Releases · projectdiscovery/nuclei-templates

28 Mar 11:35

princechaddha

v10.1.6

30af57b

v10.1.6 Latest

Latest

What's Changed

🔥 Release Highlights 🔥

[CVE-2025-29927] Next.js Middleware Bypass (@pdresearch, @pdteam, @hazedic) [critical] 🔥
[CVE-2025-26319] FlowiseAI Flowise <= 2.2.6 - Arbitrary File Upload (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2025-25291] GitLab - SAML Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-24813] Apache Tomcat Path Equivalence - RCE (@iamnoooob, @rootxharsh, @pdresearch, @themiddle) [critical] 🔥
[CVE-2025-2825] CrushFTP - Authentication Bypass (@parthmalhotra, @Ice3man, @dhiyaneshdk, @pdresearch) [critical] 🔥
[CVE-2025-1974] Ingress-Nginx Controller - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-1661] HUSKY – for WooCommerce <= 1.3.6.5 - Unauth LFI (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-53991] Discourse Backup File Disclosure - Nginx Configuration (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-51378] CyberPanel - Command Injection (@ritikchaddha) [critical] 🔥
[CVE-2024-13496] GamiPress <= 2.8.9 - SQL Injection (@ritikchaddha) [high] 🔥
[CVE-2023-22952] SugarCRM Unauthenticated - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥

False Negatives

CVE-2025-24813 PUT method not sending data (Issue #11798)
Hardcoded interact.sh in 178 templates (Issue #11771)

False Positives

Missing MFA check (Issue #11761)
CVE-2022-40032 (Issue #11758)
CVE-2021-40822 (Issue #11119)
external-service-interaction.yaml (PR #11809)
internal-ip-disclosure.yaml (PR #11806)
CVE-2022-40032 (PR #11791)

Enhancements

CVE-2025-2825.yaml (PR #11839)
CVE-2025-29927.yaml (PRs #11804, #11820)
mobsf-apktool-lfi.yaml renamed and updated to CVE-2024-21633.yaml (PR #11805)
CVE-2020-28351.yaml (PR #11794)
CVE-2020-2036.yaml (PR #11795)
oracle-ebs-xss.yaml (PR #11792)
polyfill-backdoor.yaml (PR #11748)
craft-cms-detect.yaml (PR #11700)

Bug Fixes

Fixed Dell iDRAC workflow issue (Issue #10876).
Fixed GET request handling in CVE-2025-24813 (Issue #11759).

Template Updates

New Templates Added: `78` | CVEs Added: `45` | First-time contributions: `8`

[CVE-2025-30208] Vite - Arbitrary File Read (@v2htw) [medium] 🔥
[CVE-2025-29927] Next.js Middleware Bypass (@pdresearch, @pdteam, @hazedic) [critical] 🔥
[CVE-2025-26319] FlowiseAI Flowise <= 2.2.6 - Arbitrary File Upload (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2025-25291] GitLab - SAML Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-24813] Apache Tomcat Path Equivalence - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch, @themiddle) [critical] 🔥
[CVE-2025-2825] CrushFTP - Authentication Bypass (@parthmalhotra, @Ice3man, @dhiyaneshdk, @pdresearch) [critical] 🔥
[CVE-2025-2539] File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2025-2129] Mage AI - Insecure Default Authentication Setup (@zn9988, @H0j3n) [medium]
[CVE-2025-1974] Ingress-Nginx Controller - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-1661] HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-1323] WP-Recall – Plugin <= 16.26.10 - Unauthenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-57050] TP-LINK WR840N v6 up to 0.9.1 4.16 - Improper Authentication (@dhiyaneshdk) [critical]
[CVE-2024-57049] TP-Link Archer C20 - Authentication Bypass (@ritikchaddha) [critical]
[CVE-2024-57046] Netgear DGN2200 - Improper Authentication (@ritikchaddha) [high]
[CVE-2024-57045] D-Link DIR-859 - Information Disclosure (@ritikchaddha) [critical]
[CVE-2024-55556] InvoiceShelf <= 1.3.0 - PHP Deserialization (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2024-54767] AVM FRITZ!Box 7530 AX - Unauthorized Access (@dhiyaneshdk) [high]
[CVE-2024-54764] ipTIME A2004 - Unauthorized Access (@ritikchaddha) [medium]
[CVE-2024-54763] ipTIME A2004 - Unauthorized Access (@ritikchaddha) [medium]
[CVE-2024-53991] Discourse Backup File Disclosure Via Default Nginx Configuration (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-52763] Ganglia Web Interface (v3.7.3 - v3.7.5) - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2024-52762] Ganglia Web Interface (v3.7.3 - v3.7.6) - Cross-Site Scripting (@dhiyaneshdk) [medium]
[CVE-2024-51378] CyberPanel - Command Injection (@ritikchaddha) [critical] 🔥
[CVE-2024-30570] Netgear R6850 - Information Disclosure (@ritikchaddha) [medium]
[CVE-2024-30569] Netgear R6850 - Information Disclosure (@ritikchaddha) [medium]
[CVE-2024-30568] Netgear R6850 V1.1.0.88 - Command Injection (@ritikchaddha) [critical]
[CVE-2024-21485] Dash Framework - Cross-site Scripting (@lee Changhyun(eeche)) [medium]
[CVE-2024-13853] WordPress SEO Tools Plugin 4.0.7 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2024-13624] WordPress WPMovieLibrary Plugin <= 2.1.4.8 - Cross-Site Scripting (@ritikchaddha) [high]
[CVE-2024-13496] GamiPress <= 2.8.9 - SQL Injection (@ritikchaddha) [high] 🔥
[CVE-2024-11740] Download Manager < 3.3.04 - Unauthenticated Arbitrary Shortcode Execution (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-10783] WordPress Plugin MainWP Child - Authentication Bypass (@sean Murphy, @iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-6892] Journyx 11.5.4 - Reflected Cross Site Scripting (@dhiyaneshdk) [medium]
[CVE-2024-6651] WordPress File Upload Plugin < 4.24.8 - Cross-Site Scripting (@ritikchaddha) [high]
[CVE-2024-6460] WordPress Grow by Tradedoubler Plugin < 2.0.22 - Unauthenticated Local File Inclusion (@ritikchaddha) [critical]
[CVE-2024-4399] WordPress CAS Theme <= 1.0.0 - Server-Side Request Forgery (@ritikchaddha) [critical]
[CVE-2024-3080] ASUS DSL-AC88U - Authentication Bypass (@ritikchaddha) [critical]
[CVE-2024-3032] WordPress Themify Builder < 7.5.8 - Open Redirect (@ritikchaddha) [medium]
[CVE-2023-49489] KodeExplorer 4.51 - Reflective Cross Site Scripting (XSS) (@dhiyaneshdk) [medium]
[CVE-2023-31478] GL.iNET SSID Key Disclosure (@dhiyaneshdk) [high]
[CVE-2023-22952] SugarCRM Unauthenticated - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2023-5974] WordPress WPB Show Core <= 2.2 - Server-Side Request Forgery (@ritikchaddha) [critical]
[CVE-2023-4284] WordPress Post Timeline Plugin < 2.2.6 - Cross-Site Scripting (@ritikchaddha) [high]
[CVE-2023-2518] WordPress Easy Forms for Mailchimp Plugin < 6.8.9 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-2256] WordPress Product Addons & Fields for WooCommerce < 32.0.7 - Cross-Site Scripting (@ritikchaddha) [high]
[CVE-2025-1974-k8s] Ingress-Nginx Controller - Unauthenticated Remote Code Execution (@princechaddha) [critical]
[CVE-2025-29927-HEADLESS] Next.js Middleware Authorization Bypass (@Ademking) [critical]
[insecure-powershell-execution-policy] Insecure PowerShell Execution Policy - Detect (@JeonSungHyun[nukunga]) [medium]
[powershell-script-block-logging-disabled] PowerShell Script Block Logging - Disabled (@JeonSungHyun[nukunga]) [medium]
[chirpstack-default-login] ChirpStack - Default Login (@t3l3machus) [high]
[unify-hipath-default-login] Unify HiPath Cordless IP - Default Login (@flx) [high]
[chirpstack-login] ChirpStack LoRaWAN Detection (@ProjectDiscoveryAI) [info]
[cisco-webui-login] Cisco Web UI Login - Detect (@drewvravick) [info]
[dbt-docs-panel] dbt Docs Panel - Detect (@johnk3r) [info]
[vectoradmin-panel] VectorAdmin Panel - Detect (@s4e-io) [info]
[xphoneconnect-admin-panel] XPhone Connect Admin Interface - Detect (@flx) [info]
[dnsmasq-config] Dnsmasq Config - File Disclosure (@dhiyaneshdk) [low]
[elastic-kibana-config] Elastic Kibana Config - File Disclosure (@dhiyaneshdk) [medium]
[gunicorn-config-file] Gunicorn Config File - File Disclosure (@dhiyaneshdk) [low]
[haproxy-config-file] Haproxy Config - File Disclosure (@dhiyaneshdk) [low]
[icecast-config] Icecast Config - File Disclosure (@dhiyaneshdk) [low]
[lighttpd-config-file] Lighttpd Config File - File Disclosure (@dhiyaneshdk) [low]
[log4-properties] Log4j Properties - File Disclosure (@dhiyaneshdk) [low]
[next-js-config-file] Next JS Config - File Disclosure (@dhiyaneshdk) [low]
[nuxtjs-config-file] Nuxtjs Config File - File Disclosure (@dhiyaneshdk) [low]
[vercel-config-file] Vercel Config File - File Disclosure (@dhiyaneshdk) [low]
[vugex-source-detect] Vugex Framework Source Code - Detect (@ProjectDiscoveryAI, @pdteam) [medium]
[hashicorp-consul-unauth] Hashicorp Consul API Unauthenticated (@pussycat0x) [medium]
[basercms-install] baserCMS Installation - Exposure (@ritikchaddha) [critical]
[kentico-13-auth-bypass-wt-2025-0006] Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006) (@dhiyaneshdk) [unknown]
[kentico-13-auth-bypass-wt-2025-0011] Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0011) (@dhiyaneshdk) [unknown]
[apache-hertzbeat-detect] Apache Hertzbeat - Detect (@icarot) [info]
[flutter-web-detect] Flutter Web Application - Detect (@incogbyte) [info]
[oqtane-cms-db] Oqtane CMS Database - Detect (@Masoud Abdaal) [info]
[drupal7-elfinder-rce] Drupal 7 Elfinder - Remote Code Execution (@1337kro) [critical]
[netgear-wnr614-auth-bypass] Netgear WNR614 - Improper Authentication (@ritikchaddha) [high]
[mockoon-lfi] Mockoon <= 9.1.0 - Path Traversal (@iamnoooob, @rootxharsh, @pdresearch) [high]
[siam-xss] SIAM 2.0 - Cross-Site Scripting (@3th1c_yuk1) [medium]

New Contributors

@felixsta made their first contribution in https://github.com/projectdis...

Contributors

lee, sean, and 30 other contributors

Assets 3

10 Mar 12:01

princechaddha

v10.1.5

f41c1e9

CSP Bypass Templates - Nuclei Templates v10.1.5 🎉

🔥 Release Highlights 🔥

With this release, we are adding new CSP Bypass (DAST) Nuclei Templates to help security teams and bug hunters efficiently identify Content Security Policy (CSP) misconfigurations. These templates automate the detection of CSP bypass techniques, allowing testers to analyze real-world attack scenarios where CSP restrictions can be circumvented in the presence of existing XSS vulnerabilities.

We encourage contributors and reviewers to provide their valuable feedback and suggestions to help enhance and update these CSP Bypass templates further. For more details, please visit our latest blog post.

