projectdiscovery/nuclei-templates v10.1.3

on GitHub

What's Changed

🔥 Release Highlights 🔥

• [CVE-2025-0108] PAN-OS Management Interface - Path Confusion to Auth Bypass (@halencarjunior, @ritikchaddha) [critical] 🔥
• [CVE-2024-55415] DevDojo Voyager <=1.8.0 - Arbitrary File Read (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
• [CVE-2024-53704] SSL VPN Session Hijacking (@johnk3r) [critical] 🔥
• [CVE-2024-46507] Yeti Platform < 2.1.12 - Server-Side Template Injection RCE (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
• [CVE-2024-27115] SOPlanning - Remote Code Execution (@soonghee2@ajou.ac.kr) [high] 🔥
• [CVE-2024-24759] MindsDB - DNS Rebinding SSRF Protection Bypass (@lee Changhyun(eeche)) [high] 🔥
• [CVE-2024-5082] Nexus Repository 2 - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
• [CVE-2022-25226] ThinVNC - Authentication Bypass (@ritikchaddha) [critical] 🔥

False Negatives

• [FALSE-NEGATIVE] wp-user-enum.yaml #11533
  Fix FN wp-user-enum.yaml #11556

False Positives

• [FALSE-POSITIVE] CVE-2024-4439 #11496
• [FALSE-POSITIVE] http/technologies/ivanti-epm-detect.yaml #11483
• [FALSE-POSITIVE] Next.js - Cache Poisoning - Headers #11473
• Fixed FP in CVE-2022-2535.yaml #11510
• Fixed Flase Positive | Next.js - Cache Poisoning - Headers #11532

Enhancements

• Update CVE-2023-26360.yaml #11524
• Update Duplicate id #11530
• Update prestashop-cartabandonmentpro-file-upload.yaml (Added Additional Path) #11573
• fix(apache): make reference links correct #11604
• Add new title support for jenkins-openuser-register.yaml #11606
• Update siteminder-dom-xss.yaml #11613
• Update CVE-2020-11710.yaml #11619
• Update fingerprinthub-web-fingerprints.yaml #11622
• Disabling redirects for mixed-active-content template #11628
• Refactor the "NETDATA" template. #11629

