projectdiscovery/nuclei-templates v10.2.5

Nuclei Templates v10.2.5 - Release Notes

on GitHub

New Templates Added: 75 | CVEs Added: 22 | First-time contributions: 5

🔥 Release Highlights 🔥

• [CVE-2025-48827] vBulletin 5.0.0-6.0.3 - Authentication Bypass (@pszyszkowski) [critical] 🔥
• [CVE-2025-47812] Wing FTP Server <= 7.4.3 - Remote Code Execution (@rcesecurity, @4m3rr0r) [critical] (kev) 🔥
• [CVE-2025-5777] Citrix NetScaler Memory Disclosure - CitrixBleed 2 (@watchtowr, @dhiyaneshdk, @darses) [critical] (kev) 🔥
• [CVE-2025-4380] Ads Pro Plugin <= 4.89 - Local File Inclusion (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2025-2010] WordPress JobWP Plugin <= 2.3.9 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2024-42475] Fortinet SSL-VPN - Heap-Based Buffer Overflow (@0xhaggis, @pszyszkowski) [critical] 🔥
• [CVE-2020-9548] FasterXML Jackson Databind <=2.9.10.4 - Remote Code Execution (@tomaquet18) [critical] 🔥
• [CVE-2020-9547] FasterXML jackson-databind - Deserialization Remote Code Execution (@Pranjalnegi) [critical] 🔥

What's Changed

💰 Bounties Rewarded 💰

• CVE-2025-48827 - vBulletin - Authentication Bypass 💰 #12506
• CVE-2020-9547 - FasterXML jackson-databind 💰 #12488
• CVE-2020-9548 - CVE-2020-9548 💰 #12484
• CVE-2020-0646 - Microsoft .NET Framework - Remote Code Execution 💰 #12210
• CVE-2020-12641 - Roundcube Webmail - Command Injection 💰 #12153

False Negatives

• Fixed CVE-2023-5561 false negatives (#12187)