Other Highlights

[CVE-2025-27218] Sitecore Experience Manager (XM)/Experience Platform (XP) 10.4 - Insecure Deserialization (@iamnoooob, @rootxharsh, @pdresearch) [medium] 🔥
[CVE-2025-26793] FREEDOM Administration - Default Login (@eric Daigle, @dhiyaneshdk) [critical] 🔥
[CVE-2025-24893] XWiki Platform - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-24752] Essential Addons for Elementor < 6.0.15 - Cross-Site Scripting (@dhiyaneshdk) [medium] 🔥
[CVE-2024-48248] NAKIVO Backup and Replication Solution - Unauthenticated Arbitrary File Read (@dhiyaneshdk) [high] 🔥
[CVE-2024-13161] Ivanti EPM - Credential Coercion Vulnerability in GetHashForSingleFile (@ritikchaddha) [critical] 🔥
[CVE-2024-13160] Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard (@ritikchaddha) [critical] 🔥
[CVE-2024-13159] Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcardRecursive (@ritikchaddha) [critical] 🔥
[CVE-2024-12356] Privileged Remote Access & Remote - Command Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2023-47248] PyArrow Flight RPC - Remote Code Execution (@smolse) [critical] 🔥
[CVE-2022-29455] WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting (@RotemBar, @daffainfo) [medium] 🔥

What's Changed

New Templates Added: `281` | CVEs Added: `23` | First-time contributions: `4`

[CVE-2025-27218] Sitecore Experience Manager (XM)/Experience Platform (XP) 10.4 - Insecure Deserialization (@iamnoooob, @rootxharsh, @pdresearch) [medium] 🔥
[CVE-2025-27112] Navidrome <=0.54.5 - Auth Bypass in Subsonic API (@iamnoooob, @rootxharsh, @pdresearch) [medium]
[CVE-2025-26793] FREEDOM Administration - Default Login (@eric Daigle, @dhiyaneshdk) [critical] 🔥
[CVE-2025-25062] Backdrop CMS - Cross-Site Scripting (@soonghee2) [medium]
[CVE-2025-24893] XWiki Platform - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2025-24752] Essential Addons for Elementor < 6.0.15 - Cross-Site Scripting (@dhiyaneshdk) [medium] 🔥
[CVE-2025-22952] Elestio Memos <= v0.24.0 - Server-Side Request Forgery (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2025-1025] Cockpit < 2.4.1 - Arbitrary File Upload (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2025-0868] DocsGPT - Unauthenticated Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2024-56331] Uptime-Kuma - Local File Inclusion (LFI) (@hyni03) [critical]
[CVE-2024-51228] TOTOLINK CX-A3002RU - Remote Code Execution (@dhiyaneshdk) [medium]
[CVE-2024-48248] NAKIVO Backup and Replication Solution - Unauthenticated Arbitrary File Read (@dhiyaneshdk) [high] 🔥
[CVE-2024-13888] WPMobile.App <= 11.56 - Open Redirect (@s4e-io) [high]
[CVE-2024-13161] Ivanti EPM - Credential Coercion Vulnerability in GetHashForSingleFile (@ritikchaddha) [critical] 🔥
[CVE-2024-13160] Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard (@ritikchaddha) [critical] 🔥
[CVE-2024-13159] Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcardRecursive (@ritikchaddha) [critical] 🔥
[CVE-2024-12824] Nokri – Job Board <= 1.6.2 - Unauth Password Change (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2024-12356] Privileged Remote Access & Remote - Command Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-11396] Event Monster <= 1.4.3 - Information Exposure Via Visitors List Export (@s4e-io) [medium]
[CVE-2024-9193] WHMpress <= 6.3 - Unauth LFI to Arbitrary Options Update (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2023-47248] PyArrow Flight RPC - Remote Code Execution (@smolse) [critical] 🔥
[CVE-2023-45826] Leantime < 2.4 - Authenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [medium]
[CVE-2022-29455] WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting (@RotemBar, @daffainfo) [medium] 🔥
[remote-desktop-default-port] Remote Desktop Listening Default Port - Detect (@asteria121) [info]
[python-code-injection] Python Code Injection (@ritikchaddha) [high]
[open-redirect-bypass] Open Redirect Bypass (@ritikchaddha) [medium]
[freemarker-sandbox-bypass-ssti] Freemarker < 2.3.30 Sandbox Bypass - Server Side Template Injection (@ritikchaddha) [high]
[codepen-oob] Codepen - Out of Band Template Injection (@ritikchaddha) [high]
[jinjava-ssti] Jinjava - Server Side Template Injection (@ritikchaddha) [high]
[pebble-oob] Pebble - Out of Band Template Injection (@ritikchaddha) [high]
[spring-expression-oob] Spring Expression Language - Out of Band Template Injection (@ritikchaddha) [high]
[thymeleaf-oob] Thymeleaf - Out of Band Template Injection (@ritikchaddha) [high]
[razor-ssti] Razor - Server Side Template Injection (@ritikchaddha) [high]
[smarty-ssti] Smarty - Server Side Template Injection (@ritikchaddha) [high]
[twig-ssti] Twig - Server Side Template Injection (@ritikchaddha) [high]
[adnxs-ib-csp-bypass] Content-Security-Policy Bypass - Adnxs IB (@renniepak, @dhiyaneshdk) [medium]
[adnxs-secure-csp-bypass] Content-Security-Policy Bypass - Adnxs Secure (@renniepak, @dhiyaneshdk) [medium]
[adobe-campaign-csp-bypass] Content-Security-Policy Bypass - Adobe Campaign (@renniepak, @dhiyaneshdk) [medium]
[adroll-csp-bypass] Content-Security-Policy Bypass - AdRoll (@renniepak, @dhiyaneshdk) [medium]
[afterpay-help-csp-bypass] Content-Security-Policy Bypass - Afterpay Help (@renniepak, @dhiyaneshdk) [medium]
[akamai-content-csp-bypass] Content-Security-Policy Bypass - Akamai Content (@renniepak, @dhiyaneshdk) [medium]
[alibaba-ug-csp-bypass] Content-Security-Policy Bypass - Alibaba UG (@renniepak, @dhiyaneshdk) [medium]
[aliexpress-acs-csp-bypass] Content-Security-Policy Bypass - AliExpress ACS (@renniepak, @dhiyaneshdk) [medium]
[amap-wb-csp-bypass] Content-Security-Policy Bypass - AMap WB (@renniepak, @dhiyaneshdk) [medium]
[amazon-aax-eu-csp-bypass] Content-Security-Policy Bypass - Amazon AAX EU (@renniepak, @dhiyaneshdk) [medium]
[amazon-media-csp-bypass] Content-Security-Policy Bypass - Amazon Media (@renniepak, @dhiyaneshdk) [medium]
[amazon-romania-csp-bypass] Content-Security-Policy Bypass - Amazon Romania (@renniepak, @dhiyaneshdk) [medium]
[amazon-s3-elysium-csp-bypass] Content-Security-Policy Bypass - Amazon S3 Elysium (@renniepak, @dhiyaneshdk) [medium]
[ancestrycdn-angular-csp-bypass] Content-Security-Policy Bypass - AncestryCDN Angular (@renniepak, @dhiyaneshdk) [medium]
[angularjs-code-csp-bypass] Content-Security-Policy Bypass - AngularJS Code (@renniepak, @dhiyaneshdk) [medium]
[app-link-csp-bypass] Content-Security-Policy Bypass - App Link (@renniepak, @dhiyaneshdk) [medium]
[apple-developer-csp-bypass] Content-Security-Policy Bypass - Apple Developer (@renniepak, @dhiyaneshdk) [medium]
[arkoselabs-cdn-csp-bypass] Content-Security-Policy Bypass - Arkose Labs CDN (@renniepak, @dhiyaneshdk) [medium]
[arkoselabs-client-api-csp-bypass] Content-Security-Policy Bypass - Arkose Labs Client API (@renniepak, @dhiyaneshdk) [medium]
[ayco-portal-csp-bypass] Content-Security-Policy Bypass - Ayco Portal (@renniepak, @dhiyaneshdk) [medium]
[azure-inno-csp-bypass] Content-Security-Policy Bypass - Azure Inno (@renniepak, @dhiyaneshdk) [medium]
[baidu-map-api-csp-bypass] Content-Security-Policy Bypass - Baidu Map API (@renniepak, @dhiyaneshdk) [medium]
[baidu-passport-csp-bypass] Content-Security-Policy Bypass - Baidu Passport (@renniepak, @dhiyaneshdk) [medium]
[battlenet-eu-csp-bypass] Content-Security-Policy Bypass - Battle.net EU (@renniepak, @dhiyaneshdk) [medium]
[bazaarvoice-api-csp-bypass] Content-Security-Policy Bypass - Bazaarvoice API (@renniepak, @dhiyaneshdk) [medium]
[bdimg-apps-csp-bypass] Content-Security-Policy Bypass - BDImg Apps (@renniepak, @dhiyaneshdk) [medium]
[bebezoo-1688-csp-bypass] Content-Security-Policy Bypass - Bebezoo 1688 (@renniepak, @dhiyaneshdk) [medium]
[bild-don-csp-bypass] Content-Security-Policy Bypass - Bild Don (@renniepak, @dhiyaneshdk) [medium]
[bing-api-csp-bypass] Content-Security-Policy Bypass - Bing API (@renniepak, @dhiyaneshdk) [medium]
[bing-csp-bypass] Content-Security-Policy Bypass - Bing (@renniepak, @dhiyaneshdk) [medium]
[blogger-api-csp-bypass] Content-Security-Policy Bypass - Blogger API (@renniepak, @dhiyaneshdk) [medium]
[buzzfeed-mango-csp-bypass] Content-Security-Policy Bypass - BuzzFeed Mango (@renniepak, @dhiyaneshdk) [medium]
[bytedance-sso-csp-bypass] Content-Security-Policy Bypass - ByteDance SSO (@renniepak, @dhiyaneshdk) [medium]
[carbonads-srv-csp-bypass] Content-Security-Policy Bypass - CarbonAds SRV (@renniepak, @dhiyaneshdk) [medium]
[chartbeat-api-csp-bypass] Content-Security-Policy Bypass - Chartbeat API (@renniepak, @dhiyaneshdk) [medium]
[clearbit-reveal-csp-bypass] Content-Security-Policy Bypass - Clearbit Reveal (@renniepak, @dhiyaneshdk) [medium]
[cloudflare-cdn-csp-bypass] Content-Security-Policy Bypass - Cloudflare CDN (@renniepak, @dhiyaneshdk) [medium]
[cloudflare-challenges-csp-bypass] Content-Security-Policy Bypass - Cloudflare Challenges (@renniepak, @DH...

Contributors

eric, geeknik, and 24 other contributors

Assets 3

21 Feb 18:41

princechaddha

v10.1.3

b98b28b

v10.1.3

What's Changed

🔥 Release Highlights 🔥

[CVE-2025-0108] PAN-OS Management Interface - Path Confusion to Auth Bypass (@halencarjunior, @ritikchaddha) [critical] 🔥
[CVE-2024-55415] DevDojo Voyager <=1.8.0 - Arbitrary File Read (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-53704] SSL VPN Session Hijacking (@johnk3r) [critical] 🔥
[CVE-2024-46507] Yeti Platform < 2.1.12 - Server-Side Template Injection RCE (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-27115] SOPlanning - Remote Code Execution (@[email protected]) [high] 🔥
[CVE-2024-24759] MindsDB - DNS Rebinding SSRF Protection Bypass (@lee Changhyun(eeche)) [high] 🔥
[CVE-2024-5082] Nexus Repository 2 - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2022-25226] ThinVNC - Authentication Bypass (@ritikchaddha) [critical] 🔥

False Negatives

[FALSE-NEGATIVE] wp-user-enum.yaml #11533
Fix FN wp-user-enum.yaml #11556

False Positives

[FALSE-POSITIVE] CVE-2024-4439 #11496
[FALSE-POSITIVE] http/technologies/ivanti-epm-detect.yaml #11483
[FALSE-POSITIVE] Next.js - Cache Poisoning - Headers #11473
Fixed FP in CVE-2022-2535.yaml #11510
Fixed Flase Positive | Next.js - Cache Poisoning - Headers #11532

Enhancements

Update CVE-2023-26360.yaml #11524
Update Duplicate id #11530
Update prestashop-cartabandonmentpro-file-upload.yaml (Added Additional Path) #11573
fix(apache): make reference links correct #11604
Add new title support for jenkins-openuser-register.yaml #11606
Update siteminder-dom-xss.yaml #11613
Update CVE-2020-11710.yaml #11619
Update fingerprinthub-web-fingerprints.yaml #11622
Disabling redirects for mixed-active-content template #11628
Refactor the "NETDATA" template. #11629

