projectdiscovery/nuclei-templates v10.2.9 on GitHub

New Templates Added: `182` | CVEs Added: `66` | First-time contributions: `18`

🔥 Release Highlights 🔥

[CVE-2025-57819] FreePBX - Remote Code Execution (@watchtowr, @pussycat0x, @dhiyaneshdk) [critical] 🔥 (kev) (vKEV)
[CVE-2024-51568] CyberPanel - Command Injection (@s4e-io) [critical] 🔥 (kev) (vKEV)
[CVE-2024-46506] NetAlertX 23.01.14–24.x < 24.10.12 - Remote Code Execution (@s4e-io) [critical] 🔥 (kev) (vKEV)
[CVE-2024-28000] WordPress LiteSpeed Cache - Unauthenticated Privilege Escalation to Admin (@melmathari) [critical] 🔥 (kev) (vKEV)
[CVE-2024-8425] WooCommerce Ultimate Gift Card ≤ 2.6.0 - Arbitrary File Upload (@jsnv-dev) [critical] 🔥
[CVE-2023-45249] Acronis Cyber Infrastructure - Default Password (@darses) [critical] 🔥 (kev) (vKEV)
[CVE-2020-36155] Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta (@riteshs4hu) [critical] 🔥 (kev) (vKEV)
[CVE-2020-11514] Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint (@s4e-io) [critical] 🔥
[CVE-2019-7195] QNAP Photo Station - Path Traversal (@s4e-io) [critical] 🔥 (kev) (vKEV)

What's Changed

💰 Bounties Rewarded 💰

CVE-2023-45249 Acronis Cyber Infrastructure authentication bypass 💰 (Issue #13248).
CVE-2024-28000 LiteSpeed Cache privilege escalation 💰 (Issue #13222).
CVE-2024-8353 GiveWP insecure deserialization 💰 (Issue #13130).
CVE-2020-36836 WP Fastest Cache access control bypass 💰 (Issue #13098).
CVE-2025-3515 Contact Form 7 file upload vulnerability 💰 (Issue #13029).
CVE-2024-8425 WooCommerce Ultimate Gift Card file upload 💰 (Issue #12994).
CVE-2024-4898 InstaWP Connect authorization bypass 💰 (Issue #13271).
CVE-2024-36857 Jan path traversal vulnerability 💰 (Issue #13290).
CVE-2024-23660 Binance Trust Wallet mnemonic generation 💰 (Issue #13315).
CVE-2014-8739 jQuery File Upload unrestricted upload 💰 (Issue #12734).

Bug Fixes

Fixed false positives in CVE-2024-43441.yaml template (Issue #13317).
Resolved false positives in CVE-2023-3139.yaml template (Issue #13277).
Corrected false positive redirect from Cloudflare for CVE-2022-40022 (Issue #13239).

False Negatives

Enhanced FTP detection template to improve coverage (PR #13102).
Enhanced Zendesk takeover detection template (Issue #13193).

False Positives

Reduced false positives and improved accuracy in CVE-2024-43441.yaml (Issue #13317).
Fixed false positives in CVE-2023-3139.yaml template (Issue #13277).
Corrected false positive redirect handling in CVE-2022-40022 (Issue #13239).

Enhancements

Added condition to CVE-2024-43441.yaml for improved accuracy (PR #13318).
Improved Dell laser printer unauthorized access detection (PR #13303).
Enhanced HTTP Response Splitting and Polyglot SSTI fuzzing templates (PR #13300).
Enhanced Hikvision camera information exposure detection (PR #13293).
Updated CVE-2020-27615.yaml with new HTTP flow and matchers (PR #13281).
Enhanced Flowise installer detection (PR #13265).
Added FTP services detection template (PR #13254).
Updated Korean README documentation (PR #13249).
Added various vulnerability detection templates including CVE-2025-58434, CVE-2025-54123, CVE-2025-52970, CVE-2025-7775.

