projectdiscovery/nuclei-templates v10.3.0

Nuclei Templates v10.3.0 - Release Notes

on GitHub

New Templates Added: 124 | CVEs Added: 90 | First-time contributions: 6

🔥 Release Highlights 🔥

• [CVE-2025-61882] Oracle E-Business Suite 12.2.3–12.2.14 – RCE (@dhiyaneshdk, @watchtowr) [critical] 🔥 (KEV) (vKEV)
• [CVE-2025-54251] Adobe Experience Manager ≤ 6.5.23.0 - XML Injection (@dhiyaneshdk, @assetnote) [medium] 🔥
• [CVE-2025-54249] Adobe Experience Manager ≤ 6.5.23.0 – SSRF (@dhiyaneshdk, @assetnote) [medium] 🔥
• [CVE-2025-49825] Teleport - Auth Bypass (@pdteam) [critical] 🔥
• [CVE-2025-36604] Dell UnityVSA < 5.5 - Remote Command Injection (@dhiyaneshdk, @watchtowr) [critical] 🔥
• [CVE-2025-20362] Cisco Secure Firewall ASA & FTD - Auth Bypass (@dhiyaneshdk, @attackerkb) [medium] 🔥 (KEV) (vKEV)
• [CVE-2025-10035] GoAnywhere - Auth Bypass (@dhiyaneshdk, @watchtowr) [critical] 🔥 (KEV) (vKEV)
• [CVE-2025-0282] Ivanti Connect Secure - Stack-based Buffer Overflow (@ritikchaddha) [critical] 🔥 (KEV) (vKEV)
• [CVE-2024-0593] WordPress Simple Job Board - Unauthorized Data Access (@zer0p0int) [medium] 🔥
• [CVE-2023-26258] Arcserve UDP <= 9.0.6034 - Auth Bypass (@daffainfo) [critical] 🔥 (vKEV)
• [CVE-2023-6933] Better Search Replace < 1.4.5 - PHP Object Injection (@pussycat0x) [critical] 🔥
• [CVE-2023-5559] 10Web Booster < 2.24.18 - Unauth Arbitrary Option Deletion (@daffainfo) [critical] 🔥
• [CVE-2023-4666] Form-Maker < 1.15.20 - Unauth Arbitrary File Upload (@pussycat0x) [critical] 🔥
• [CVE-2022-41352] Zimbra Collaboration - Unrestricted File Upload (@rxerium) [critical] 🔥 (KEV) (vKEV)
• [CVE-2022-38627] Nortek Linear eMerge E3-Series - SQL Injection (@daffainfo, @omarhashem666) [critical] 🔥 (vKEV)
• [CVE-2022-3590] WordPress <= 6.2 - Server Side Request Forgery (@riteshs4hu) [medium] 🔥 (vKEV)
• [CVE-2022-3481] NotificationX Dropshipping < 4.4 - SQL Injection (@ritikchaddha) [critical] 🔥 (vKEV)
• [CVE-2022-3477] WordPress tagDiv Composer < 3.5 - Auth Bypass (@melmathari) [critical] 🔥 (vKEV)
• [CVE-2021-42359] WP DSGVO Tools (GDPR) <= 3.1.23 - Unauth Arbitrary Post Deletion (@daffainfo) [high] 🔥
• [CVE-2021-34622] WordPress ProfilePress <= 3.1.3 - Privilege Escalation (@Sourabh-Sahu) [critical] 🔥 (vKEV)
• [CVE-2021-24295] Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 - Unauth Blind SQLi (@dhiyaneshdk) [high] 🔥
• [CVE-2021-24175] The Plus Addons for Elementor Page Builder < 4.1.7 - Auth Bypass (@pussycat0x) [critical] 🔥
• [CVE-2021-20021] SonicWall Email Security <= 10.0.9.x - Unauth Admin Account Creation (@pussycat0x) [critical] 🔥 (KEV) (vKEV)
• [CVE-2021-4380] Pinterest Automatic < 4.14.4 - Unauth Arbitrary Options Update (@s4e-io) [critical] 🔥
• [CVE-2020-36731] Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauth Arbitrary Plugin Settings Update (@popcorn94) [high] 🔥
• [CVE-2020-36719] ListingPro < 2.6.1 - Arbitrary Plugin Installation/Activation/Deactivation (@ritikchaddha) [critical] 🔥 (vKEV)
• [CVE-2020-36705] Adning Advertising <= 1.5.5 - Arbitrary File Upload (@dhiyaneshdk) [critical] 🔥
• [CVE-2020-13640] wpDiscuz <= 5.3.5 - SQL Injection (@Sourabh-Sahu) [critical] 🔥
• [CVE-2020-9480] Apache Spark - Auth Bypass (@riteshs4hu) [critical] 🔥 (vKEV)
• [CVE-2020-8657] EyesOfNetwork - Hardcoded API Key (@daffainfo) [critical] 🔥
• [CVE-2020-8656] EyesOfNetwork - Hardcoded API Key & SQL Injection (@ritikchaddha) [critical] 🔥
• [CVE-2019-25152] Abandoned Cart Lite for WooCommerce < 5.2.0 - Cross-Site Scripting (@dhiyaneshdk) [high] 🔥
• [CVE-2019-17232] WordPress Ultimate FAQs <= 1.8.24 – Unauth Options Import and Export (@daffainfo) [high] 🔥
• [CVE-2019-11886] Yellow Pencil Visual Theme Customizer < 7.2.1 - Privilege Escalation (@daffainfo) [high] 🔥
• [CVE-2019-9621] Zimbra Collaboration Suite - SSRF (@riteshs4hu) [high] 🔥 (KEV) (vKEV)
• [CVE-2019-7276] Optergy Proton/Enterprise - Unauth RCE via Backdoor Console (@daffainfo) [critical] 🔥 (vKEV)
• [CVE-2019-6703] Total Donations Plugin for WordPress < 2.0.6 - Arbitrary Options Update (@dhiyaneshdk) [critical] 🔥
• [CVE-2018-1217] Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Control (@daffainfo) [critical] 🔥
• [CVE-2016-10972] Newspaper Theme 6.4–6.7.1 - Privilege Escalation (@pussycat0x) [critical] 🔥