Bug Fixes

Template Updates

New Templates Added: `52` | CVEs Added: `25` | First-time contributions: `11`

[CVE-2025-24963] Vitest Browser Mode - Local File Read (@iamnoooob, @rootxharsh, @pdresearch) [medium]
[CVE-2025-1035] KLog Server - Path Traversal (@s4e-io) [medium]
[CVE-2025-0108] PAN-OS Management Interface - Path Confusion to Authentication Bypass (@halencarjunior, @ritikchaddha) [critical] 🔥
[CVE-2024-57514] TP-Link Archer A20 v3 Router - Cross-site Scripting (@s4e-io) [medium]
[CVE-2024-55417] DevDojo Voyager <= 1.8.0 - Arbitrary File Write vulnerability (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-55416] DevDojo Voyager <=1.8.0 - Cross-Site Scripting (@iamnoooob, @rootxharsh, @pdresearch) [low]
[CVE-2024-55415] DevDojo Voyager <=1.8.0 - Arbitrary File Read (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-53704] SSL VPN Session Hijacking (@johnk3r) [critical] 🔥
[CVE-2024-50967] DATAGERRY - Improper Access Control (@s4e-io, @0xByteHunter) [high]
[CVE-2024-48766] NetAlert X - Arbitary File Read (@s4e-io) [critical]
[CVE-2024-46507] Yeti Platform < 2.1.12 - Server-Side Template Injection to RCE (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-45591] XWiki Platform - Unauthorized Document History Access (@pd-bot) [medium]
[CVE-2024-27115] SOPlanning - Remote Code Execution (@[email protected]) [high] 🔥
[CVE-2024-24759] MindsDB - DNS Rebinding SSRF Protection Bypass (@lee Changhyun(eeche)) [high] 🔥
[CVE-2024-13726] Themes Coder Ecommerce <= 1.3.4 - SQL Injection (@s4e-io) [high]
[CVE-2024-12760] BentoML v1.3.9 - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2024-11044] Stable Diffusion Webui 1.10.0 - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2024-10908] FastChat - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2024-10812] GPT Academic v1.3.9 - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2024-6886] Gitea 1.22.0 - Cross-Site Scripting (@soonghee2) [medium]
[CVE-2024-5082] Nexus Repository 2 - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2022-26271] 74cmsSE v3.4.1 - Arbitrary File Read (@ritikchaddha) [high]
[CVE-2022-25226] ThinVNC - Authentication Bypass (@ritikchaddha) [critical] 🔥
[CVE-2022-3766] phpMyFAQ < 3.1.8 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2021-45793] Slims9 Bulian 9.4.2 - SQL Injection (@nblirwn) [high]
[shopify-shared-secret-key] Shopify Shared Secret (@gaurang) [high]
[devdojo-voyager-default-login] DevDojo Voyager - Default login (@iamnoooob, @rootxharsh, @pdresearch) [high]
[datagerry-panel] Datagerry Panel - Detect (@s4e-io) [info]
[dify-panel] Dify Panel - Detect (@s4e-io) [info]
[klog-server-panel] Klog Server Panel - Detect (@s4e-io) [info]
[netalertx-panel] NetAlert X Panel - Detect (@s4e-io) [info]
[opentext-contentserver-panel] OpenText Content Server Login Panel - Detect (@righettod) [info]
[reposilite-panel] Reposilite Login Panel - Detect (@righettod) [info]
[supertokens-login-panel] Supertokens Login Panel - Detect (@rxerium) [info]
[tenemos-t24-panel] Tenemos T24 Login Panel - Detect (@righettod) [info]
[veracore-panel] Veracore Login - Detect (@rxerium) [info]
[secrets-patterns-rules] Secrets Patterns (Rules) (@dwisiswant0) [info]
[casdoor-unauth-operations] Casdoor <=v1.811.0 - Unauthenticated SCIM Operations (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[netalertx-dashboard] NetAlert X Admin Dashboard - Exposed (@s4e-io) [medium]
[attu-detect] Attu - Detect (@s4e-io) [info]
[caobox-cms-detect] Caobox CMS - Detect (@chirag Mistry) [info]
[frappe-framework-detect] Frappe Framework - Detect (@righettod) [info]
[ivanti-endpoint-manager] Ivanti Endpoint Manager - Detect (@ritikchaddha) [info]
[jway-products-detect] JWay Products - Detect (@righettod) [info]
[powerbi-report-server-detect] PowerBI Report Server - Detect (@righettod) [info]
[milvus-detect] Milvus - Detect (@s4e-io) [info]
[nextchat-detect] NextChat - Detect (@s4e-io) [info]
[sekolahku-cms-detect] Sekolahku CMS - Detect (@nblirwn) [info]
[slims-cms-detect] Slims CMS - Detect (@nblirwn) [info]
[netgear-dgn-rce] Netgear DGN Devices - Command Execution (@3th1c_yuk1) [critical]
[slims-8-akasia-xss] Senayan Library Management System v8.3.1 (Akasia) - Cross-Site Scripting (@nblirwn) [medium]
[slims-9-xss-index] Senayan Library Management System v9.5.2 (Bulian) - Cross-Site Scripting (@nblirwn) [medium]

New Contributors

@Sechunt3r made their first contribution in #11531
@mistry4592 made their first contribution in #11516
@nblirwn made their first contribution in #11550
@VulnScout-Chris made their first contribution in #11570
@missing0x00 made their first contribution in #11577
@babariviere made their first contribution in #11604
@kee-reel made their first contribution in #11606
@halil-s4e made their first contribution in #11633
@domwhewell-sage made their first contribution in #11619
@mpatil-netspi made their first contribution in #11613
@halencarjunior made their first contribution in #11623

Full Changelog: v10.1.2...v10.1.3

Contributors

lee, chirag, and 25 other contributors

Assets 3

22 Jan 07:04

princechaddha

v10.1.2

7c90874

v10.1.2

What's Changed

🔥 Release Highlights 🔥

[CVE-2024-57727] SimpleHelp <= 5.5.7 - Unauth Path Traversal (@iamnoooob, @rootxharsh, @pdresearch, @3th1cyuk1) [high] 🔥
[CVE-2024-56145] Craft CMS - Remote Code Execution via Template Path Manipulation (@jackhax) [critical] 🔥
[CVE-2024-50603] Aviatrix Controller - Remote Code Execution (@newlinesec, @securing.pl) [critical] 🔥
[CVE-2024-9264] Grafana Post-Auth DuckDB - SQL Injection To File Read (@princechaddha) [critical] 🔥
[CVE-2024-9047] WordPress File Upload <= 4.24.11 - Arbitrary File Read (@s4e-io) [critical] 🔥
[CVE-2024-7097] WSO2 User Registration - Arbitrary Account Creation (@iamnoooob, @rootxharsh, @pdresearch) [medium] 🔥
[CVE-2023-48788] Fortinet Forticlient Endpoint Management Server - SQL Injection (@james Horseman, @ItshMoh) [critical] 🔥
[CVE-2021-35394] RealTek AP Router SDK - Arbitrary Command Injection (@king-alexander) [critical] 🔥

Bug Fixes

False Negatives

Report Google Client ID from headers #11443
kong-detect misses valid kong endpoint [nuclei-template] #11468
False Negatives in missing-sri #11337

False Positives

False positive templates #11233 CVE-2024-25600
CVE-2024-32651 #10804 false-positive

Enhancements

Update crxde-lite.yaml #11477 (Based on AdobeDocs for AEM 6.5)
Update kong-detect.yaml #11484
Update google-client-id.yaml #11470
Update mfa-console-password-disabled.yaml #11437
Updated hybris-default-login template with default HAC locations #11431
Update jolokia-createstandardhost-rce.yaml #11428
Update old-copyright.yaml #11425
Update sonarqube-cloud-token.yaml #11422
Severity Update Of DAST Templates #11413
Update missing-sri.yaml with css checks #11338
Update php-debugbar-exposure.yaml #10968

Template Updates

New Templates Added: `52` | CVEs Added: `23` | First-time contributions: `14`

[CVE-2024-57727] SimpleHelp <= 5.5.7 - Unauth Path Traversal (@iamnoooob, @rootxharsh, @pdresearch, @3th1cyuk1) [high] 🔥
[CVE-2024-56512] Apache NiFi - Information Disclosure (@dhiyaneshdk) [medium]
[CVE-2024-56145] Craft CMS - Remote Code Execution via Template Path Manipulation (@jackhax) [critical] 🔥
[CVE-2024-55457] MasterSAM Star Gate v11 - Local File Inclusion (@dhiyaneshdk) [high]
[CVE-2024-55218] IceWarp Server 10.2.1 - Cross-Site Scripting (@s4e-io) [medium]
[CVE-2024-54385] Radio Player <= 2.0.82 - Server-Side Request Forgery (@s4e-io) [high]
[CVE-2024-54330] Hurrakify <= 2.4 - Server-Side Request Forgery (@s4e-io) [high]
[CVE-2024-50603] Aviatrix Controller - Remote Code Execution (@newlinesec, @securing.pl) [critical] 🔥
[CVE-2024-48455] Netis Wifi Router - Information Disclosure (@s4e-io) [high]
[CVE-2024-38353] CodiMD <2.5.4 - Insecure Filename Randomization (@denandz, @PulseSecurity.co.nz) [medium]
[CVE-2024-12849] Error Log Viewer By WP Guru <= 1.0.1.3 - Missing Authorization to Arbitrary File Read (@s4e-io) [high]
[CVE-2024-11921] Give WP Plugin < 3.19.0 - Cross-Site Scripting (@Splint3r7) [high]
[CVE-2024-9989] Crypto <= 2.15 - Authentication Bypass (@s4e-io) [critical]
[CVE-2024-9264] Grafana Post-Auth DuckDB - SQL Injection To File Read (@princechaddha) [critical] 🔥
[CVE-2024-9047] WordPress File Upload <= 4.24.11 - Arbitrary File Read (@s4e-io) [critical] 🔥
[CVE-2024-7097] WSO2 User Registration - Arbitrary Account Creation (@iamnoooob, @rootxharsh, @pdresearch) [medium] 🔥
[CVE-2024-0986] Issabel Authenticated - Remote Code Execution (@EunJi) [medium]
[CVE-2023-48788] Fortinet Forticlient Endpoint Management Server - SQL Injection (@james Horseman, @ItshMoh) [critical] 🔥
[CVE-2022-40624] pfSense pfBlockerNG - OS Command Injection (@ritikchaddha) [critical]
[CVE-2022-40443] ZZCMS 2022 - Path Information Disclosure (@ritikchaddha) [low]
[CVE-2021-35394] RealTek AP Router SDK - Arbitrary Command Injection (@king-alexander) [critical] 🔥
[CVE-2021-31324] CentOS Web Panel - OS Command Injection (@ritikchaddha) [critical]
[CVE-2021-31316] CentOS Web Panel - SQL Injection (@ritikchaddha) [critical]
[privesc-agetty] agetty - Privilege Escalation (@bobAKAbill) [high]
[CNVD-2024-33023] UFIDA U8 Cloud - SQL Injection (@s4e-io) [high]
[cloudlog-panel] Cloudlog Panel - Detect (@s4e-io) [info]
[frappe-helpdesk-panel] Frappe Helpdesk Login Panel - Detect (@righettod) [info]
[huly-panel] Huly Login Panel - Detect (@righettod) [info]
[i-librarian-panel] I-Librarian Panel - Detect (@s4e-io) [info]
[opnsense-panel] OPNsense Panel - Detect (@Splint3r7, @johnk3r) [info]
[stirling-pdf-panel] Stirling PDF Panel - Detect (@s4e-io) [info]
[tabby-panel] Tabby Panel - Detect (@s4e-io) [info]
[vaultwarden-panel] Vaultwarden Login Panel - Detect (@righettod) [info]
[yunohost-admin-panel] YunoHost Admin Panel - Detect (@s4e-io) [info]
[javascript-env] JavaScript Environment Configuration - Detect (@pdp, @geeknik, @hetyh) [low]
[sonarqube-cloud-token] SonarQube Cloud Token Disclosure (@dhiyaneshdk) [high]
[crxde-lite] CRXDE Lite - Exposure (@Nadino) [low]
[symfony-rce] Symfony _fragment - Default Key RCE (@Yablargo) [critical]
[khoj-detect] Khoj - Detect (@s4e-io) [info]
[stirling-pdf-detect] Stirling PDF - Detect (@s4e-io) [info]
[tyk-gateway-detect] Tyk API Gateway - Detection (@davidfegyver) [info]
[codimd-unauth-file-upload] CodiMD - File Upload (@denandz, @PulseSecurity.co.nz) [medium]
[jolokia-acceslogvalve-rce] Jolokia write to RCE valve (@pathtaga) [critical]
[jolokia-createstandardhost-rce] Jolokia file write to RCE jfr (@laluka, @pathtaga) [critical]
[jolokia-tomcat-creds-leak] Jolokia <= 1.7.1 Information Leakage (@pathtaga) [critical]
[mamp-server-xss] MAMP Server - Cross-Site Scripting (@ritikchaddha) [medium]
[cloudlog-system-sqli] Cloudlog System - SQL Injection (@s4e-io) [high]
[cpas-managment-lfi] CPAS Management System - Arbitrary Fi23le Read (@s4e-io) [high]
[cpas-managment-sqli] CPAS Management System - SQL Injection (@s4e-io) [high]
[jeeplus-cms-resetpassword-sqli] JeePlus CMS - SQL Injection (@WingBy_fkalis) [high]
[xhibiter-nft-sqli] Xhibiter NFT Marketplace 1.10.2 - SQL Injection (@ProjectDiscoveryAI) [high]
[lantronix-xport-unauth] Lantronix XPort 6.10.0.1 - Unauthenticated Access (@john Osborn (Summit Security Group, @LLC)) [high]

New Contributors

@seqre made their first contribution in #11414
@ItshMoh made their first contribution in #11269
@jackhax made their first contribution in #11421
@malwarework made their first contribution in #10338
@JasonnnW3000 made their first contribution in #11424
@WingBy-Fkalis made their first contribution in #11403
@SuperXiaoxiong made their first contribution in #11449
@hyni03 made their first contribution in #11451
@kayra-s4e made their first contribution in #11458
@newlinesec made their first contribution in #11460
@bobAKAbill made their first contribution in #10391
@amarsct made their first contribution in #11338
@JohnAsbjorn made their first contribution in #11471
@Mahmoud0x00 made their first contribution in #11508

Full Changelog: v10.1.1...v10.1.2

Contributors

james, john, and 35 other contributors

Assets 2

23 Dec 10:40

princechaddha

v10.1.1

0783b20

Alibaba Cloud Config Review - Nuclei Templates v10.1.1 🎉

🔥 Release Highlights 🔥

We’re excited to announce the expansion of the Nuclei Templates with new templates specifically for Alibaba Cloud Configurations. This release introduces a series of specialized security checks tailored for the comprehensive components of Alibaba Cloud services, including ECS instances, RDS databases, OSS buckets, and more. These new templates are crafted to pinpoint common misconfigurations, ensure compliance with regulatory standards, and maintain adherence to industry best practices, leveraging advanced features such as flow and code analysis.