Templates Added

[CVE-2025-58434] Flowise <= 3.0.5 - Account Takeover (@nukunga[seunghyeonJeon]) [critical]
[CVE-2025-58179] Astro Cloudflare Adapter - Server Side Request Forgery (@hoanganhthai) [high]
[CVE-2025-57822] Next.js Middleware - Server-Side Request Forgery (@prdngr, @nicolas-latacora) [medium]
[CVE-2025-57819] FreePBX - Remote Code Execution (@watchtowr, @pussycat0x, @dhiyaneshdk) [critical] 🔥 (kev) (vKEV)
[CVE-2025-55161] Stirling-PDF SSRF via Markdown (@Beginee) [high]
[CVE-2025-54123] Hoverfly <= 1.11.3 - Remote Code Execution (@nukunga[seonghyeonJeon]) [critical]
[CVE-2025-53118] Securden Unified PAM - Authentication Bypass (@dhiyaneshdk, @pussycat0x, @iamnoooob, @pdresearch) [critical]
[CVE-2025-52207] MikoPBX - Unrestricted File Upload (@darses) [critical]
[CVE-2025-50738] Memos < 0.25.0 - Stored Cross-Site Scripting (@seonghyeonjeon[nukunga]) [medium]
[CVE-2025-49596] MCP Inspector < 0.14.0 UnauthenticatedRemote Code Execution (@ye11oc4t) [critical]
[CVE-2025-23061] Mongoose - NoSQL Injection (@namhyunko) [critical]
[CVE-2025-8085] Ditty < 3.1.58 - Server-Side Request Forgery (@s4e-io) [high]
[CVE-2025-3605] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation (@Beginee) [critical]
[CVE-2025-3515] Contact Form 7 Drag and Drop Multiple File Upload - Arbitrary File Upload (@hnd3884) [high]
[CVE-2024-51568] CyberPanel - Command Injection (@s4e-io) [critical] 🔥 (kev) (vKEV)
[CVE-2024-47533] Cobbler 'XML-RPC' - Authentication Bypass (@songyaeji) [critical]
[CVE-2024-46506] NetAlertX 23.01.14–24.x < 24.10.12 - Remote Code Execution (@s4e-io) [critical] 🔥 (kev) (vKEV)
[CVE-2024-43441] Apache HugeGraph-Server <1.5.0 - Authentication Bypass (@wn147) [critical]
[CVE-2024-36857] Jan v0.4.12 'readFileSync' - Path Traversal (@yusuf Amr) [high]
[CVE-2024-33326] LumisXP - Cross-site Scripting (@0xr2r) [medium]
[CVE-2024-29030] Memos 0.13.2 - Server-Side Request Forgery (@ritikchaddha) [medium]
[CVE-2024-29029] Memos 0.13.2 - Cross-Site Scripting & SSRF (@ritikchaddha) [medium]
[CVE-2024-29028] Memos 0.13.2 - Server-Side Request Forgery (@ritikchaddha) [medium]
[CVE-2024-28000] WordPress LiteSpeed Cache - Unauthenticated Privilege Escalation to Admin (@melmathari) [critical] 🔥 (kev) (vKEV)
[CVE-2024-11972] Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation (@s4e-io) [critical]
[CVE-2024-9772] WordPress UIX Shortcodes <= 1.9.7 - Unauthenticated Shortcode Execution (@kankburhan) [high]
[CVE-2024-8425] WooCommerce Ultimate Gift Card ≤ 2.6.0 - Arbitrary File Upload (@jsnv-dev) [critical] 🔥
[CVE-2024-8353] GiveWP Donation Plugin <= 3.16.1 - Unauthenticated PHP Object Injection (@hnd3884) [critical]
[CVE-2024-4898] WordPress InstaWP Connect <= 0.1.0.38 - Unauthenticated User Creation (@Sourabh-Sahu) [critical]
[CVE-2024-3378] iboss Secure Web Gateway - Stored Cross-Site Scripting (@s4e-io) [medium]
[CVE-2024-2782] WordPress FluentForms <= 5.1.16 - Broken Access Control (@riteshs4hu) [high]
[CVE-2024-2771] Contact Form Plugin by Fluent Forms < 5.1.17 - Unauthenticated Limited Privilege Escalation (@Sourabh-Sahu) [critical]
[CVE-2023-47873] WordPress WP Child Theme Generator < 1.1.3 - Arbitrary File Upload (@cysamu, @crux) [critical]
[CVE-2023-45249] Acronis Cyber Infrastructure - Default Password (@darses) [critical] 🔥 (kev) (vKEV)
[CVE-2023-40000] LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS (@0x_Akoko) [high]
[CVE-2023-6000] WordPress Popup Builder <= 4.2.3 - Unauthenticated Stored XSS (@riteshs4hu) [medium]
[CVE-2023-3139] Protect WP Admin < 4.0 - Unauthenticated Protection Bypass (@popcorn94) [medium]
[CVE-2023-0876] WordPress Meta SEO <= 4.5.2 - Open Redirect (@Khalid6468) [medium]
[CVE-2023-0037] WordPress 10Web Map Builder < 1.0.73 - Unauthenticated SQL Injection (@riteshs4hu) [critical]
[CVE-2022-37932] HP Switch - Authentication Bypass (@phulelouch) [high]