What's Changed

💰 Bounties Rewarded 💰

• CVE-2024-28000 LiteSpeed Technologies LiteSpeed Cache privilege escalation 💰 (Issue #13222)
• CVE-2024-23660 Binance Trust Wallet insecure mnemonic generation 💰 (Issue #13315)
• CVE-2022-3477 tagDiv Composer broken authentication 💰 (Issue #12752, PR #13194)
• CVE-2023-23063 vKEV template 💰 (PR #13396)
• CVE-2022-38840 vKEV template 💰 (PR #13382)
• CVE-2022-38627 vKEV template 💰 (PR #13372)
• CVE-2022-3805 vKEV template 💰 (PR #13403)
• CVE-2021-3122 vKEV template 💰 (PR #13412)
• CVE-2019-18952 vKEV template 💰 (PR #13425)
• CVE-2019-9621 KEV & vKEV template 💰 (PR #13409)
• CVE-2018-1217 vKEV template 💰 (PR #13418)
• CVE-2015-9415 vKEV template 💰 (PR #13419)

Bug Fixes

• Fixed false positives in CVE-2024-43441.yaml template (Issue #13317)
• Fixed CVE-2021-30175 template (PR #13375)
• Corrected CVSS score for CVE-2025-49825 (PR #13446)
• Fixed false positives in CVE-2022-37932 by updating flow (PR #13427)
• Resolved wix-takeover false positive issues (PR #13477)
• Fixed addeventlistener-detect template (PR #13462)

False Negatives

• Addressed CORS detection for OWASP JuiceShop Access-Control-Allow-Origin: * (Issue #13402)

False Positives

• Reduced false positives in CVE-2024-43441.yaml template (Issue #13317)
• Fixed false positives in wix-takeover template (PR #13477)
• Corrected false positives in CVE-2022-37932 template (PR #13427)

Enhancements

• Enhanced Google CSP bypass detection vector (PR #13500)
• Added user and password fields to config-json.yaml for better extraction (PR #13445)
• Improved vKEV workflow and updated missing tags (PR #13374)
• Added credentialed CORS with reflected Origin detection (PR #13441)
• Added blind SSRF (OAST) multiparam fuzzing template (PR #13440)
• Added Swagger/OpenAPI/GraphQL API inventory template (PR #13442)

