4vaovo) [medium] βœ… [CVE-2022-24706] CouchDB Erlang Distribution - Remote Command Execution (@mzack9999,@pussycat0x) [critical] βœ… [CVE-2017-12617] Apache Tomcat - Remote Code Execution (@pussycat0x) [high] βœ… [CVE-2016-6195] vBulletin <= 4.2.3 - SQL Injection (@mastercho) [high]

What's Changed

New Templates Added: 62

New CVEs Added: 28

  • http/cves/2023/CVE-2023-34960.yaml by @DhiyaneshDK πŸ”₯
  • http/cves/2023/CVE-2023-34362.yaml by @princechaddha,@rootxharsh,@ritikchaddha,@pdresearch πŸ”₯
  • http/cves/2023/CVE-2023-33568.yaml by @DhiyaneshDK
  • http/cves/2023/CVE-2023-25157.yaml by @ritikchaddha,@DhiyaneshDK,@iamnoooob,@rootxharsh πŸ”₯
  • http/cves/2023/CVE-2023-24243.yaml by @ritikchaddha
  • http/cves/2023/CVE-2023-23333.yaml by @Mr-xn πŸ”₯
  • http/cves/2023/CVE-2023-20887.yaml by @sinsinology πŸ”₯
  • http/cves/2023/CVE-2023-0630.yaml by @DhiyaneshDK
  • http/cves/2022/CVE-2022-23544.yaml by @j4vaovo πŸ”₯
  • http/cves/2022/CVE-2022-0869.yaml by @ctflearner
  • http/cves/2021/CVE-2021-44138.yaml by carrot2
  • http/cves/2021/CVE-2021-24647.yaml by @DhiyaneshDK
  • http/cves/2019/CVE-2019-1943.yaml by @bhutch
  • http/cves/2019/CVE-2019-10098.yaml by @ctflearner
  • http/cves/2017/CVE-2017-12617.yaml by @pussycat0x πŸ”₯
  • http/cves/2016/CVE-2016-6195.yaml by @MaStErChO πŸ”₯
  • http/cves/2013/CVE-2013-2621.yaml by @ctflearner
  • http/cves/2012/CVE-2012-4982.yaml by @ctflearner
  • http/cves/2011/CVE-2011-5252.yaml by @ctflearner
  • http/cves/2010/CVE-2010-1586.yaml by @ctflearner
  • http/cves/2009/CVE-2009-0347.yaml by @ctflearner
  • http/cves/2008/CVE-2008-7269.yaml by @ctflearner
  • http/cves/2008/CVE-2008-1547.yaml by @ctflearner
  • http/cves/2005/CVE-2005-3634.yaml by @ctflearner
  • http/cves/2004/CVE-2004-1965.yaml by @ctflearner
  • http/cves/2001/CVE-2001-0537.yaml by @DhiyaneshDK
  • network/cves/2022/CVE-2022-24706.yaml by @Mzack9999,@pussycat0x πŸ”₯
  • network/cves/2023/CVE-2023-33246.yaml by @iamnoooob,@rootxharsh,@pdresearch πŸ”₯
  • http/vulnerabilities/nuxt/nuxt-js-lfi.yaml by @DhiyaneshDK
  • http/vulnerabilities/nuxt/nuxt-js-semi-lfi.yaml by @DhiyaneshDK
  • http/vulnerabilities/nuxt/nuxt-js-xss.yaml by @DhiyaneshDK
  • http/vulnerabilities/other/epp-server-lfi.yaml by @DhiyaneshDK
  • http/misconfiguration/bravia-signage.yaml by @DhiyaneshDK
  • http/misconfiguration/symfony-fragment.yaml by Palanichamy_perumal,TechbrunchFR
  • http/default-logins/riello/netman-default-login.yaml by @mabdullah22
  • http/exposed-panels/c2/brute-ratel-c4.yaml by @pussycat0x
  • http/exposed-panels/c2/empire-c2.yaml by @pussycat0x
  • http/exposed-panels/c2/evilginx.yaml by @pussycat0x
  • http/exposed-panels/c2/nh-c2.yaml by @pussycat0
  • http/exposed-panels/c2/viper-c2.yaml by @pussycat0x
  • http/exposed-panels/cryptobox-panel.yaml by @righettod
  • http/exposed-panels/iclock-admin-panel.yaml by @deFr0ggy
  • http/exposed-panels/rancher-dashboard.yaml by @ritikchaddha
  • http/miscellaneous/crypto-mining-malware.yaml by @geeknik
  • ssl/c2/asyncrat-c2.yaml by @johnk3r
  • ssl/c2/bitrat-c2.yaml by @pussycat0x
  • ssl/c2/covenant-c2-ssl.yaml by @pussycat0x
  • ssl/c2/dcrat-server-c2.yaml by @pussycat0x
  • ssl/c2/gozi-malware.yaml by @pussycat0x
  • ssl/c2/icedid.yaml by @pussycat0x
  • ssl/c2/orcus-rat-c2.yaml by @pussycat0x
  • ssl/c2/posh-c2.yaml by @pussycat0x
  • ssl/c2/quasar-rat-c2.yaml by @johnk3r,@pussycat0x
  • ssl/c2/shadowpad-c2.yaml by @pussycat0x
  • http/technologies/magento-eol.yaml by @dogancanbakir
  • http/technologies/magento-version-detect.yaml by @sullo,@dogancanbakir
  • http/technologies/openproject-detect.yaml by @ricardomaia
  • http/technologies/phplist-detect.yaml by @ricardomaia
  • http/technologies/wordpress/plugins/breeze.yaml by @ricardomaia
  • http/technologies/wordpress/plugins/fast-indexing-api.yaml by @ricardomaia
  • http/osint/facebook-page.yaml by @gpiechnik2
  • http/osint/stackoverflow.yaml by @lu4nx