[CVE-2022-4971] Sassy Social Share <= 3.3.3 - Cross-Site Scripting (@popcorn94) [medium]
[CVE-2022-3124] Frontend File Manager < 21.3 - Unauthenticated File Renaming (@riteshs4hu) [medium]
[CVE-2022-2461] Transposh WordPress Translation <= 1.0.8 - Unauthenticated Settings Change (@riteshs4hu) [medium]
[CVE-2022-0429] WP Cerber Security, Anti-spam & Malware Scan < 8.9.6 - Cross-Site Scripting (@s4e-io) [medium]
[CVE-2021-34624] WordPress ProfilePress 3.0-3.1.3 - Arbitrary File Upload (@Sourabh-Sahu) [critical]
[CVE-2021-24878] SupportCandy < 2.2.7 - Reflected Cross-Site Scripting (@popcorn94) [medium]
[CVE-2021-24876] Registrations for The Events Calendar < 2.7.5 - Authenticated Reflected Cross-Site Scripting (@popcorn94) [medium]
[CVE-2021-24644] Images to WebP < 1.9 - Authenticated Local File Inclusion (@Sourabh-Sahu) [high]
[CVE-2021-24527] Profile Builder < 3.4.9 - Improper Authentication (@Sourabh-Sahu) [critical]
[CVE-2021-24170] User Profile Picture < 2.5.0 - Sensitive Information Disclosure (@s4e-io) [high]
[CVE-2020-36836] WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion (@melmathari) [high]
[CVE-2020-36155] Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta (@riteshs4hu) [critical] 🔥 (kev) (vKEV)
[CVE-2020-27615] WordPress Loginizer < 1.6.4 – Unauthenticated SQL Injection via log Parameter (@intelligent-ears) [critical]
[CVE-2020-23814] XXL-JOB v2.2.0 — Stored Cross Site Scripting (@Sourabh-Sahu) [medium]
[CVE-2020-11515] Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint (@s4e-io) [medium]
[CVE-2020-11514] Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint (@s4e-io) [critical] 🔥
[CVE-2019-17233] WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated HTML Content Injection (@daffainfo) [medium]
[CVE-2019-17231] WordPress OneTone theme <= 3.0.6 – Unauthenticated Stored XSS (@daffainfo) [medium]
[CVE-2019-17230] WordPress OneTone theme <= 3.0.6 – Unauthenticated Options Changes (@daffainfo) [medium]
[CVE-2019-17228] Motors Car Dealer & Classified Ads <= 1.4.0 - Unauthenticated settings import/export (@daffainfo) [medium]
[CVE-2019-15774] ND Booking < 2.5 - Unauthenticated Options Change (@popcorn94) [medium]
[CVE-2019-9881] WPEngine WPGraphQL 0.2.3 - Unauthenticated Comment Posting (@intelligent-ears) [medium]
[CVE-2019-9880] WPEngine WPGraphQL 0.2.3 - Unauthenticated User Information Disclosure (@intelligent-ears) [critical]
[CVE-2019-7195] QNAP Photo Station - Path Traversal (@s4e-io) [critical] 🔥 (kev) (vKEV)
[CVE-2016-15042] WordPress Frontend File Manager < 4.0 & N-Media Post Frontend < 1.1 - Arbitrary File Upload (@jsnv-dev) [critical]
[CVE-2014-8739] WordPress Sexy Contact Form (<= 0.9.7) - Arbitrary File Upload (@melmathari) [critical]
[apache-streampark-default-login] Apache Streampark - Default Login (@icarot) [high]
[barracuda-message-panel] Barracuda Message Archiver - Panel Detect (@inokii) [info]
[canon-ir-adv] Canon iR-ADV Panel - Detect (@ritikchaddha, @matejsmycka) [info]
[dell-remote-web-access-panel] Dell Remote Web Access Panel - Detect (@pussycat0x) [info]
[hpe-officeconnect-panel] HPE OfficeConnect Switch - Panel Detect (@pussycat0x) [info]
[mitel-nupoint-panel] Mitel NuPoint Unified Messaging Panel - Detect (@s4e-io) [info]
[phoenix-contact-charx-panel] Phoenix Contact CHARX SEC-3XXX AC Charging Controller Panel - Detect (@inokii) [info]
[scan2net-panel] Scan2Net - Panel (@matejsmycka) [info]
[phoenix-contact-charx-api] Phoenix Contact CHARX SEC-3XXX AC Charging Controller REST API - Detect (@inokii) [info]
[n8n-config] N8n - Config (@icarot) [medium]
[nocobase-config] Nocobase - Config (@icarot) [medium]
[openmetadata-admin-userenum] OpenMetadata - Admin User Enumeration (@icarot) [medium]
[bitbucket-oauth-exposure] Bitbucket OAuth Credentials Exposure (@thezakman) [high]
[windows-lfi-fuzzing] Windows - Local File Inclusion Fuzzing (@matejsmycka) [high]