Templates Added

• [CVE-2025-61882] Oracle E-Business Suite 12.2.3–12.2.14 – RCE (@dhiyaneshdk, @watchtowr) [critical] 🔥 (KEV) (vKEV)
• [CVE-2025-59474] Jenkins Sidepanel - Unauthorized Agent/Queue Exposure (@ivaldivieso) [medium]
• [CVE-2025-54251] Adobe Experience Manager ≤ 6.5.23.0 - XML Injection (@dhiyaneshdk, @assetnote) [medium] 🔥
• [CVE-2025-54249] Adobe Experience Manager ≤ 6.5.23.0 – SSRF (@dhiyaneshdk, @assetnote) [medium] 🔥
• [CVE-2025-49825] Teleport - Authentication Bypass (@pdteam) [critical] 🔥
• [CVE-2025-36604] Dell UnityVSA < 5.5 - Remote Command Injection (@dhiyaneshdk, @watchtowr) [critical] 🔥
• [CVE-2025-27225] TRUfusion Enterprise <= 7.10.4.0 - Admin Contact Portal (@dhiyaneshdk, @rcesecurity) [high]
• [CVE-2025-27223] TRUfusion Enterprise <= 7.10.4.0 - Authentication Bypass (@dhiyaneshdk, @rcesecurity) [critical]
• [CVE-2025-27222] TRUfusion Enterprise <= 7.10.4.0 - Path Traversal (@dhiyaneshdk, @rcesecurity) [critical]
• [CVE-2025-20362] Cisco Secure Firewall ASA & FTD - Authentication Bypass (@dhiyaneshdk, @attackerkb) [medium] 🔥 (KEV) (vKEV)
• [CVE-2025-10035] GoAnywhere - Authentication Bypass (@dhiyaneshdk, @watchtowr) [critical] 🔥 (KEV) (vKEV)
• [CVE-2025-8868] Chef Automate < 4.13.295 — SQL Injection (@3th1c_yuk1, @xbow) [critical]
• [CVE-2025-6205] DELMIA Apriso - Broken Access Control (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [high]
• [CVE-2025-6204] DELMIA Apriso - Command Injection (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical]
• [CVE-2025-0282] Ivanti Connect Secure - Stack-based Buffer Overflow (@ritikchaddha) [critical] 🔥 (KEV) (vKEV)
• [CVE-2024-48651] ProFTPD ≤ 1.3.8b - Privilege Escalation via mod_sql (@pussycat0x) [high]
• [CVE-2024-48208] Pure-FTPd < 1.0.52 - Buffer Overflow (@pussycat0x) [high]
• [CVE-2024-31839] CHAOS 5.0.1 'sendCommandHandler' - Cross-Site Scripting (@riteshs4hu) [medium]
• [CVE-2024-0593] WordPress Simple Job Board - Unauthorized Data Access (@zer0p0int) [medium] 🔥
• [CVE-2023-51713] ProFTPD < 1.3.8a - DoS via Out-of-Bounds Read (@pussycat0x) [high]
• [CVE-2023-26258] Arcserve UDP <= 9.0.6034 - Authentication Bypass (@daffainfo) [critical] 🔥 (vKEV)
• [CVE-2023-23063] Cellinx NVT Web Server - Local File Disclosure (@daffainfo) [high]
• [CVE-2023-22629] TitanFTP move-file Function ≤ 1.94.1205 - Path Traversal (@pussycat0x) [high]
• [CVE-2023-6933] Better Search Replace < 1.4.5 - PHP Object Injection (@pussycat0x) [critical] 🔥
• [CVE-2023-5559] 10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion (@daffainfo) [critical] 🔥
• [CVE-2023-4666] Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload (@pussycat0x) [critical] 🔥
• [CVE-2023-3169] tagDiv Composer < 4.2 - Stored Cross-Site Scripting (@ritikchaddha) [high]
• [CVE-2022-41352] Zimbra Collaboration - Unrestricted File Upload (@rxerium) [critical] 🔥 (KEV) (vKEV)
• [CVE-2022-38840] Güralp MAN-EAM-0003 3.2.4 - XML External Entity (XXE) (@daffainfo) [high]
• [CVE-2022-38627] Nortek Linear eMerge E3-Series - SQL Injection (@daffainfo, @omarhashem666) [critical] 🔥 (vKEV)