The introduction of these Alibaba Cloud-specific templates empowers security teams to conduct thorough security audits of their Alibaba Cloud environments, uncovering crucial misconfigurations and vulnerabilities. Moreover, this release offers customizable checks that can be tailored to meet the unique operational demands of different teams, aiding in the prompt detection and remediation of security issues.

We encourage contributors and reviewers to provide their valuable feedback and suggestions to help enhance and evolve these Alibaba Cloud security templates further. For more details, please visit our latest blog post.

Other Highlights

[CVE-2024-55956] Cleo Harmony < 5.8.0.24 - File Upload Vulnerability (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-52875] Kerio Control v9.2.5 - CRLF Injection (@ritikchaddha, @iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-50623] Cleo Harmony < 5.8.0.21 - Arbitary File Read (@dhiyaneshdk) [high] 🔥
[CVE-2024-45309] OneDev.io < 11.0.9 - Arbitrary File Read (@isacaya) [high] 🔥
[CVE-2024-41713] Mitel MiCollab - Authentication Bypass (@dhiyaneshdk, @watchtowr) [high] 🔥
[CVE-2024-36404] GeoServer and GeoTools - Remote Code Execution (@ritikchaddha) [critical] 🔥
[CVE-2024-12209] WP Umbrella Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion (@s4e-io) [critical] 🔥
[CVE-2024-8856] WP Time Capsule Plugin - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2020-15906] TikiWiki GroupWare - Auth Bypass (@JeonSungHyun, @gy741, @oIfloraIo, @nechyo, @harksu) [critical] 🔥
[CVE-2020-13935] Apache Tomcat WebSocket Frame Payload Length Validation Denial of Service (@sttlr) [high] 🔥
[CVE-2017-1000353] Jenkins CLI - Java Deserialization (@hnd3884) [critical] 🔥

What's Changed

New Templates Added: `154` | CVEs Added: `31` | First-time contributions: `4`

[CVE-2024-55956] Cleo Harmony < 5.8.0.24 - File Upload Vulnerability (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-52875] Kerio Control v9.2.5 - CRLF Injection (@ritikchaddha, @iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-52433] My Geo Posts Free <= 1.2 - PHP Object Injection (@s4e-io) [critical]
[CVE-2024-50623] Cleo Harmony < 5.8.0.21 - Arbitary File Read (@dhiyaneshdk) [high] 🔥
[CVE-2024-48307] JeecgBoot v3.7.1 - SQL Injection (@lbb, @s4e-io) [critical]
[CVE-2024-45309] OneDev.io < 11.0.9 - Arbitrary File Read (@isacaya) [high] 🔥
[CVE-2024-45293] TablePress < 2.4.3 - XXE Injection (@iamnoooob, @ritikchaddha) [high]
[CVE-2024-41713] Mitel MiCollab - Authentication Bypass (@dhiyaneshdk, @watchtowr) [high] 🔥
[CVE-2024-39887] Apache Superset < 4.0.2 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [medium]
[CVE-2024-36404] GeoServer and GeoTools - Remote Code Execution (@ritikchaddha) [critical] 🔥
[CVE-2024-24116] Ruijie RG-NBS2009G-P - Improper Authentication (@friea) [critical]
[CVE-2024-12209] WP Umbrella Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion (@s4e-io) [critical] 🔥
[CVE-2024-11728] KiviCare Clinic & Patient Management System (EHR) <= 3.6.4 - SQL Injection (@samogod, @s4e-io) [high]
[CVE-2024-11305] Altenergy Power Control Software - SQL Injection (@s4e-io) [medium]
[CVE-2024-11303] Korenix JetPort 5601v3 - Path Traversal (@geeknik) [high]
[CVE-2024-10516] Swift Performance Lite < 2.3.7.2 - Local PHP File Inclusion (@ritikchaddha) [high]
[CVE-2024-10400] Tutor LMS <= 2.7.6 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-8859] Mlflow < 2.17.0 - Local File Inclusion (@gy741) [critical]
[CVE-2024-8856] WP Time Capsule Plugin - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2023-50094] reNgine 2.2.0 - Command Injection (@Zierax) [high]
[CVE-2023-46455] GL.iNet <= 4.3.7 - Arbitrary File Write (@Zierax) [high]
[CVE-2023-37599] Issabel PBX 4.0.0-6 - Directory Listing (@ritikchaddha) [high]
[CVE-2023-6697] WP Go Maps (formerly WP Google Maps) < 9.0.29 - Cross-Site Scripting (@iamnoooob, @ritikchaddha) [medium]
[CVE-2023-3990] Mingsoft MCMS < 5.3.1 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-1119] WP-Optimize WordPress plugin < 3.2.13 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2022-4375] Mingsoft MCMS - SQL Injection (@ritikchaddha) [critical]
[CVE-2022-2552] Duplicator < 1.4.7.1 - Information Disclosure (@iamnoooob, @ritikchaddha) [medium]
[CVE-2020-15906] Tiki Wiki CMS GroupWare - Authentication Bypass (@JeonSungHyun[nukunga], @gy741, @oIfloraIo, @nechyo, @harksu) [critical] 🔥
[CVE-2020-13935] Apache Tomcat WebSocket Frame Payload Length Validation Denial of Service (@sttlr) [high] 🔥
[CVE-2019-9912] WP Google Maps < 7.10.43 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2017-1000353] Jenkins CLI - Java Deserialization (@hnd3884) [critical] 🔥
[ack-cluster-api-public] Public Access to ACK Cluster's API Server - Enabled (@ritikchaddha) [high]
[ack-cluster-auditing-disable] Cluster Auditing with Simple Log Service - Disabled (@ritikchaddha) [low]
[ack-cluster-cloud-monitor-disable] Cloud Monitor for ACK Clusters - Disable (@ritikchaddha) [medium]
[ack-cluster-health-disable] ACK Clusters Check - Disable (@ritikchaddha) [medium]
[ack-cluster-network-policies-disable] Enforced Cluster Support for Network Policies - Disabled (@ritikchaddha) [medium]
[ack-cluster-network-policies-missing] Cluster Support for Network Policies - Missing (@ritikchaddha) [medium]
[kubernetes-dashboard-enabled] Kubernetes Dashboard for ACK Clusters - Enabled (@ritikchaddha) [medium]
[multi-region-logging-disabled] Global Service (Multi-Region) Logging - Disabled (@dhiyaneshdk) [high]
[public-actiontrail-bucket] ActionTrail Log Buckets - Publicly Exposed (@ritikchaddha) [high]
[alibaba-cloud-code-env] Alibaba Cloud Environment Validation (@dhiyaneshdk) [info]
[os-patches-outdated] OS Patches - Outdated (@dhiyaneshdk) [medium]
[unattached-disk-encryption-disabled] Encryption for Unattached Disks - Disabled (@dhiyaneshdk) [high]
[unattached-vminstance-encryption-disabled] Encryption for VM Instance Disks - Disabled (@dhiyaneshdk) [high]
[unrestricted-rdp-access] Unrestricted - RDP Access (@dhiyaneshdk) [high]
[unrestricted-ssh-access] Unrestricted - SSH Access (@dhiyaneshdk) [high]
[access-logoss-disabled] Access Logging for OSS Buckets - Disabled (@dhiyaneshdk) [medium]
[improper-bucket-sse] Improper Bucket Server-Side Encryption (@ritikchaddha) [medium]
[limit-networkaccess-disabled] Limit Network Access to Selected Networks - Disabled (@dhiyaneshdk) [medium]
[oos-bucket-public-access] OSS Bucket Public Accessible (@dhiyaneshdk) [high]
[secure-transfeross-disabled] Secure Transfer for OSS Buckets - Disabled (@dhiyaneshdk) [medium]
[sse-cmk-disabled] Server-Side Encryption with Customer Managed Key - Disabled (@ritikchaddha) [high]
[sse-smk-disabled] Server-Side Encryption with Service Managed Key - Disabled (@ritikchaddha) [high]
[custom-ram-policy-admin-priv] Custom RAM Policies With Full Administrative Privileges (@dhiyaneshdk) [high]
[max-password-retry-disabled] Maximum Password Retry Constraint Policy - Disabled (@dhiyaneshdk) [medium]
[mfa-console-password-disabled] MFA For RAM Users With Console Password - Disabled (@dhiyaneshdk) [medium]
[password-policy-expiration-unconfigured] RAM Password Policy Expiration - Unconfigured (@dhiyaneshdk) [medium]
[password-policy-length-unconfigured] RAM Password Policy requires Minimum Length 14 or Greater (@dhiyaneshdk) [medium]
[password-policy-lowercase-unconfigured] RAM Password Policy requires atleast One Lowercase - Unconfigured (@dhiyaneshdk) [medium]
[password-policy-num-unconfigured] RAM Password Policy requires atleast One Number - Unconfigured (@dhiyaneshdk) [medium]
[password-policy-reuse-enabled] RAM Password Policy Reuse - Enabled (@dhiyaneshdk) [medium]
[password-policy-symbol-unconfigured] RAM Password Policy requires atleast One Symbol - Unconfigured (@dhiyaneshdk) [medium]
[password-policy-uppercase-unconfigured] RAM Password Policy requires atleast One Uppercase - Unconfigured (@dhiyaneshdk) [medium]
[encryption-intransit-disabled] RDS Encryption in Transit - Disabled (@dhiyaneshdk) [high]
[log-connections-disabled] PostgreSQL "log_connections" Parameter - Disabled (@dhiyaneshdk) [medium]
[log-disconnections-disabled] PostgreSQL "log_disconnections" Parameter - Disabled (@dhiyaneshdk) [medium]
[log-duration-disabled] PostgreSQL "log_duration" Parameter - Disabled (@dhiyaneshdk) [medium]
[mssql-audit-disabled] Microsoft SQLServer Database Instances - SQL Auditing Disabled (@dhiyaneshdk) [high]
[mysql-audit-disabled] MySQL Database Instances - SQL Auditing Disabled (@dhiyaneshdk) [high]
[postgresql-audit-disabled] PostgreSQL Database Instances - SQL Auditing Disabled (@dhiyaneshdk) [high]
[rds-audit-disabled] RDS Database Instances - SQL Auditing Disabled (@dhiyaneshdk) [high]
[transparent-encryption-disabled] Transparent Data Encryption - Disabled (@dhiyaneshdk) [medium]
[scheduled-vulnscan-disabled] Scheduled Vulnerability Scan - Disabled (@dhiyaneshdk) [medium]
[security-notificati...

Contributors

geeknik, stealthcopter, and 29 other contributors

Assets 3

04 Dec 15:15

princechaddha

v10.1.0

f2a6d1c

Windows Security Hardening and Auditing - Nuclei Templates v10.1.0 🎉

🔥 Release Highlights 🔥

We're excited to announce the latest expansion of the Nuclei Templates with a new set of templates tailored for Windows Security Hardening and Auditing. This update introduces a comprehensive array of security checks specifically designed for Windows environments, covering crucial areas such as password policies, encryption settings, certificate validation, and remote access configurations. These templates are added to detect common misconfigurations, ensure compliance with regulatory standards, and uphold adherence to industry best practices.

The introduction of these Windows-specific templates equips security teams to conduct audits of their Windows configurations, uncovering critical vulnerabilities and misconfigurations that could lead to potential security breaches.

We encourage contributors and reviewers to provide their valuable feedback and suggestions to help further enhance and update these Windows security templates. For more details, please visit our latest blog post.