[global-waf-detect] Global WAF Detect Matchers (@pdteam) [info]
[dell-laser-printer-unauth] Dell Laser Printer - Unauthenticated Detect (@pussycat0x) [high]
[hikvision-cam-info-exposure] Hikvision IP Camera - Info Exposure (@AbdulrahmanTamim) [high]
[amr-printer-management-unauth] AMR Printer Management Dashboard - Exposure (@ritikchaddha) [medium]
[flowise-installer] Flowise Installation Wizard - Exposure (@pussycat0x) [high]
[ms-front-page-misconfig] Microsoft FrontPage Configuration - Exposure (@jteles, @pikpikcu) [low]
[missing-cookie-samesite-strict] Missing Cookie SameSite Strict (@Lucky0x0D, @PulseSecurity.co.nz) [info]
[nest-owasp] OWASP NEST User Name Information - Detect (@rxerium) [info]
[framer-takeover] Framer Takeover Detection (@amjad Ali) [high]
[apache-streampark-detect] Apache Streampark - Detect (@icarot) [info]
[dkron-detect] Dkron - Detect (@icarot) [info]
[hugegraph-studio-detect] HugeGraph Studio - Detect (@pussycat0x) [info]
[mcp-inspector-detect] MCP Inspector Detect (@pussycat0x) [info]
[teccom-openmessaging-detect] TecConnect OpenMessaging Webservice Detection (@lunarcowboy) [info]
[freepbx-cleanup-backdoor] FreePBX - CVE-2025-57819 Backdoor (@darses) [high]
[dkron-unauth-rce] Dkron - Unauthenticated Remote Command Execution (@icarot) [high]
[phoenix-contact-charx-multiple-vulnerabilities] Phoenix Contact CHARX SEC-3XXX AC Controller < 1.7.3 - Multiple Vulnerabilities (@inokii) [critical]
[pigeonhole-sieve-detect] Pigeonhole Sieve Service - Detect (@pussycat0x) [info]
[rlogin-detect] Rlogin Detect (@pussycat0x) [info]
[netstat-service-expose] Netstat Service - Expose (@pussycat0x) [low]
[unauth-vnc-server-detect] Unauthenticated VNC Server - Detect (@pussycat0x) [critical]
[zeroconf-detect] Zeroconf - Detect (@pussycat0x) [info]
[snmpv1-community-detect-string] SNMPv1 Public Community String - Detect (@matejsmycka) [high]
[direct-connect-detect] Direct Connect P2P - Detect (@pussycat0x) [info]
[ftp-detect] FTP Service - Detect (@Mys7ic) [info]
[3com-ftp-detect] 3Com 3CDaemon FTP Service - Detect (@pussycat0x) [info]
[adi-galaxy-ftp-detect] ADI Convergence Galaxy FTP Service - Detect (@pussycat0x) [info]
[argosoft-ftp-detect] ArGoSoft FTP Service - Detect (@pussycat0x) [info]
[avalaunch-ftp-detect] Avalaunch FTP Service - Detect (@pussycat0x) [info]
[baby-ftp-detect] Baby FTP Service - Detect (@pussycat0x) [info]
[betaftpd-detect] BetaFTPD Service - Detect (@pussycat0x) [info]
[blackjumbodog-ftp-detect] BlackJumboDog FTP Service - Detect (@pussycat0x) [info]
[blackmoon-chaos-ftp-detect] BlackMoon FTP Chaos Edition Service - Detect (@pussycat0x) [info]
[blackmoon-free-ftp-detect] BlackMoon FTP Free Edition Service - Detect (@pussycat0x) [info]
[bsdi-ftp-detect] BSDI FTP Service - Detect (@pussycat0x) [info]
[cerberus-ftp-detect] Cerberus FTP Service - Detect (@pussycat0x) [info]
[checkpoint-ftp-detect] Check Point FireWall-1 FTP Service - Detect (@pussycat0x) [info]
[cleo-vlproxy-ftp-detect] Cleo VLProxy FTP Service - Detect (@pussycat0x) [info]
[code-crafters-ftp-detect] Code-Crafters Ability FTP Service - Detect (@pussycat0x) [info]
[communigate-ftp-detect] CommuniGate Pro FTP Service - Detect (@pussycat0x) [info]
[delegate-ftp-detect] DeleGate PROXY-FTP Service - Detect (@pussycat0x) [info]
[diskstation-ftp-detect] DiskStation FTP Service - Detect (@pussycat0x) [info]
[dumb-ftp-detect] Dumb FTP Service - Detect (@pussycat0x) [info]
[easycoder-ftp-detect] EasyCoder FTP Service - Detect (@pussycat0x) [info]
[filezilla-ftp-detect] FileZilla FTP Service - Detect (@pussycat0x) [info]
[firstclass-ftp-detect] FirstClass FTP Service - Detect (@pussycat0x) [info]
[freebox-ftp-detect] Freebox FTP Service - Detect (@pussycat0x) [info]
[gene6-ftp-detect] Gene6 FTP Service - Detect (@pussycat0x) [info]
[globalscape-ftp-detect] GlobalSCAPE Secure FTP Service - Detect (@pussycat0x) [info]