Templates Added

• [CVE-2025-53624] Docusaurus Gists Plugin < 4.0.0 - GitHub Personal Access Token Exposure (@darses) [high]
• [CVE-2025-52488] DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure (@assetnote, @dhiyaneshdk, @iamnoooob, @pdresearch) [high] 🔥
• [CVE-2025-49493] Akamai CloudTest < 60 2025.06.02 - XML External Entity (XXE) (@xbow, @3th1c_yuk1) [critical]
• [CVE-2025-48827] vBulletin 5.0.0-6.0.3 - Authentication Bypass (@pszyszkowski) [critical] 🔥
• [CVE-2025-47813] Wing FTP Server <= 7.4.3 - Path Disclosure via Overlong UID Cookie (@rcesecurity, @pdteam) [medium]
• [CVE-2025-47812] Wing FTP Server <= 7.4.3 - Remote Code Execution (@rcesecurity, @4m3rr0r) [critical] (kev) 🔥
• [CVE-2025-41646] RevPi Webstatus <= v2.4.5 - Authentication Bypass (@dhiyaneshdk) [critical]
• [CVE-2025-34040] Zhiyuan OA Platform - Arbitrary File Upload (@iamnoooob, @pdresearch) [critical]
• [CVE-2025-32815] NetMRI < 7.6.1 - Authentication Bypass via Hardcoded Credentials (@iamnoooob, @pdresearch) [medium]
• [CVE-2025-32814] NetMRI Unauthenticated SQL Injection via skipjackUsername (@iamnoooob, @pdresearch) [critical]
• [CVE-2025-32813] Infoblox NetMRI < 7.6.1 - Unauthenticated Command Injection in get_saml_request (@iamnoooob, @pdresearch) [high]
• [CVE-2025-27505] GeoServer - Missing Authorization on REST API Index (@securitytaters) [medium]
• [CVE-2025-6216] Allegra - Authentication Bypass via Predictable Password Reset Token (@iamnoooob, @pdresearch) [critical]
• [CVE-2025-5777] Citrix NetScaler Memory Disclosure - CitrixBleed 2 (@watchtowr, @dhiyaneshdk, @darses) [critical] (kev) 🔥
• [CVE-2025-4380] Ads Pro Plugin <= 4.89 - Local File Inclusion (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2025-2010] WordPress JobWP Plugin <= 2.3.9 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2024-50334] Scoold < 1.64.0 - Authentication Bypass (@xbow, @iamnoooob, @pdresearch) [medium]
• [CVE-2024-42475] Fortinet SSL-VPN - Heap-Based Buffer Overflow (@0xhaggis, @pszyszkowski) [critical] 🔥
• [CVE-2023-49230] Peplink Balance Two before 8.4.0 - Unauthenticated Config Upload (@Srilakivarma) [high]
• [CVE-2022-23397] Cedar Gate EZ-NET <= 6.8.0 - Cross-Site Scripting (@Srilakivarma) [medium]
• [CVE-2020-9548] FasterXML Jackson Databind <=2.9.10.4 - Remote Code Execution (@tomaquet18) [critical] 🔥
• [CVE-2020-9547] FasterXML jackson-databind - Deserialization Remote Code Execution (@Pranjalnegi) [critical] 🔥
• [account-lockout-threshold] Account Lockout Threshold Check (@nukunga[SungHyunJeon]) [medium]
• [admin-account-rename] Administrator Account Rename Check (@nukunga[SungHyunJeon]) [medium]
• [admin-group-minimal] Minimum Administrator Group Membership Check (@nukunga[SungHyunJeon]) [medium]
• [autologon-control] Autologon Function Control Check (@nukunga[SungHyunJeon]) [medium]
• [crash-on-audit-fail] Shutdown on Audit Failure Check (@nukunga[SungHyunJeon]) [medium]
• [dns-zone-transfer-check] DNS Zone Transfer Check (@nukunga[SungHyunJeon]) [medium]
• [ftp-access-control-check] FTP Access Control Check (@nukunga[SungHyunJeon]) [medium]
• [ftp-anonymous-check] Anonymous FTP Disabled Check (@nukunga[SungHyunJeon]) [medium]
• [ftp-directory-permission-check] FTP Directory Access Permission Check (@nukunga[SungHyunJeon]) [medium]
• [hard-disk-default-share] Hard Disk Default Share Removal Check (@nukunga[SungHyunJeon]) [medium]
• [password-cleartext-encryption] Store Passwords Using Reversible Encryption Check (@nukunga[SungHyunJeon]) [medium]
• [password-never-expires] Password Expiry Setting Check (@nukunga[SungHyunJeon]) [medium]
• [rds-removal-check] RDS Removal Check (@nukunga[SungHyunJeon]) [medium]
• [remote-registry-access-check] Remote Registry Service Disabled Check (@nukunga[SungHyunJeon]) [medium]
• [remote-system-shutdown] Remote System Forced Shutdown Privilege Check (@nukunga[SungHyunJeon]) [medium]
• [sam-file-access-control] SAM File Access Control Check (@nukunga[SungHyunJeon]) [medium]
• [service-pack-check] Latest Service Pack Check (@nukunga[SungHyunJeon]) [medium]
• [shutdown-without-logon] Shutdown Without Logon Check (@nukunga[SungHyunJeon]) [medium]
• [unnecessary-accounts-check] Unnecessary Accounts Detection (@nukunga[SungHyunJeon]) [medium]
• [unnecessary-service-check] Unnecessary Service Removal Check (@nukunga[SungHyunJeon]) [medium]
• [molgenis-default-login] Molgenis - Default Login (@ritikchaddha) [high]
• [cisco-cm-panel] Cisco Unified CM Console - Panel (@rxerium) [info]
• [cisco-prime-license-manager-panel] Cisco Prime License Manager - Detect (@rxerium) [info]
• [google-adk-api-exposed] Google ADK API Exposure (@princechaddha) [unknown]
• [google-adk-webui-exposed] Google ADK Development UI Exposure (@princechaddha) [unknown]
• [molgenis-panel] Molgenis Panel - Exposure (@matejsmycka) [info]
• [peplink-panel] Peplink Login Panel - Detect (@pussycat0x) [info]
• [wingftp-panel] Wing FTP Server Login Panel - Detect (@pdteam) [info]
• [torrent-magnet-detect] Torrent Magnet - Detect (@rxerium) [info]
• [dd-wrt-controlpanel-exposure] DD-WRT Control Panel - Exposure (@dhiyaneshdk) [low]
• [pritunl-installer] Pritunl - Installation (@dhiyaneshdk) [high]
• [twonky-server-exposure] Twonky Server - Exposure (@dhiyaneshdk) [high]
• [sessionize] Sessionize User Information - Detect (@rxerium) [info]
• [graphql-apiforwp-detect] Graphql apiforwp Detect (@princechaddha) [info]
• [graphql-apollo-detect] Graphql Apollo Detect (@princechaddha) [info]
• [graphql-ariadne-detect] Graphql Ariadne Detect (@princechaddha) [info]
• [graphql-dianajl-detect] Graphql Dianajl Detect (@princechaddha) [info]
• [graphql-flutter-detect] Graphql Flutter Detect (@princechaddha) [info]
• [graphql-go-detect] Graphql Go Detect (@princechaddha) [info]
• [graphql-gqlgen-detect] Graphql Gqlgen Detect (@princechaddha) [info]
• [graphql-graphene-detect] Graphql Graphene Detect (@princechaddha) [info]
• [graphql-hasura-detect] Graphql Hasura Detect (@princechaddha) [info]
• [graphql-hypergraphql-detect] Graphql Hypergraphql Detect (@princechaddha) [info]
• [graphql-java-detect] Graphql Java Detect (@princechaddha) [info]
• [graphql-juniper-detect] Graphql Juniper Detect (@princechaddha) [info]
• [graphql-php-detect] Graphql PHP Detect (@princechaddha) [info]
• [graphql-ruby-detect] Graphql Ruby Detect (@princechaddha) [info]
• [graphql-sangria-detect] Graphql Sangria Detect (@princechaddha) [info]
• [graphql-strawberry-detect] Graphql Strawberry Detect (@princechaddha) [info]
• [graphql-tartiflette-detect] Graphql Tartiflette Detect (@princechaddha) [info]
• [graphql-wpgraphql-detect] Graphql wpgraphql Detect (@princechaddha) [info]
• [infoblox-netmri-rails-cookie-rce] Infoblox NetMRI < 7.6.1 - Remote Code Execution via Hardcoded Ruby Cookie Secret Key (@iamnoooob, @pdresearch) [critical]
• [jdwp-detect] Java Debug Wire Protocol - Detect (@johnk3r) [info]

New Contributors

• @4m3rr0r made their first contribution in #12518
• @Teruya-Higashi made their first contribution in #12535
• @matejsmycka made their first contribution in #12538
• @Pranjal6955 made their first contribution in #12491
• @tomaquet18 made their first contribution in #12487

Full Changelog: v10.2.4...v10.2.5