Other Highlights

[CVE-2024-51482] ZoneMinder v1.37.* <= 1.37.64 - SQL Injection (@ritikchaddha) [critical] 🔥
[CVE-2024-50498] WP Query Console <= 1.0 - Remote Code Execution (@s4e-io) [critical] 🔥
[CVE-2024-46938] Sitecore Experience Platform <= 10.4 - Arbitrary File Read (@dhiyaneshdk) [high] 🔥
[CVE-2024-42640] Angular-Base64-Upload - Remote Code Execution (@s4e-io) [critical] 🔥
[CVE-2024-38653] Ivanti Avalanche SmartDeviceServer - XML External Entity (@dhiyaneshdk) [high] 🔥
[CVE-2024-10924] Really Simple Security < 9.1.2 - Authentication Bypass (@yaser_s) [critical] 🔥
[CVE-2024-9474] PAN-OS Management - Command Injection (@watchtowr, @iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-0012] PAN-OS Management Web Interface - Authentication Bypass (@johnk3r, @watchtowr) [critical] 🔥
[CVE-2022-41800] F5 BIG-IP Appliance Mode - Command Injection (@dwisiswant0) [high] 🔥
[CVE-2016-8735] Apache Tomcat - Remote Code Execution via JMX Ports (@hnd3884) [critical] 🔥

What's Changed

New Templates Added: `110` | CVEs Added: `23` | First-time contributions: `5`

[CVE-2024-51482] ZoneMinder v1.37.* <= 1.37.64 - SQL Injection (@ritikchaddha) [critical] 🔥
[CVE-2024-50498] WP Query Console <= 1.0 - Remote Code Execution (@s4e-io) [critical] 🔥
[CVE-2024-46938] Sitecore Experience Platform <= 10.4 - Arbitrary File Read (@dhiyaneshdk) [high] 🔥
[CVE-2024-43919] YARPP <= 5.30.10 - Missing Authorization (@s4e-io) [critical]
[CVE-2024-42640] Angular-Base64-Upload - Remote Code Execution (@s4e-io) [critical] 🔥
[CVE-2024-38653] Ivanti Avalanche SmartDeviceServer - XML External Entity (@dhiyaneshdk) [high] 🔥
[CVE-2024-10924] Really Simple Security < 9.1.2 - Authentication Bypass (@yaser_s) [critical] 🔥
[CVE-2024-9935] PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Arbitrary File Download (@s4e-io) [high]
[CVE-2024-9474] PAN-OS Management Web Interface - Command Injection (@watchtowr, @iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-9186] Automation By Autonami < 3.3.0 - SQL Injection (@s4e-io) [high]
[CVE-2024-3848] Mlflow < 2.11.0 - Path Traversal (@gy741) [high]
[CVE-2024-1483] Mlflow < 2.9.2 - Path Traversal (@gy741) [high]
[CVE-2024-0012] PAN-OS Management Web Interface - Authentication Bypass (@johnk3r, @watchtowr) [critical] 🔥
[CVE-2022-48166] Wavlink WL-WN530HG4 M30HG4.V5030.201217 - Information Disclosure (@ritikchaddha) [high]
[CVE-2022-48164] Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure (@ritikchaddha) [high]
[CVE-2022-44356] WAVLINK Quantum D4G (WL-WN531G3) - Information Disclosure (@ritikchaddha) [high]
[CVE-2022-41800] F5 BIG-IP Appliance Mode - Command Injection (@dwisiswant0) [high] 🔥
[CVE-2022-24819] XWiki < 12.10.11, 13.4.4 & 13.9-rc-1 - Information Disclosure (@ritikchaddha) [medium]
[CVE-2022-2130] Microweber < 1.2.17 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2022-0250] Redirection for Contact Form 7 < 2.5.0 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2021-34630] GTranslate < 2.8.65 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2020-24881] OsTicket < 1.14.3 - Server Side Request Forgery (@hnd3884) [critical]
[CVE-2016-8735] Apache Tomcat - Remote Code Execution via JMX Ports (@hnd3884) [critical] 🔥
[k8s-missing-network-policies] Check for Missing Network Policies in Kubernetes (@princechaddha) [medium]
[allow-unencrypted-ftp] Allow Unencrypted FTP (@princechaddha) [high]
[allow-untrusted-certificates] System Allows Untrusted Certificates (@princechaddha) [medium]
[anonymous-sam-enumeration-enabled] Anonymous Enumeration of SAM Accounts Enabled (@princechaddha) [high]
[anonymous-sid-enumeration-enabled] Anonymous SID Enumeration Enabled (@princechaddha) [medium]
[audit-logging-disabled] Audit Logging Disabled (@princechaddha) [high]
[audit-logs-not-archived] Audit Logs Not Archived When Full (@princechaddha) [high]
[auto-logon-enabled] AutoLogon Enabled (@princechaddha) [medium]
[automatic-windows-updates-disabled] Automatic Windows Updates Disabled (@princechaddha) [medium]
[autoplay-removable-media-enabled] AutoPlay Enabled for Removable Media (@princechaddha) [medium]
[autorun-scripts-startup-folder] Autorun Scripts in Startup Folder (@princechaddha) [medium]
[credential-guard-disabled] Credential Guard Not Enabled (@princechaddha) [high]
[device-guard-not-configured] Device Guard Not Configured (@princechaddha) [high]
[display-last-username-enabled] Do Not Display Last User Name Disabled (@princechaddha) [medium]
[download-unsigned-activex-allowed] Download of Unsigned ActiveX Controls Allowed (@princechaddha) [high]
[ftp-service-running] FTP Service Running (@princechaddha) [high]
[guest-account-enabled] Guest Account Enabled (@princechaddha) [high]
[hyperv-enhanced-session-mode-enabled] Hyper-V Enhanced Session Mode Enabled (@princechaddha) [medium]
[insecure-cipher-suites-enabled] Insecure Cipher Suites Enabled (@princechaddha) [high]
[llmnr-disabled] LLMNR Disabled (@princechaddha) [medium]
[lm-hash-storage-enabled] LM Hash Storage Enabled (@princechaddha) [high]
[lm-ntlmv1-authentication-enabled] LM and NTLMv1 Authentication Enabled (@princechaddha) [high]
[max-password-age-too-high] Maximum Password Age Set Too High or Unlimited (@princechaddha) [medium]
[minimum-password-age-zero] Minimum Password Age Set to Zero (@princechaddha) [medium]
[netbios-disabled] NetBIOS Disabled (@princechaddha) [medium]
[network-discovery-public-disabled] Network Discovery Disabled on Public Networks (@princechaddha) [medium]
[null-session-allowed] Null Session Allowed (@princechaddha) [high]
[password-complexity-disabled] Password Complexity Requirements Disabled (@princechaddha) [high]
[password-history-size-low] Password History Size Too Low (@princechaddha) [medium]
[password-reset-lock-screen-enabled] Password Reset from Lock Screen Enabled (@princechaddha) [medium]
[plaintext-passwords-in-memory] Plaintext Passwords Stored in Memory (@princechaddha) [high]
[rdp-connections-without-password-allowed] Remote Desktop Connections Allowed Without Password (@princechaddha) [high]
[rdp-drive-redirection-allowed] Remote Desktop Users Can Redirect Drives (@princechaddha) [medium]
[rdp-nla-disabled] Network Level Authentication for RDP Disabled (@princechaddha) [high]
[remote-assistance-enabled] Check Remote Assistance Misconfiguration (@princechaddha) [medium]
[remote-desktop-enabled-non-server] Remote Desktop Enabled on Non-Server OS (@princechaddha) [high]
[restrict-anonymous-access-disabled] Restrict Anonymous Access Disabled (@princechaddha) [high]
[reversible-encryption-passwords-enabled] Store Passwords Using Reversible Encryption Enabled (@princechaddha) [critical]
[safe-dll-search-mode-disabled] Safe DLL Search Mode Disabled (@princechaddha) [high]
[secure-boot-disabled] Secure Boot Not Enabled (@princechaddha) [high]
[shutdown-without-logon-allowed] System Allows Shutdown Without Logging On (@princechaddha) [medium]
[smb-allow-unencrypted-passwords] Unencrypted Passwords to SMB Servers Allowed (@princechaddha) [high]
[smb-signing-not-required] SMB Signing Not Required (@princechaddha) [high]
[smb-v1-enabled] SMB v1 Protocol Enabled (@princechaddha) [critical]
[sticky-keys-enabled-login] Sticky Keys Enabled at Login Screen (@princechaddha) [high]
[telnet-service-misconfiguration] Check for Misconfigured Telnet Service (@princechaddha) [high]
[uac-elevate-without-prompt] UAC Elevate Without Prompting Enabled (@princechaddha) [high]
[unencrypted-file-sharing-enabled] Unencrypted File Sharing Enabled (@princechaddha) [medium]
[unsigned-kernel-mode-drivers-allowed] Installation of Unsigned Kernel-Mode Drivers Allowed (@princechaddha) [high]
[usb-storage-not-restricted] USB Storage Devices Not Restricted (@princechaddha) [medium]
[weak-ssl-tls-protocols-enabled] Weak SSL/TLS Protocols Enabled (@princechaddha) [critical]
[windows-active-desktop-enabled] Active Desktop Enabled (@princechaddha) [medium]
[windows-administrative-shares-enabled] Administrative Shares Enabled (@princechaddha) [high]
[windows-administrator-blank-password] Built-in Administrator Account Has Blank Password (@princechaddha) [high]
[windows-anonymous-sid-enumeration-allowed] Windows Allows Anonymous SID Enumeration (@princechaddha) [medium]
[windows-autorun-enabled] AutoRun Enabled (@princechaddha) [medium]
[windows-credential-manager-plaintext-passwords-allowed] Credential Manager Allows Storing of Plain Text Passwords (@princechaddha) [high]
[windows-defender-realtime-protection-disabled] Windows Defender Real-Time Protection Disabled (@princechaddha) [high]
[windows-dep-disabled] Dat...

Contributors

ricardomaia, righettod, and 19 other contributors

Assets 3

18 Nov 06:26

princechaddha

v10.0.4

e10543a

v10.0.4

What's Changed

🔥 Release Highlights 🔥

[CVE-2024-50340] Symfony Profiler - Remote Access via Injected Arguments (@dhiyaneshdk) [high] 🔥
[CVE-2024-35219] OpenAPI Generator <= 7.5.0 - Arbitrary File Read/Delete (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-10914] D-Link NAS - Command Injection via Name Parameter (@s4e-io) [critical] 🔥
[CVE-2024-9487] GitHub Enterprise - SAML Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-8963] Ivanti Cloud Services Appliance - Path Traversal (@johnk3r) [critical] 🔥
[CVE-2024-6049] Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal (@s4e-io) [high] 🔥
[CVE-2019-0192] Apache Solr - Deserialization of Untrusted Data (@hnd3884) [critical] 🔥

Bug Fixes

Merging Duplicate - CVE-2024-7928 & fastadmin-lfi (Issue #11135).

False Negatives

No updates

False Positives

False Positive Detection for Cloudflare in CSP (Issues #11138, #11139).
CVE-2018-11784 FP (Issue #10495).
False Positive … CVE-2023-46805 (Issue #11170).
Fix FP CVE-2023-46805.yaml (Issue #11198).
Fixfp phpwind-installer (Issue #11168).
Fix: fp CVE-2023-43373.yaml (Issue #11130).
Removing one case of FPs http/fuzzing/xff-403-bypass.yaml (Issue #10998).
Fix fp http/misconfiguration/proxy/metadata-alibaba.yaml (Issue #10976).

Enhancements

Refactor the “Thruk Panel” template (Issue #11206).
Rename spring4shell-CVE-2022-22965.yaml to CVE-2022-22965.yaml for consistency (Issue #11204).
Update linux-lfi-fuzz.yaml (Issue #11169).
Update CVE-2022-0968.yaml (Issue #11150).