[globalsite-selector-ftp-detect] Global Site Selector FTP Service - Detect (@pussycat0x) [info]
[golden-ftp-detect] Golden FTP Server Pro Service - Detect (@pussycat0x) [info]
[hp-ftp-detect] Hewlett-Packard FTP Service - Detect (@pussycat0x) [info]
[hummingbird-ftp-detect] Hummingbird HCLFTPD Service - Detect (@pussycat0x) [info]
[ibm-ftp-detect] IBM FTP CS Service - Detect (@pussycat0x) [info]
[jana-ftp-detect] Jana-Server FTP Service - Detect (@pussycat0x) [info]
[java-ftp-proxy-detect] Java FTP Proxy Service - Detect (@pussycat0x) [info]
[jd-ftp-detect] JD FTP Service - Detect (@pussycat0x) [info]
[lanier-ftp-detect] LANIER MP 2555 FTP Service - Detect (@pussycat0x) [info]
[macosx-ftp-detect] Mac OS X Server FTP Service - Detect (@pussycat0x) [info]
[medusa-ftp-detect] Medusa Async FTP Service - Detect (@pussycat0x) [info]
[microsoft-ftp-detect] Microsoft FTP Service - Detect (@pussycat0x) [info]
[mikrotik-ftp-detect] MikroTik FTP Service - Detect (@pussycat0x) [info]
[ncftpd-detect] NcFTPd Service - Detect (@pussycat0x) [info]
[netbsd-ftpd-detect] NetBSD FTP Service - Detect (@pussycat0x) [info]
[netdisk-ftp-detect] NET Disk FTP Service - Detect (@pussycat0x) [info]
[networkcamera-ftp-detect] Network Camera FTP Service - Detect (@pussycat0x) [info]
[nmc-ftp-detect] Network Management Card FTP Service - Detect (@pussycat0x) [info]
[nucleus-ftp-detect] Nucleus FTP Service - Detect (@pussycat0x) [info]
[opendreambox-ftp-detect] OpenDreambox FTP Service - Detect (@pussycat0x) [info]
[oracle-ifs-ftp-detect] Oracle Internet File System FTP Service - Detect (@pussycat0x) [info]
[oracle-xmldb-ftp-detect] Oracle XML DB FTP Service - Detect (@pussycat0x) [info]
[pablo-ftp-detect] Pablo's FTP Service - Detect (@pussycat0x) [info]
[packetshaper-ftp-detect] PacketShaper FTP Service - Detect (@pussycat0x) [info]
[personal-ftp-detect] Personal FTP Service - Detect (@pussycat0x) [info]
[prnet-ftp-detect] PrNET FTP Service - Detect (@pussycat0x) [info]
[psosystem-ftp-detect] pSOSystem FTP Service - Detect (@pussycat0x) [info]
[pure-ftpd-detect] Pure-FTPd Service - Detect (@pussycat0x) [info]
[riedel-ftp-detect] RIEDEL Artist FTP Service - Detect (@pussycat0x) [info]
[sambar-ftp-detect] Sambar FTP Service - Detect (@pussycat0x) [info]
[securegateway-ftp-detect] Secure Gateway FTP Service - Detect (@pussycat0x) [info]
[serv-u-ftp-detect] Serv-U FTP Service - Detect (@pussycat0x) [info]
[sidewinder-ftp-detect] Sidewinder FTP Proxy Service - Detect (@pussycat0x) [info]
[sunos56-ftp-detect] SunOS 5.6 FTP Service - Detect (@pussycat0x) [info]
[sunos58-ftp-detect] SunOS 5.8 FTP Service - Detect (@pussycat0x) [info]
[titan-ftp-detect] Titan FTP Service - Detect (@pussycat0x) [info]
[tnftpd-detect] TNFTPD Service - Detect (@pussycat0x) [info]
[tornado-vxworks-ftp-detect] Tornado-VxWorks FTP Service - Detect (@pussycat0x) [info]
[tp-print-ftp-detect] TP Print FTP Service - Detect (@pussycat0x) [info]
[treck-ftp-detect] Treck FTP Service - Detect (@pussycat0x) [info]
[typsoft-ftp-detect] TYPSoft FTP Service - Detect (@pussycat0x) [info]
[vsftpd-detect] vsFTPd Service - Detect (@pussycat0x) [info]
[windriver-ftp-detect] Wind River FTP Service - Detect (@pussycat0x) [info]
[x2-wsftp-detect] X2 WS_FTP Service - Detect (@pussycat0x) [info]
[xerver-ftp-detect] Xerver Free FTP Service - Detect (@pussycat0x) [info]
[xlight-ftp-detect] Xlight FTP Service - Detect (@pussycat0x) [info]
[zftp-detect] Z-FTP Service - Detect (@pussycat0x) [info]
[zywall-ftp-detect] ZyWALL FTP Service - Detect (@pussycat0x) [info]
[sap-dispatcher-detect] SAP Dispatcher - Detect (@pussycat0x) [info]
[sap-router-detect] SAProuter - Detect (@pussycat0x) [info]
[freepbx-workflow] Freepbx Security Checks (@darses)
[ftp-workflow] FTP Security Checks (@Mys7ic)
[phoenix-contact-workflow] Phoenix Contact Security Checks (@inokii)