New Contributors

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.5.2...v9.5.3

v9.5.2

11 months ago

πŸ”₯ Highlights of this release:

This release adds a collection of credential-stuffing templates for both cloud and self-hosted services. These templates can be used for automating the identification and prevention of credential stuffing attempts across your organization's websites and applications.

Credential Stuffing Templates:

  • http/credential-stuffing/cloud/atechmedia-codebase-login-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/cloud/atlassian-login-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/cloud/avnil-pdf-generator-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/cloud/chefio-login-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/cloud/codepen-login-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/cloud/datadog-login-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/cloud/docker-hub-login-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/cloud/gitea-login-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/cloud/github-login-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/cloud/postman-login-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/cloud/pulmi-login-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/self-hosted/gitlab-login-check-self-hosted.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/self-hosted/grafana-login-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/self-hosted/jira-login-check.yaml by @parthmalhotra,@pdresearch

What's Changed

New Templates Added : 44

New CVEs Added: 29

  • http/cves/2023/CVE-2023-32315.yaml by @vsh00t πŸ”₯
  • http/cves/2023/CVE-2023-29623.yaml by @theamanrawat
  • http/cves/2023/CVE-2023-29622.yaml by @theamanrawat
  • http/cves/2023/CVE-2023-2130.yaml by @theamanrawat
  • http/cves/2023/CVE-2023-2122.yaml by @r3Y3r53
  • http/cves/2023/CVE-2023-1362.yaml by @ctflearner
  • http/cves/2023/CVE-2023-0948.yaml by @r3Y3r53
  • http/cves/2022/CVE-2022-31984.yaml by @theamanrawat πŸ”₯
  • http/cves/2022/CVE-2022-31983.yaml by @theamanrawat
  • http/cves/2022/CVE-2022-31982.yaml by @theamanrawat
  • http/cves/2022/CVE-2022-31981.yaml by @theamanrawat
  • http/cves/2022/CVE-2022-31980.yaml by @theamanrawat
  • http/cves/2022/CVE-2022-31978.yaml by @theamanrawat
  • http/cves/2022/CVE-2022-31977.yaml by @theamanrawat
  • http/cves/2022/CVE-2022-31976.yaml by @theamanrawat
  • http/cves/2022/CVE-2022-31975.yaml by @theamanrawat
  • http/cves/2022/CVE-2022-31974.yaml by @theamanrawat
  • http/cves/2022/CVE-2022-31879.yaml by @theamanrawat
  • http/cves/2022/CVE-2022-28023.yaml by @theamanrawat
  • http/cves/2022/CVE-2022-28022.yaml by @theamanrawat
  • http/cves/2021/CVE-2021-43725.yaml by @theamanrawat
  • http/cves/2021/CVE-2021-40973.yaml by @theamanrawat
  • http/cves/2021/CVE-2021-40972.yaml by @theamanrawat
  • http/cves/2021/CVE-2021-40971.yaml by @theamanrawat
  • http/cves/2021/CVE-2021-40970.yaml by @theamanrawat
  • http/cves/2021/CVE-2021-40969.yaml by @theamanrawat
  • http/cves/2021/CVE-2021-40968.yaml by @theamanrawat
  • http/cves/2021/CVE-2021-27124.yaml by @theamanrawat
  • http/cves/2021/CVE-2021-24731.yaml by @theamanrawat
  • http/exposed-panels/spotweb-login-panel.yaml by @theamanrawat
  • http/credential-stuffing/cloud/atechmedia-codebase-login-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/cloud/atlassian-login-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/cloud/avnil-pdf-generator-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/cloud/chefio-login-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/cloud/codepen-login-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/cloud/datadog-login-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/cloud/docker-hub-login-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/cloud/gitea-login-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/cloud/github-login-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/cloud/postman-login-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/cloud/pulmi-login-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/self-hosted/gitlab-login-check-self-hosted.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/self-hosted/grafana-login-check.yaml by @parthmalhotra,@pdresearch
  • http/credential-stuffing/self-hosted/jira-login-check.yaml by @parthmalhotra,@pdresearch

New Contributors

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.5.1...v9.5.2