Template Updates

New Templates Added: `74` | CVEs Added: `26` | First-time contributions: `7`

[CVE-2024-51483] Changedetection.io <= 0.47.4 - Path Traversal (@iamnoooob, @rootxharsh, @pdresearch) [medium]
[CVE-2024-50340] Symfony Profiler - Remote Access via Injected Arguments (@dhiyaneshdk) [high] 🔥
[CVE-2024-48360] Qualitor <= v8.24 - Server-Side Request Forgery (@s4e-io) [high]
[CVE-2024-36117] Reposilite >= 3.3.0, < 3.5.12 - Arbitrary File Read (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-35219] OpenAPI Generator <= 7.5.0 - Arbitrary File Read/Delete (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-10915] D-Link NAS - Command Injection via Group Parameter (@s4e-io) [critical]
[CVE-2024-10914] D-Link NAS - Command Injection via Name Parameter (@s4e-io) [critical] 🔥
[CVE-2024-10081] CodeChecker <= 6.24.1 - Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2024-9487] GitHub Enterprise - SAML Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-8963] Ivanti Cloud Services Appliance - Path Traversal (@johnk3r) [critical] 🔥
[CVE-2024-8673] Z-Downloads < 1.11.7 - Cross-Site Scripting (@Splint3r7) [low]
[CVE-2024-6420] Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure (@JPG0mez) [high]
[CVE-2024-6049] Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal (@s4e-io) [high] 🔥
[CVE-2024-4841] LoLLMS WebUI - Subfolder Prediction via Path Traversal (@s4e-io) [medium]
[CVE-2023-49494] DedeCMS v5.7.111 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2022-31260] ResourceSpace - Metadata Export (@ritikchaddha) [medium]
[CVE-2022-28033] Atom.CMS 2.0 - SQL Injection (@ritikchaddha) [critical]
[CVE-2022-0479] Popup Builder Plugin - SQL Injection and Cross-Site Scripting (@ritikchaddha) [critical]
[CVE-2021-44260] WAVLINK AC1200 - Information Disclosure (@ritikchaddha) [high]
[CVE-2021-24934] Visual CSS Style Editor < 7.5.4 - Cross-Site Scripting (@Splint3r7) [medium]
[CVE-2019-1003000] Jenkins Script Security Plugin <=1.49 - Sandbox Bypass (@sttlr) [high]
[CVE-2019-0192] Apache Solr - Deserialization of Untrusted Data (@hnd3884) [critical] 🔥
[CVE-2018-10383] Lantronix SecureLinx Spider (SLS) 2.2+ - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2017-18590] Timesheet Plugin < 0.1.5 - Cross-Site Scripting (@Spling3r7) [medium]
[CVE-2016-10976] Safe Editor Plugin < 1.2 - CSS/JS-injection (@Splint3r7) [medium]
[CVE-2014-0160] OpenSSL Heartbleed Vulnerability (@pussycat0x) [high]
[stack-notification-disabled] CloudFormation Stack Notification - Disabled (@dhiyaneshdk) [medium]
[stack-policy-not-inuse] CloudFormation Stack Policy - Not In Use (@dhiyaneshdk) [medium]
[stack-termination-disabled] CloudFormation Termination Protection - Disabled (@dhiyaneshdk) [medium]
[cloudfront-compress-object] CloudFront Compress Objects Automatically (@dhiyaneshdk) [low]
[cloudfront-custom-certificates] Cloudfront Custom SSL/TLS Certificates - In Use (@dhiyaneshdk) [medium]
[cloudfront-geo-restriction] CloudFront Geo Restriction - Not Enabled (@dhiyaneshdk) [info]
[cloudfront-insecure-protocol] CloudFront Insecure Origin SSL Protocols (@dhiyaneshdk) [medium]
[cloudfront-integrated-waf] CloudFront Integrated With WAF (@dhiyaneshdk) [medium]
[cloudfront-logging-disabled] Cloudfront Logging Disabled (@dhiyaneshdk) [medium]
[cloudfront-origin-shield] CloudFront Origin Shield - Not Enabled (@dhiyaneshdk) [info]
[cloudfront-security-policy] CloudFront Security Policy (@dhiyaneshdk) [medium]
[cloudfront-traffic-unencrypted] CloudFront Traffic To Origin Unencrypted (@dhiyaneshdk) [medium]
[cloudfront-viewer-policy] CloudFront Viewer Protocol Policy (@dhiyaneshdk) [medium]
[secret-manager-not-inuse] Secrets Manager Not In Use (@dhiyaneshdk) [info]
[secret-rotation-interval] Secret Rotation Interval (@dhiyaneshdk) [medium]
[secrets-rotation-disabled] Secret Rotation Disabled (@dhiyaneshdk) [medium]
[aspnet-framework-exceptions] ASP.NET Framework Exceptions (@aayush Dhakal) [info]
[nodejs-framework-exceptions] Node.js Framework Exceptions (@aayush Dhakal) [info]
[bigant-default-login] BigAnt - Default Password (@ritikchaddha) [critical]
[minio-object-default-login] MinIO Console Object Store - Default Login (@johnk3r) [high]
[actifio-panel] Actifio Resource Center - Panel (@Splint3r7) [info]
[adapt-panel] Adapt Authoring Tool - Panel (@Splint3r7) [info]
[aethra-panel] Aethra Telecommunications Login - Panel (@Splint3r7) [info]
[akuiteo-panel] Akuiteo Login Panel - Detect (@righettod) [info]
[alamos-panel] Alamos GmbH Panel - Detect (@Splint3r7) [info]
[alfresco-panel] Alfresco Content App Panel - Detect (@Splint3r7) [info]
[alternc-panel] AlternC Desktop Panel - Detect (@Splint3r7) [info]
[anmelden-panel] Anmelden | OPNsense Panel - Detect (@Splint3r7) [info]
[cyberpanel-panel] Cyberpanel Login Panel - Detect (@mailler) [info]
[deepmail-panel] Advanced eMail Solution DEEPMail - Panel (@Splint3r7) [info]
[ghe-encrypt-saml] GitHub Enterprise - Encrypted SAML (@rootxharsh, @iamnoooob, @pdresearch) [info]
[hyperplanning-panel] HYPERPLANNING Login Panel - Detect (@righettod) [info]
[nexpose-panel] Rapid7 Nexpose VM Security Console - Detect (@johnk3r) [info]
[panos-management-panel] PAN-OS Management Panel - Detect (@bhutch) [info]
[pronote-panel] PRONOTE Login Panel - Detect (@righettod) [info]
[quest-panel] Quest Modem Configuration Login - Panel (@Splint3r7) [info]
[quivr-panel] Quivr Panel - Detect (@s4e-io) [info]
[thruk-panel] Thruk Login Panel - Detect (@ffffffff0x, @righettod) [info]
[ip-webcam] IP Webcam Viewer Page - Detect (@gy741) [low]
[azure-blob-core-detect] Azure Blob Core Service - Detect (@ProjectDiscoveryAI) [info]
[atlantis-dashboard] Atlantis Dashboard - Exposure (@dhiyaneshdk) [medium]
[pgwatch2-db-exposure] Pgwatch2 DBs to monitor - Exposure (@dhiyaneshdk) [high]
[amazon-ecs-defualt-page] Amazon ECS Sample App Default Page - Detect (@Splint3r7) [info]
[hubble-detect] Hubble - Detect (@righettod) [info]
[localai-detect] LocalAI - Detect (@s4e-io) [info]
[pghero-detect] PgHero - Detect (@righettod) [info]
[flexmls-idx-detect] Flexmls IDX - Detect (@rxerium, @sorrowx3) [info]
[lottie-backdoor] Lottie Player - Backdoor (@nagli-wiz) [critical]

New Contributors

@AV-IO made their first contribution in #11132
@aayush2561 made their first contribution in #11104
@hnd3884 made their first contribution in #11127
@s4hm4d made their first contribution in #11149
@00xSayDoo made their first contribution in #11139
@andymcao made their first contribution in #11169
@cxbt made their first contribution in #11204

Full Changelog: v10.0.3...v10.0.4

Contributors

aayush, righettod, and 23 other contributors

Assets 3

01 Nov 13:55

princechaddha

v10.0.3

28cf30d

v10.0.3

What's Changed

🔥 Release Highlights 🔥

[CVE-2024-48914] Vendure - Arbitrary File Read (@s4e-io) [critical] 🔥
[CVE-2024-45216] Apache Solr - Authentication Bypass (@gumgum) [critical] 🔥
[CVE-2024-44349] AnteeoWMS < v4.7.34 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-43360] ZoneMinder - SQL Injection (@s4e-io) [critical] 🔥
[CVE-2024-40711] Veeam Backup & Replication - Unauth (@rootxharsh, @iamnoooob, @dhiyaneshdk) [critical] 🔥
[CVE-2024-39713] Rocket.Chat - Server-Side Request Forgery (SSRF) (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-32735] CyberPower - Missing Authentication (@dhiyaneshdk) [critical] 🔥
[CVE-2024-9593] Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Remote Code Execution (@s4e-io) [high] 🔥
[CVE-2024-9234] GutenKit <= 2.1.0 - Arbitrary File Upload (@s4e-io) [critical] 🔥
[CVE-2024-3656] Keycloak < 24.0.5 - Broken Access Control (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-2961] PHP - LFR to RCE (@kim Dongyoung (Kairos-hk), @bolkv, @n0ming, @RoughBoy0723) [high]
[CVE-2023-43373] Hoteldruid v3.0.5 - SQL Injection (@ritikchaddha) [critical] 🔥
[CVE-2016-9299] Jenkins CLI - HTTP Java Deserialization (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[cyberpanel-rce] CyberPanel v2.3.6 Pre-Auth RCE (@dhiyaneshdk) [critical] 🔥

Bug Fixes

Resolved issue with time-based SQL injection flow (Issue #11029).
Corrected detection for CVE-2016-9299 (Issue #11121).
Fixed false positive for appspec-yml-disclosure.yaml template (Issue #11112).
Refactored "Django Admin Panel" template (Issue #11044).
Improved prototype pollution checks to prevent insecure sanitization bypass (Issue #10589).

False Negatives

Corrected false negative in CVE-2024-34982 detection (Issue #11111).
Fixed false negative in CVE-2023-39650 (Issue #11043).
Addressed false negative for iam-user-password-change detection (Issue #11027).

False Positives

Reduced false positives in weaver-checkserver-sqli template (Issue #11123).

Enhancements

Added templates for AWS services: EFS, Inspector2, GuardDuty, Firehose, DMS, EBS, ElastiCache, Route53, and RDS.
Introduced time-based tags for improved classification (Issue #11006).

Template Updates

New Templates Added: `116` | CVEs Added: `52` | First-time contributions: `7`

[CVE-2024-49757] Zitadel - User Registration Bypass (@sujal Tuladhar) [high]
[CVE-2024-48914] Vendure - Arbitrary File Read (@s4e-io) [critical] 🔥
[CVE-2024-46310] FXServer < v9601 - Information Exposure (@s4e-io) [medium]
[CVE-2024-45488] SafeGuard for Privileged Passwords < 7.5.2 - Auth Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2024-45216] Apache Solr - Authentication Bypass (@gumgum) [critical] 🔥
[CVE-2024-44349] AnteeoWMS < v4.7.34 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-43360] ZoneMinder - SQL Injection (@s4e-io) [critical] 🔥
[CVE-2024-40711] Veeam Backup & Replication - Unauth (@rootxharsh, @iamnoooob, @dhiyaneshdk) [critical] 🔥
[CVE-2024-39713] Rocket.Chat - Server-Side Request Forgery (SSRF) (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-35584] openSIS < 9.1 - SQL Injection (@s4e-io) [high]
[CVE-2024-32739] CyberPower < v2.8.3 - SQL Injection (@dhiyaneshdk) [high]
[CVE-2024-32738] CyberPower - SQL Injection (@dhiyaneshdk) [high]
[CVE-2024-32737] CyberPower - SQL Injection (@dhiyaneshdk) [high]
[CVE-2024-32736] CyberPower < v2.8.3 - SQL Injection (@dhiyaneshdk) [high]
[CVE-2024-32735] CyberPower - Missing Authentication (@dhiyaneshdk) [critical] 🔥
[CVE-2024-22476] Intel Neural Compressor <2.5.0 - SQL Injection (@ritikchaddha) [critical]
[CVE-2024-9796] WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection (@s4e-io) [critical]
[CVE-2024-9617] Danswer - Insecure Direct Object Reference (@s4e-io) [medium]
[CVE-2024-9593] Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Remote Code Execution (@s4e-io) [high] 🔥
[CVE-2024-9234] GutenKit <= 2.1.0 - Arbitrary File Upload (@s4e-io) [critical] 🔥
[CVE-2024-9061] WP Popup Builder Popup Forms <= 1.3.5 - Arbitrary Shortcode Execution (@s4e-io) [high]
[CVE-2024-8698] Keycloak - SAML Core Package Signature Validation Flaw (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-5910] Palo Alto Expedition - Admin Account Takeover (@johnk3r) [critical]
[CVE-2024-4439] WordPress Core <6.5.2 - Cross-Site Scripting (@nqdung2002) [high]
[CVE-2024-3656] Keycloak < 24.0.5 - Broken Access Control (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-2961] PHP - LFR to RCE (@kim Dongyoung (Kairos-hk), @bolkv, @n0ming, @RoughBoy0723) [high]
[CVE-2023-43373] Hoteldruid v3.0.5 - SQL Injection (@ritikchaddha) [critical] 🔥
[CVE-2023-40931] Nagios XI v5.11.0 - SQL Injection (@ritikchaddha) [medium]
[CVE-2023-40755] PHPJabbers Callback Widget v1.0 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-40753] PHPJabbers Ticket Support Script v3.2 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-40752] PHPJabbers Make an Offer Widget v1.0 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-40751] PHPJabbers Fundraising Script v1.0 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-40750] PHPJabbers Yacht Listing Script v1.0 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-40749] PHPJabbers Food Delivery Script v3.0 - SQL Injection (@ritikchaddha) [critical]
[CVE-2023-40748] PHPJabbers Food Delivery Script - SQL Injection (@ritikchaddha) [critical]
[CVE-2023-39560] ECTouch v2 - SQL Injection (@s4e-io) [critical]
[CVE-2023-38040] Revive Adserver 5.4.1 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-5561] WordPress Core - Post Author Email Disclosure (@nqdung2002) [medium]
[CVE-2023-5558] LearnPress < 4.2.5.5 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-2745] WordPress Core <=6.2 - Directory Traversal (@nqdung2002) [medium]
[CVE-2023-1318] osTicket < v1.16.6 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-1317] osTicket < v1.16.6 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-1315] osTicket < v1.16.6 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2021-45811] osTicket 1.15.x - SQL Injection (@ritikchaddha) [medium]
[CVE-2021-38156] Nagios XI < 5.8.6 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2019-8943] WordPress Core 5.0.0 - Crop-image Shell Upload (@sttlr) [medium]
[CVE-2018-7196] osTicket < 1.10.2 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2018-7193] osTicket < 1.10.2 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2018-7192] osTicket < 1.10.2 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2017-5868] OpenVPN Access Server 2.1.4 - CRLF Injection (@ritikchaddha) [medium]
[CVE-2016-9299] Jenkins CLI - HTTP Java Deserialization (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2015-8562] Joomla HTTP Header Unauth - RCE (@kairos-hk, @bolkv, @n0ming, @RoughBoy0723) [high]
[dms-multi-az] DMS Multi-AZ Not Enabled (@dhiyaneshdk) [medium]
[dms-public-access] Publicly Accessible DMS Replication Instances (@dhiyaneshdk) [medium]
[dms-version-upgrade] DMS Auto Minor Version Upgrade (@dhiyaneshdk) [medium]
[ebs-encryption-disabled] EBS Encryption - Disabled (@dhiyaneshdk) [high]
[efs-encryption-disabled] EFS Encryption - Disabled (@dhiyaneshdk) [medium]
[cache-automatic-backups-disabled] ElastiCache Automatic Backups - Disabled (@dhiyaneshdk) [medium]
[cache-event-notification-disabled] ElastiCache Event Notifications - Disabled (@dhiyaneshdk) [medium]
[cache-redis-encryption-disabled] ElastiCache Redis In-Transit and At-Rest Encryption - Disabled (@dhiyaneshdk) [high]
[cache-redis-multiaz-disabled] ElastiCache Redis Multi-AZ - Disabled (@dhiyaneshdk) [medium]
[firehose-server-destination-encryption] Firehose Delivery Stream Destination Encryption - Disabled (@dhiyaneshdk) [medium]
[firehose-server-side-encryption] Firehose Delivery Stream Server-Side Encryption - Disabled (@dhiyaneshdk) [high]
[guardduty-findings] Open GuardDuty Findings (@dhiyaneshdk) [medium]
[guardduty-not-enabled] GuardDuty Not Enabled (@dhiyaneshdk) [info]
[malware-protection-disabled] GuardDuty Malware Protection - Disabled (@dhiyaneshdk) [info]
[s3-protection-disabled] GuardDuty S3 Protection - Disabled (@dhiyaneshdk) [medium]
[inspector2-disabled] Amazon Inspector 2 - Disabled (@dhiyaneshdk) [info]
[rds-auto-minor-upgrade-disabled] RDS Auto Minor Version Upgrade - Disabled (@dhiyaneshdk) [medium]
[rds-automated-backup-disabled] RDS Automated Backups - Disabled (@dhiyaneshdk) [high]
[rds-backtrack-disabled] AWS RDS Backtrack - Disabled (@dhiyaneshdk) [low]
[rds-cluster-protection-disabled] RDS Cluster Deletion Protection - Disabled (@dhiyaneshdk) [medium]
[rds-copy-snap] RDS Copy Tags to Snapshots - Disabled (@dhiyaneshdk) [low]
[rds-insights-disabled] RDS Performance Insights - Disabled (@dhiyaneshdk) [low]
[rds-instance-autoscaling-disabled] RDS Instance Storage AutoScaling - Disabled (@dhiyaneshdk) [medium]
[rds-log-export-disabled] RDS Log Exports - Disabled (@dhiyaneshdk) [low]
[rds-multi-az] RDS Multi-AZ - Disabled (@dhiyaneshdk) [medium]
[rds-public-access] RDS Publicly Accessible - Enabled (@dhiyaneshdk) [high]
[route53-dns-query-disabled] DNS Query Logging for Route 53 Hosted Zones - Disabled (@dhiyaneshdk) [medium]
[route53-dnssec-signing-disabled] DNSSEC Signing for Route 53 Hosted Zones - Disabled (@dhiyaneshdk) [medium]
[CNVD-2024-38747] Zhejiang Dahua Smart Cloud Gateway Registration Platform - SQL Injection (@s4e-io) [high]
[doris-default-login] Apache Doris - Default Login (@icarot) [high]
[sato-default-login] Sato - Default Login (@y0no) [high]
[zebra-default-login] Zebra - Default Login (@y0no) [high]
[...