New Contributors

@AJ0070 made their first contribution in #13055
@snieguu made their first contribution in #13013
@prdngr made their first contribution in #13061
@NamhyeonKo made their first contribution in #12941
@amjadali-110 made their first contribution in #12524
@melmathari made their first contribution in #13119
@tamim1089 made their first contribution in #12541
@jsnv-dev made their first contribution in #13077
@popcorn94 made their first contribution in #13151
@inokii made their first contribution in #13112
@begin2ee made their first contribution in #13043
@ye11oc4t made their first contribution in #13142
@mielverkerken made their first contribution in #13240
@giangm made their first contribution in #11950
@poc2022 made their first contribution in #13223
@kankburhan made their first contribution in #13294
@phulelouch made their first contribution in #12812
@wn147 made their first contribution in #12982

Full Changelog: v10.2.8...v10.2.9

projectdiscovery/nuclei-templates v10.2.9 Nuclei Templates v10.2.9 - Release Notes on GitHub

New Templates Added: 182 | CVEs Added: 66 | First-time contributions: 18

🔥 Release Highlights 🔥

What's Changed

Templates Added

New Contributors

projectdiscovery/nuclei-templates v10.2.9
Nuclei Templates v10.2.9 - Release Notes

on GitHub

New Templates Added: `182` | CVEs Added: `66` | First-time contributions: `18`