Bug Fixes

• NA

Template Updates

New Templates Added: 52 | CVEs Added: 25 | First-time contributions: 11

• [CVE-2025-24963] Vitest Browser Mode - Local File Read (@iamnoooob, @rootxharsh, @pdresearch) [medium]
• [CVE-2025-1035] KLog Server - Path Traversal (@s4e-io) [medium]
• [CVE-2025-0108] PAN-OS Management Interface - Path Confusion to Authentication Bypass (@halencarjunior, @ritikchaddha) [critical] 🔥
• [CVE-2024-57514] TP-Link Archer A20 v3 Router - Cross-site Scripting (@s4e-io) [medium]
• [CVE-2024-55417] DevDojo Voyager <= 1.8.0 - Arbitrary File Write vulnerability (@iamnoooob, @rootxharsh, @pdresearch) [high]
• [CVE-2024-55416] DevDojo Voyager <=1.8.0 - Cross-Site Scripting (@iamnoooob, @rootxharsh, @pdresearch) [low]
• [CVE-2024-55415] DevDojo Voyager <=1.8.0 - Arbitrary File Read (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
• [CVE-2024-53704] SSL VPN Session Hijacking (@johnk3r) [critical] 🔥
• [CVE-2024-50967] DATAGERRY - Improper Access Control (@s4e-io, @0xByteHunter) [high]
• [CVE-2024-48766] NetAlert X - Arbitary File Read (@s4e-io) [critical]
• [CVE-2024-46507] Yeti Platform < 2.1.12 - Server-Side Template Injection to RCE (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
• [CVE-2024-45591] XWiki Platform - Unauthorized Document History Access (@pd-bot) [medium]
• [CVE-2024-27115] SOPlanning - Remote Code Execution (@soonghee2@ajou.ac.kr) [high] 🔥
• [CVE-2024-24759] MindsDB - DNS Rebinding SSRF Protection Bypass (@lee Changhyun(eeche)) [high] 🔥
• [CVE-2024-13726] Themes Coder Ecommerce <= 1.3.4 - SQL Injection (@s4e-io) [high]
• [CVE-2024-12760] BentoML v1.3.9 - Open Redirect (@dhiyaneshdk) [medium]
• [CVE-2024-11044] Stable Diffusion Webui 1.10.0 - Open Redirect (@dhiyaneshdk) [medium]
• [CVE-2024-10908] FastChat - Open Redirect (@dhiyaneshdk) [medium]
• [CVE-2024-10812] GPT Academic v1.3.9 - Open Redirect (@dhiyaneshdk) [medium]
• [CVE-2024-6886] Gitea 1.22.0 - Cross-Site Scripting (@soonghee2) [medium]
• [CVE-2024-5082] Nexus Repository 2 - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
• [CVE-2022-26271] 74cmsSE v3.4.1 - Arbitrary File Read (@ritikchaddha) [high]
• [CVE-2022-25226] ThinVNC - Authentication Bypass (@ritikchaddha) [critical] 🔥
• [CVE-2022-3766] phpMyFAQ < 3.1.8 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2021-45793] Slims9 Bulian 9.4.2 - SQL Injection (@nblirwn) [high]
• [shopify-shared-secret-key] Shopify Shared Secret (@gaurang) [high]
• [devdojo-voyager-default-login] DevDojo Voyager - Default login (@iamnoooob, @rootxharsh, @pdresearch) [high]
• [datagerry-panel] Datagerry Panel - Detect (@s4e-io) [info]
• [dify-panel] Dify Panel - Detect (@s4e-io) [info]
• [klog-server-panel] Klog Server Panel - Detect (@s4e-io) [info]
• [netalertx-panel] NetAlert X Panel - Detect (@s4e-io) [info]
• [opentext-contentserver-panel] OpenText Content Server Login Panel - Detect (@righettod) [info]
• [reposilite-panel] Reposilite Login Panel - Detect (@righettod) [info]
• [supertokens-login-panel] Supertokens Login Panel - Detect (@rxerium) [info]
• [tenemos-t24-panel] Tenemos T24 Login Panel - Detect (@righettod) [info]
• [veracore-panel] Veracore Login - Detect (@rxerium) [info]
• [secrets-patterns-rules] Secrets Patterns (Rules) (@dwisiswant0) [info]
• [casdoor-unauth-operations] Casdoor <=v1.811.0 - Unauthenticated SCIM Operations (@iamnoooob, @rootxharsh, @pdresearch) [critical]
• [netalertx-dashboard] NetAlert X Admin Dashboard - Exposed (@s4e-io) [medium]
• [attu-detect] Attu - Detect (@s4e-io) [info]
• [caobox-cms-detect] Caobox CMS - Detect (@chirag Mistry) [info]
• [frappe-framework-detect] Frappe Framework - Detect (@righettod) [info]
• [ivanti-endpoint-manager] Ivanti Endpoint Manager - Detect (@ritikchaddha) [info]
• [jway-products-detect] JWay Products - Detect (@righettod) [info]
• [powerbi-report-server-detect] PowerBI Report Server - Detect (@righettod) [info]
• [milvus-detect] Milvus - Detect (@s4e-io) [info]
• [nextchat-detect] NextChat - Detect (@s4e-io) [info]
• [sekolahku-cms-detect] Sekolahku CMS - Detect (@nblirwn) [info]
• [slims-cms-detect] Slims CMS - Detect (@nblirwn) [info]
• [netgear-dgn-rce] Netgear DGN Devices - Command Execution (@3th1c_yuk1) [critical]
• [slims-8-akasia-xss] Senayan Library Management System v8.3.1 (Akasia) - Cross-Site Scripting (@nblirwn) [medium]
• [slims-9-xss-index] Senayan Library Management System v9.5.2 (Bulian) - Cross-Site Scripting (@nblirwn) [medium]

New Contributors

• @Sechunt3r made their first contribution in #11531
• @mistry4592 made their first contribution in #11516
• @nblirwn made their first contribution in #11550
• @VulnScout-Chris made their first contribution in #11570
• @missing0x00 made their first contribution in #11577
• @babariviere made their first contribution in #11604
• @kee-reel made their first contribution in #11606
• @halil-s4e made their first contribution in #11633
• @domwhewell-sage made their first contribution in #11619
• @mpatil-netspi made their first contribution in #11613
• @halencarjunior made their first contribution in #11623

Full Changelog: v10.1.2...v10.1.3