Contributors

gumgum, kim, and 25 other contributors

Assets 3

14 Oct 14:33

princechaddha

v10.0.2

56fb702

v10.0.2

What's Changed

🔥 Release Highlights 🔥

[CVE-2024-45409] GitLab - SAML Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-43917] TI WooCommerce Wishlist Plugin <= 2.8.2 - SQLi (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-38816] WebMvc.fn/WebFlux.fn - Path Traversal (@pussycat0x) [high] 🔥
[CVE-2024-9465] Palo Alto Expedition - SQL Injection (@dhiyaneshdk) [high] 🔥
[CVE-2024-9463] PaloAlto Networks Expedition - Remote Code Execution (@princechaddha) [critical] 🔥
[CVE-2024-7354] Ninja Forms 3.8.6-3.8.10 - Cross-Site Scripting (@ritikchaddha) [medium] 🔥
[CVE-2024-5488] SEOPress < 7.9 - Authentication Bypass (@pdresearch, @iamnoooob, @rootxharsh) [critical] 🔥
[CVE-2021-25094] Wordpress Tatsubuilder <= 3.3.11 - RCE (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥

Bug Fixes

Resolved parsing issue in WordPress-WP-Mail-Logging template. (Issue #10908)

False Negatives

Improved detection in WordPress detection. (Issue #10463)
Enhanced detection in Adminer Panel. (Issue #10797)

False Positives

Corrected false positives for CVE-2018-11784. (PR #10916)
Fixed false positives for CVE-2021-29484. (PR #10880)
Addressed false positives for CVE-2024-34982. (PR #10879)
Resolved false positives in Fumengyun-SQLi. (PR #10886)

Enhancements

Improved SQL injection template for error-based scenarios. (PR #10996)
Updated CVE-2024-9465 for better accuracy. (PR #10986)
Enhanced XSS detection in Ninja-Forms. (PR #10974)
Updated Fumengyun-SQLi for better detection. (PR #10960)
Enhanced management of CVE-2024-7354. (PR #10925)
Ensured accurate detection in WordPress update. (PR #10915)
Refactored Strapi template for efficiency. (PR #10887)
Updated CONTRIBUTING.md to enhance contributions. (PR #10890)

Template Updates

New Templates Added: `68` | CVEs Added: `30` | First-time contributions: `5`

[CVE-2024-46627] DATAGERRY - REST API Auth Bypass (@gy741) [critical]
[CVE-2024-45440] Drupal 11.x-dev - Full Path Disclosure (@dhiyaneshdk) [medium]
[CVE-2024-45409] GitLab - SAML Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-43917] TI WooCommerce Wishlist Plugin <= 2.8.2 - SQLi (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-43160] BerqWP <= 1.7.6 - Arbitrary File Uplaod (@s4e-io) [critical]
[CVE-2024-38816] WebMvc.fn/WebFlux.fn - Path Traversal (@pussycat0x) [high] 🔥
[CVE-2024-35627] TileServer API - Cross Site Scripting (@dhiyaneshdk) [medium]
[CVE-2024-32964] Lobe Chat <= v0.150.5 - Server-Side Request Forgery (@s4e-io) [critical]
[CVE-2024-9465] Palo Alto Expedition - SQL Injection (@dhiyaneshdk) [high] 🔥
[CVE-2024-9463] PaloAlto Networks Expedition - Remote Code Execution (@princechaddha) [critical] 🔥
[CVE-2024-8877] Riello Netman 204 - SQL Injection (@s4e-io) [critical]
[CVE-2024-8021] Gradio - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2024-7854] Woo Inquiry <= 0.1 - SQL Injection (@s4e-io) [critical]
[CVE-2024-7714] AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls (@s4e-io) [medium]
[CVE-2024-7354] Ninja Forms 3.8.6-3.8.10 - Cross-Site Scripting (@ritikchaddha) [medium] 🔥
[CVE-2024-6517] Contact Form 7 Math Captcha <= 2.0.1 - Cross-site Scripting (@s4e-io) [medium]
[CVE-2024-5488] SEOPress < 7.9 - Authentication Bypass (@pdresearch, @iamnoooob, @rootxharsh) [critical] 🔥
[CVE-2024-4940] Gradio - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2024-4340] sqlparse - Denial of Service (@KoYejune0302, @cheoljun99, @sim4110, @gy741) [high]
[CVE-2024-3753] Hostel < 1.1.5.3 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2024-3234] Chuanhu Chat - Directory Traversal (@dhiyaneshdk) [critical]
[CVE-2023-47105] Chaosblade < 1.7.4 - Remote Code Execution (@s4e-io) [high]
[CVE-2023-39007] OPNsense - Cross-Site Scripting to RCE (@ritikchaddha) [critical]
[CVE-2023-27641] L-Soft LISTSERV 16.5 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-4151] Store Locator WordPress < 1.4.13 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-0676] phpIPAM 1.5.1 - Cross-site Scripting (@ritikchaddha) [medium]
[CVE-2021-40272] IRTS OP5 Monitor - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2021-25094] Wordpress Tatsubuilder <= 3.3.11 - RCE (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2019-19411] Huawei Firewall - Local File Inclusion (@taielab) [low]
[CVE-2017-5871] Odoo <= 8.0-20160726 & 9.0 - Open Redirect (@1337rokudenashi) [medium]
[datagerry-default-login] Datagerry - Default Login (@gy741) [high]
[netdisco-default-login] Netdisco Admin - Default Login (@ritikchaddha) [critical]
[dockwatch-panel] Dockwatch Panel - Detect (@s4e-io) [info]
[enablix-panel] Enablix Panel - Detect (@dhiyaneshdk) [info]
[gitlab-explore] GitLab Instance Explore - Detect (@sujal Tuladhar) [info]
[gitlab-saml] Gitlab SAML - Detection (@rootxharsh, @iamnoooob, @pdresearch) [info]
[loxone-web-panel] Loxone WebInterface Panel - Detect (@dhiyaneshdk) [info]
[m-bus-panel] M-Bus Converter Web Interface - Detect (@dhiyaneshdk) [info]
[macos-server-panel] macOS Server Panel - Detect (@dhiyaneshdk) [info]
[riello-netman204-panel] Riello UPS NetMan 204 Panel - Detect (@s4e-io) [info]
[rstudio-panel] RStudio Sign In Panel - Detect (@dhiyaneshdk) [info]
[saia-pcd-panel] Saia PCD Web Server Panel - Detect (@dhiyaneshdk) [info]
[workspace-one-uem-ssp] VMware Workspace ONE UEM Airwatch Self-Service Portal - Detect (@KoratSec) [info]
[action-controller-exception] Action Controller Exception - Page (@dhiyaneshdk) [info]
[delphi-mvc-exception] Delphi MVC Exception - Page (@dhiyaneshdk) [info]
[expression-engine-exception] ExpressionEngine Exception - Page (@dhiyaneshdk) [info]
[lua-runtime-error] LUA Runtime Error - Page (@dhiyaneshdk) [info]
[mako-runtime-error] Mako Runtime Error - Page (@dhiyaneshdk) [info]
[microsoft-runtime-error] Microsoft Runtime Error Page (@dhiyaneshdk) [info]
[mongodb-exception-page] MongoDB Exception - Page (@dhiyaneshdk) [info]
[sap-logon-error-message] SAP Logon Error Message (@dhiyaneshdk) [info]
[twig-runtime-error] Twig Runtime Error - Page (@dhiyaneshdk) [info]
[seized-site] Seized Site (@rxerium) [info]
[ariang-debug-console] AriaNg Debug Console - Exposure (@dhiyaneshdk) [medium]
[aspnetcore-dev-env] ASP.NET Core Development Environment - Exposure (@Mys7ic) [info]
[netdisco-unauth] Netdisco - Unauth Access (@ritikchaddha) [critical]
[arcgis-detect] ArcGIS - Detect (@righettod) [info]
[dizquetv-detect] dizqueTV - Detect (@s4e-io) [info]
[ivanti-epm-detect] Ivanti Endpoint Manager (EPM) - Detect (@rxerium) [info]
[default-azure-function-app] Azure Function App - Default Page (@dhiyaneshdk) [info]
[vertigis-detect] VertiGIS - Detect (@righettod) [info]
[wiki-js-detect] Wiki.js - Detect (@righettod) [info]
[windows-communication-foundation-detect] Windows Communication Foundation - Detect (@r3naissance) [info]
[api-delighted] Delighted API Test (@0xPugal) [info]
[api-intigriti-researcher] Intigriti-Researcher API Test (@0xPugal) [info]
[api-telegram] Telegram API Test (@0xPugal) [info]
[retool-svg-xss] Retool < 3.88 - SVG Cross-Site Scripting (@iamnoooob, @iamnoooob, @pdresearch) [high]
[ninja-forms-xss] Ninja Forms < 3.5.5 - Cross-Site Scripting (@ritikchaddha) [medium]

New Contributors

@stvnhrlnd made their first contribution in #10878
@KoratSec made their first contribution in #10937
@ShaneIan made their first contribution in #10518
@evilgensec made their first contribution in #10911
@aviadavi made their first contribution in #10949

Full Changelog: v10.0.1...v10.0.2

Contributors

sujal, righettod, and 23 other contributors

Assets 3

30 Sep 15:25

princechaddha

v10.0.1

29edb66

v10.0.1

What's Changed

🔥 Release Highlights 🔥

[CVE-2024-47176] CUPS - Remote Code Execution (@princechaddha) [high] 🔥
[CVE-2024-47062] Navidrome < 0.53.0 - Authenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-46986] Camaleon CMS < 2.8.1 Arbitrary File Write to RCE (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-45519] Zimbra Collaboration Suite <9.0.0 - RCE (@pdresearch, @iamnoooob, @parthmalhotra, @Ice3man543) [critical] 🔥
[CVE-2024-45507] Apache OFBiz - Remote Code Execution (@CHYbeta, @Iamnooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-44000] LiteSpeed Cache <= 6.4.1 - Sensitive Information Exposure (@s4e-io) [high] 🔥
[CVE-2024-38473] Apache HTTP Server - ACL Bypass (@pdteam) [high] 🔥
[CVE-2024-30188] Apache DolphinScheduler >= 3.1.0, < 3.2.2 File Read/Write (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-28397] pyload-ng js2py - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [medium] 🔥
[CVE-2024-9014] pgAdmin 4 - Authentication Bypass (@s4e-io) [critical] 🔥
[CVE-2024-8522] LearnPress – WordPress LMS - SQL Injection (@pdresearch, @iamnoooob, @rootxharsh) [critical] 🔥
[CVE-2024-8503] VICIdial - SQL Injection (@s4e-io) [critical] 🔥
[CVE-2024-5276] Fortra FileCatalyst Workflow <= v5.1.6 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2023-43654] PyTorch TorchServe SSRF (@dhiyaneshdk) [critical] 🔥
[CVE-2023-27584] Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2019-0232] Apache Tomcat CGIServlet enableCmdLineArguments - Remote Code Execution (@dhiyaneshdk) [high] 🔥

Bug Fixes

Resolved unresolved variables found: FQDN (#10349).

