projectdiscovery/nuclei-templates v10.2.6

Nuclei Templates v10.2.6 - Release Notes

on GitHub

New Templates Added: 41 | CVEs Added: 27 | First-time contributions: 4

🔥 Release Highlights 🔥

• [CVE-2025-53770] Microsoft SharePoint Server - Remote Code Execution (ToolShell) (@_l0gg, @SamIntruder, @sfewer-r7, @iamnoooob, @pdresearch) [critical] 🔥 (KEV)
• [CVE-2025-49029] WordPress Custom Login And Signup Widget Plugin <= 1.0 - Code Execution (@pussycat0x) [high] 🔥
• [CVE-2025-34077] WordPress Pie Register <= 3.7.1.4 - Authentication Bypass (@kylew1004) [critical] 🔥
• [CVE-2025-6970] WordPress Events Manager <= 7.0.3 - SQL Injection (@iamnoooob, @pdresearch) [critical] 🔥
• [CVE-2025-6851] WordPress Broken Link Notifier < 1.3.1 - Unauthenticated SSRF (@iamnoooob, @pdresearch) [high] 🔥
• [CVE-2024-58136] Yii2 PHP Framework < 2.0.52 - Remote Code Execution (@ritikchaddha) [critical] 🔥
• [CVE-2024-50477] WordPress Stacks Mobile App Builder <=5.2.3 - Authentication Bypass (@stealthcopter, @vijay-sutar) [critical] 🔥
• [CVE-2024-29198] GeoServer Demo Request Endpoint - Server Side Request Forgery (@iamnoooob, @pdresearch) [high] 🔥
• [CVE-2019-5544] VMware ESXi SLP - Heap Overflow DoS (@riteshs4hu) [critical] 🔥
• [CVE-2017-18349] Fastjson Insecure Deserialization - Remote Code Execution (@night) [critical] 🔥

What's Changed

💰 Bounties Rewarded 💰

• CVE-2019-7194 - QNAP Photo Station - Path Traversal 💰 (Issue #12254)

Bug Fixes

• Fixed mismatched SSL certificate for Microsoft Intune (Issue #12704)
• Fixed false-negative detection for CVE-2025-4427 (Issue #12663)
• Fixed false-negative in nacos-create-user.yaml (Issue #12683)
• Fixed false-positive in credit-card-number-detect (Issue #12667)
• Fixed false-positive in molgenis-default-login.yaml (Issue #12681)
• Fixed false-negative in oneinstack-control-center.yaml (Issue #12669)
• Updated printer info leak template for more context (Issue #12596)

False Negatives

• Improved detection for nacos-create-user template (Issue #12508)
• Improved detection for CVE-2025-4427 - Ivanti Endpoint Manager Mobile (Issue #12209)
• Fixed false-negative in oneinstack-control-center.yaml (Issue #12669)
• Fixed false-negative detection for CVE-2025-4427 (Issue #12663)

False Positives

• Reduced false positives in phpmyadmin-misconfiguration.yaml (Issues #12647, #12537, #12621)
• Reduced false positives in CVE-2023-1389.yaml (Issues #12342, #12592)
• Reduced false positives in molgenis-default-login.yaml (Issue #12681)
• Reduced false positives in credit-card-number-detect (Issue #12667)
• Reduced false positives in mismatched-ssl-certificate for Microsoft Intune (Issue #12704)

Enhancements

• Updated and renamed sql-dump.yaml to mysql-dump.yaml (Issue #12675)
• Renamed citrix-adc-gateway-detect.yaml to citrix-adc-gateway-panel.yaml (Issue #12674)
• Updated cisco-asa-panel.yaml (Issue #12673)
• Updated and renamed arcgis-tokens.yaml to arcgis-token-service-detect.yaml (Issue #12672)
• Renamed access-log.yaml to access-log-file.yaml (Issue #12671)
• Updated argocd-login.yaml (Issue #12670)
• Updated ms-exchange-local-domain.yaml (Issue #12627)
• Updated CVE-2025-53770.yaml (Issue #12713)
• Added server-info and server-status matching (Issue #12720)
• Changed ID and name in template (Issue #12677)
• Moved code CVEs (Issue #12610)