False Negatives

Improve detection and reduce false negatives for CVE-2024-47176 (Issue #10864).

False Positives

Fixed false positive for CVE-2021-33044 (#10863).
Removed CVE-2023-35489 due to false positives (Issue #10800).
Update to fix false positives in CVE-2024-41667.yaml (#10751).
Resolved false positive in CVE-2024-41667.yaml (#10749).

Enhancements

Added regex extractor for user-agent of HTTP request to identify vulnerable devices in CVE-2024-47176.yaml (#10864).
Updated severity in apple-cups-exposure.yaml (#10857).
Severity update for jwk-json-leak.yaml (#10840).
Added nacos configuration leak detection (#10825).
Refactored the "git-repository-browser" template (#10801).
Moved http/cves/CVE-2024-45507.yaml to http/cves/2024/CVE-2024-45507.yaml (#10785).
Refactored the "kubelet-metrics" template (#10765).
Refactored the "GITEA" template (#10752).
Optimized templates due to Nuclei changes and added new templates (Issue #10285).
Deleted http/fuzzing/valid-gmail-check.yaml as the Gmail API is no longer active (#10865).

Template Updates

New Templates Added: `86` | CVEs Added: `41` | First-time contributions: `2`

[CVE-2024-47176] CUPS - Remote Code Execution (@princechaddha) [high] 🔥
[CVE-2024-47062] Navidrome < 0.53.0 - Authenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-46986] Camaleon CMS < 2.8.1 Arbitrary File Write to RCE (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-45622] ASIS - SQL Injection Authentication Bypass (@s4e-io) [critical]
[CVE-2024-45519] Zimbra Collaboration Suite <9.0.0 - RCE (@pdresearch, @iamnoooob, @parthmalhotra, @Ice3man543) [critical] 🔥
[CVE-2024-45507] Apache OFBiz - Remote Code Execution (@CHYbeta, @Iamnooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-44000] LiteSpeed Cache <= 6.4.1 - Sensitive Information Exposure (@s4e-io) [high] 🔥
[CVE-2024-41810] Twisted - Open Redirect & XSS (@KoYejune0302, @cheoljun99, @sim4110, @gy741) [medium]
[CVE-2024-38473] Apache HTTP Server - ACL Bypass (@pdteam) [high] 🔥
[CVE-2024-36683] PrestaShop productsalert - SQL Injection (@mastercho) [critical]
[CVE-2024-30269] DataEase <= 2.4.1 - Sensitive Information Exposure (@s4e-io) [medium]
[CVE-2024-30188] Apache DolphinScheduler >= 3.1.0, < 3.2.2 File Read/Write (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-28397] pyload-ng js2py - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [medium] 🔥
[CVE-2024-22207] Fastify Swagger-UI - Information Disclosure (@dhiyaneshdk, @iamnoooob) [medium]
[CVE-2024-9014] pgAdmin 4 - Authentication Bypass (@s4e-io) [critical] 🔥
[CVE-2024-8883] Keycloak - Open Redirect (@iamnoooob, @rootxharsh, @pdresearch) [medium]
[CVE-2024-8752] WebIQ 2.15.9 - Directory Traversal (@s4e-io) [high]
[CVE-2024-8522] LearnPress – WordPress LMS - SQL Injection (@pdresearch, @iamnoooob, @rootxharsh) [critical] 🔥
[CVE-2024-8503] VICIdial - SQL Injection (@s4e-io) [critical] 🔥
[CVE-2024-8484] REST API TO MiniProgram <= 4.7.1 - SQL Injection (@s4e-io) [high]
[CVE-2024-6845] SmartSearchWP < 2.4.6 - OpenAI Key Disclosure (@s4e-io) [medium]
[CVE-2024-5276] Fortra FileCatalyst Workflow <= v5.1.6 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-3673] Web Directory Free < 1.7.3 - Local File Inclusion (@s4e-io) [critical]
[CVE-2023-47253] Qualitor <= 8.20 - Remote Code Execution (@s4e-io) [critical]
[CVE-2023-43654] PyTorch TorchServe SSRF (@dhiyaneshdk) [critical] 🔥
[CVE-2023-39650] PrestaShop Theme Volty CMS Blog - SQL Injection (@mastercho) [critical]
[CVE-2023-39024] Harman Media Suite <= 4.2.0 - Local File Disclosure (@s4e-io) [high]
[CVE-2023-38192] SuperWebMailer 9.00.0.01710 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-27847] PrestaShop xipblog - SQL Injection (@mastercho) [critical]
[CVE-2023-27584] Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2023-6568] Mlflow - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-6275] TOTVS Fluig Platform - Cross-Site Scripting (@s4e-io) [medium]
[CVE-2023-3578] DedeCMS 5.7.109 - Server-Side Request Forgery (@ritikchaddha) [critical]
[CVE-2023-3188] Owncast - Server Side Request Forgery (@dhiyaneshdk) [medium]
[CVE-2022-24637] Open Web Analytics 1.7.3 - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2020-11441] phpMyAdmin 5.0.2 - CRLF Injection (@ritikchaddha) [medium]
[CVE-2019-6793] GitLab Enterprise Edition - Server-Side Request Forgery (@ritikchaddha) [high]
[CVE-2019-0232] Apache Tomcat CGIServlet enableCmdLineArguments - Remote Code Execution (@dhiyaneshdk) [high] 🔥
[CVE-2017-3133] Fortinet FortiOS < 5.6.0 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2017-3132] Fortinet FortiOS < 5.6.0 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2017-3131] FortiOS 5.4.0 to 5.6.0 - Cross-Site Scripting (@ritikchaddha) [medium]
[bonita-default-login] Bonita - Default Login (@dhiyaneshdk) [high]
[camaleon-default-login] Camaleon CMS - Default Login (@dhiyaneshdk) [high]
[canon-c3325-default-login] Canon R-ADV C3325 - Default-Login (@ritikchaddha) [high]
[dragonfly-default-login] Dragonfly - Default Login (@dhiyaneshdk) [high]
[filegator-default-login] Filegator - Default-Login (@ritikchaddha) [high]
[nginx-proxy-manager-default-login] Nginx Proxy Manager - Default Login (@barttran2000) [high]
[pcoweb-default-login] pCOWeb - Default-Login (@ritikchaddha) [high]
[topaccess-default-login] Toshiba TopAccess - Default-Login (@ritikchaddha) [high]
[tplink-r470t-default-login] TP-LINK Router R470T - Default-Login (@ritikchaddha) [high]
[tplink-wR940n-default-login] TP-Link Wireless N Router WR940N - Default-Login (@ritikchaddha) [high]
[bonita-portal-panel] Bonita Portal Login - Detect (@dhiyaneshdk) [info]
[camaleon-panel] Camaleon CMS Login - Panel (@dhiyaneshdk) [info]
[canon-iradv-c3325] Canon iR-ADV C3325 Panel - Detect (@ritikchaddha) [info]
[cgit-panel] CGIT - Detect (@tess, @righettod) [info]
[docuware-panel] DocuWare - Detect (@righettod) [info]
[dragonfly-panel] DragonFly Login - Panel (@dhiyaneshdk) [info]
[filecatalyst-panel] FileCatalyst File Transfer Solution - Detect (@dhiyaneshdk) [info]
[filegator-panel] FileGator Panel - Detect (@ritikchaddha) [info]
[ivanti-csa-panel] Ivanti(R) Cloud Services Appliance - Panel (@rxerium) [info]
[maestro-listserv-panel] Maestro LISTSERV - Detect (@righettod) [info]
[open-web-analytics-panel] Open Web Analytics Login - Detect (@dhiyaneshdk) [info]
[pcoweb-panel] pCOWeb Panel - Detect (@ritikchaddha) [info]
[qualitor-itsm-panel] Qualitor ITSM - Detect (@johnk3r) [info]
[topaccess-panel] Toshiba TopAccess Panel - Detect (@ritikchaddha) [info]
[tplink-r470t-panel] TP-LINK Router R470T - Detect (@ritikchaddha) [info]
[canon-c3325-unauth] Canon R-ADV C3325 - Unauth (@ritikchaddha) [high]
[dragonfly-public-signup] DragonFly Public - Signup Enabled (@dhiyaneshdk) [high]
[navidrome-admin-install] Navidrome Admin User Creation (@dhiyaneshdk) [critical]
[open-web-analytics-installer] Open Web Analytics Installer - Exposure (@dhiyaneshdk) [high]
[pcoweb-unauth] pCOWeb - Unauth (@ritikchaddha) [high]
[cups-detect] CUPS - Detect (@rxerium) [info]
[domibus-detect] Domibus - Detect (@righettod) [info]
[hugegraph-detect] HugeGraph - Detect (@rxerium) [info]
[lobechat-detect] LobeChat - Detect (@s4e-io) [info]
[torchserve-detect] TorchServe API Description - Detect (@dhiyaneshdk) [info]
[wordpress-extendify] Extendify Detection (@ricardomaia) [info]
[wordpress-wp-mail-logging] WP Mail Logging Detection (@ricardomaia) [info]
[fumengyun-sqli] Fumeng - SQL Injection (@ritikchaddha) [critical]
[motic-dsm-arbitrary-file-read] MoticDSM - Arbitrary File Read (@s4e-io) [high]
[nacos-info-leak] Nacos - Information Disclosure (@s4e-io) [high]
[netpower-npfw-lfi] Netpower NPFW - Local File Inclusion (@ritikchaddha) [high]
[newcapec-rce] Newcap...

Contributors

ricardomaia, righettod, and 21 other contributors

Assets 3

Releases: projectdiscovery/nuclei-templates

v10.1.6

What's Changed

🔥 Release Highlights 🔥

False Negatives

False Positives

Enhancements

Bug Fixes

Template Updates

New Templates Added: 78 | CVEs Added: 45 | First-time contributions: 8

New Contributors

Contributors

CSP Bypass Templates - Nuclei Templates v10.1.5 🎉

🔥 Release Highlights 🔥

Other Highlights

What's Changed

New Templates Added: 281 | CVEs Added: 23 | First-time contributions: 4

Contributors

v10.1.3

What's Changed

🔥 Release Highlights 🔥

False Negatives

False Positives

Enhancements

Bug Fixes

Template Updates

New Templates Added: 52 | CVEs Added: 25 | First-time contributions: 11

New Contributors

Contributors

v10.1.2

What's Changed

🔥 Release Highlights 🔥

Bug Fixes

False Negatives

False Positives

Enhancements

Template Updates

New Templates Added: 52 | CVEs Added: 23 | First-time contributions: 14

New Contributors

Contributors

Alibaba Cloud Config Review - Nuclei Templates v10.1.1 🎉

🔥 Release Highlights 🔥

Other Highlights

What's Changed

New Templates Added: 154 | CVEs Added: 31 | First-time contributions: 4

Contributors

Windows Security Hardening and Auditing - Nuclei Templates v10.1.0 🎉

🔥 Release Highlights 🔥

Other Highlights

What's Changed

New Templates Added: 110 | CVEs Added: 23 | First-time contributions: 5

Contributors

v10.0.4

What's Changed

🔥 Release Highlights 🔥

Bug Fixes

False Negatives

False Positives

Enhancements

Template Updates

New Templates Added: 74 | CVEs Added: 26 | First-time contributions: 7

New Contributors

Contributors

v10.0.3

What's Changed

🔥 Release Highlights 🔥

Bug Fixes

False Negatives

False Positives

Enhancements

Template Updates

New Templates Added: 116 | CVEs Added: 52 | First-time contributions: 7

Contributors

v10.0.2

What's Changed

🔥 Release Highlights 🔥

Bug Fixes

False Negatives

False Positives

Enhancements

New Templates Added: `78` | CVEs Added: `45` | First-time contributions: `8`

New Templates Added: `281` | CVEs Added: `23` | First-time contributions: `4`

New Templates Added: `52` | CVEs Added: `25` | First-time contributions: `11`

New Templates Added: `52` | CVEs Added: `23` | First-time contributions: `14`

New Templates Added: `154` | CVEs Added: `31` | First-time contributions: `4`

New Templates Added: `110` | CVEs Added: `23` | First-time contributions: `5`

New Templates Added: `74` | CVEs Added: `26` | First-time contributions: `7`

New Templates Added: `116` | CVEs Added: `52` | First-time contributions: `7`

New Templates Added: `68` | CVEs Added: `30` | First-time contributions: `5`

New Templates Added: `86` | CVEs Added: `41` | First-time contributions: `2`