Templates Added

• [CVE-2025-53833] LaRecipe < 2.8.1 Remote Code Execution via SSTI (@iamnoooob, @pdresearch) [critical]
• [CVE-2025-53770] Microsoft SharePoint Server - Remote Code Execution (ToolShell) (@_l0gg, @SamIntruder, @sfewer-r7, @iamnoooob, @pdresearch) [critical] 🔥 (KEV)
• [CVE-2025-49029] WordPress Custom Login And Signup Widget Plugin <= 1.0 - Arbitrary Code Execution (@pussycat0x) [high] 🔥
• [CVE-2025-40630] IceWarp Mail Server ≤11.4.0 - Open Redirect (@dhiyaneshdk) [medium]
• [CVE-2025-34300] SawtoothSoftware Lighthouse Studio < 9.16.14 - Pre-Auth Remote Code Execution (@assetnote, @dhiyaneshdk, @iamnoooob) [critical]
• [CVE-2025-34143] ETQ Reliance - Authentication Bypass via Trailing Space (@slcyber, @dhiyaneshdk) [critical]
• [CVE-2025-34141] ETQ Reliance - Reflected XSS via SQLConverterServlet (@slcyber, @pdresearch) [medium]
• [CVE-2025-34077] WordPress Pie Register <= 3.7.1.4 - Authentication Bypass (@kylew1004) [critical] 🔥
• [CVE-2025-6970] WordPress Events Manager <= 7.0.3 - SQL Injection (@iamnoooob, @pdresearch) [critical] 🔥
• [CVE-2025-6851] WordPress Broken Link Notifier < 1.3.1 - Unauthenticated SSRF (@iamnoooob, @pdresearch) [high] 🔥
• [CVE-2025-6058] WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload (@pussycat0x) [critical]
• [CVE-2025-5961] WordPress WPvivid Backup & Migration Plugin <= 0.9.116 - Authenticated Arbitrary File Upload (@pussycat0x) [high]
• [CVE-2025-2712] Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2025-2711] Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2025-2710] Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2025-2709] Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2024-58136] Yii2 PHP Framework < 2.0.52 - Remote Code Execution (@ritikchaddha) [critical] 🔥
• [CVE-2024-50477] WordPress Stacks Mobile App Builder <=5.2.3 - Authentication Bypass (@stealthcopter, @vijay-sutar) [critical] 🔥
• [CVE-2024-42852] AcuToWeb server/10.5.0.7577c8b - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2024-36675] LyLme spage v1.9.5 - Server-Side Request Forgery (@ritikchaddha) [high]
• [CVE-2024-33832] OneNav v0.9.35-20240318 - Server-Side Request Forgery (SSRF) (@ritikchaddha) [medium]
• [CVE-2024-29198] GeoServer Demo Request Endpoint - Server Side Request Forgery (@iamnoooob, @pdresearch) [high] 🔥
• [CVE-2024-11587] idcCMS V1.60 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2024-9007] 123Solar 1.8.4.5 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2020-29390] Zeroshell 3.9.3 - Command Injection (@dhiyaneshdk) [critical]
• [CVE-2019-5544] VMware ESXi SLP - Heap Overflow DoS (@riteshs4hu) [critical] 🔥
• [CVE-2017-18349] Fastjson Insecure Deserialization - Remote Code Execution (@night) [critical] 🔥
• [amatera-stealer-panel] Amatera Stealer C2 Panel - Detect (@pussycat0x) [info]
• [bofamet-stealer-panel] Bofamet Stealer C2 Panel - Detect (@pussycat0x) [info]
• [cyber-stealer-panel] Cyber Stealer C2 Panel - Detect (@pussycat0x) [info]
• [oxf-phaas-panel] OXF Phishing as a Service Panel - Detect (@pussycat0x) [info]
• [saltbo-zpan-panel] Saltbo/zpan Panel - Detect (@ritikchaddha) [info]
• [safeq-panel] YSoft SafeQ Panel - Detect (@matejsmycka) [info]
• [ibarn-installer] iBarn Installer - Exposure (@ritikchaddha) [high]
• [saltbo-zpan-installer] Saltbo/zpan Installer - Exposure (@ritikchaddha) [high]
• [strongshop-installer] StrongShop Installer - Exposure (@ritikchaddha) [high]
• [luma] Luma User Name Information - Detect (@rxerium) [info]
• [sharepoint-toolshell-backdoor] SharePoint Webshell - ToolShell (@johnk3r) [critical]
• [wp-ninja-tables-lfi] Ninja Tables <4.1.9 - Unauthenticated Arbitrary File Read (@xbow, @dhiyaneshdk) [high]
• [vtun-server] VTUN Server - Detection (@pussycat0x) [info]
• [nats-server-enum] NATS Server - Detect (@pussycat0x) [info]

New Contributors

• @criminalinfluencer made their first contribution in #12402
• @SamIntruder made their first contribution in #12686
• @VijayS1808 made their first contribution in #12595
• @kylew1004 made their first contribution in #12726

Full Changelog: v10.2.5...v10.2.6