• [CVE-2022-25322] ZEROF Web Server 2.0 - SQL Injection (@daffainfo) [critical]
• [CVE-2022-3805] Jeg Elementor Kit < 2.5.7 - Unauthenticated Settings Update (@dhiyaneshdk, @popcorn94) [high]
• [CVE-2022-3590] WordPress <= 6.2 - Server Side Request Forgery (@riteshs4hu) [medium] 🔥 (vKEV)
• [CVE-2022-3481] NotificationX Dropshipping < 4.4 - SQL Injection (@ritikchaddha) [critical] 🔥 (vKEV)
• [CVE-2022-3477] WordPress tagDiv Composer < 3.5 - Authentication Bypass (@melmathari) [critical] 🔥 (vKEV)
• [CVE-2021-42359] WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Arbitrary Post Deletion (@daffainfo) [high] 🔥
• [CVE-2021-40524] Pure-FTPd 1.0.23 < 1.0.50 - Arbitrary File Upload (@pussycat0x) [high]
• [CVE-2021-34622] WordPress ProfilePress <= 3.1.3 - Privilege Escalation (@Sourabh-Sahu) [critical] 🔥 (vKEV)
• [CVE-2021-32648] OctoberCMS - Account Takeover (@daffainfo) [high]
• [CVE-2021-30047] vsftpd < 3.0.3 - DoS (@pussycat0x) [high]
• [CVE-2021-24295] Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 - Unauthenticated Blind SQL Injection (@dhiyaneshdk) [high] 🔥
• [CVE-2021-24219] All Thrive Themes and Plugins - Unauthenticated Option Update (@dhiyaneshdk) [medium]
• [CVE-2021-24175] The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass (@pussycat0x) [critical] 🔥
• [CVE-2021-20021] SonicWall Email Security <= 10.0.9.x - Unauthenticated Admin Account Creation (@pussycat0x) [critical] 🔥 (KEV) (vKEV)
• [CVE-2021-4380] Pinterest Automatic < 4.14.4 - Unauthenticated Arbitrary Options Update (@s4e-io) [critical] 🔥
• [CVE-2021-3122] NCR Command Center Agent 16.3 - Remote Command Execution (@daffainfo, @jjcho) [critical]
• [CVE-2020-36731] Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update (@popcorn94) [high] 🔥
• [CVE-2020-36723] ListingPro < 2.6.1 - Sensitive Data Disclosure (@ritikchaddha) [high]
• [CVE-2020-36719] ListingPro < 2.6.1 - Arbitrary Plugin Installation/Activation/Deactivation (@ritikchaddha) [critical] 🔥 (vKEV)
• [CVE-2020-36705] Adning Advertising <= 1.5.5 - Arbitrary File Upload (@dhiyaneshdk) [critical] 🔥
• [CVE-2020-35359] Pure-FTPd 1.0.48 - Denial of Service (@pussycat0x) [high]
• [CVE-2020-28653] ManageEngine OpManager SumPDU 12.1 - 12.5.232 - Java Deserialization (@iamnoooob, @pdresearch) [critical]
• [CVE-2020-13640] wpDiscuz <= 5.3.5 - SQL Injection (@Sourabh-Sahu) [critical] 🔥
• [CVE-2020-9480] Apache Spark - Authentication Bypass (@riteshs4hu) [critical] 🔥 (vKEV)
• [CVE-2020-9365] Pure-FTPd 1.0.24 - Security Vulnerability (@pussycat0x) [medium]
• [CVE-2020-9274] Pure-FTPd ≤ 1.0.49 - DoS via Uninitialized Pointer (@pussycat0x) [high]
• [CVE-2020-8657] EyesOfNetwork - Hardcoded API Key (@daffainfo) [critical] 🔥
• [CVE-2020-8656] EyesOfNetwork - Hardcoded API Key & SQL Injection (@ritikchaddha) [critical] 🔥
• [CVE-2019-25152] Abandoned Cart Lite for WooCommerce < 5.2.0 - Cross-Site Scripting (@dhiyaneshdk) [high] 🔥
• [CVE-2019-20176] Pure-FTPd < 1.0.50 - DoS via Resource Exhaustion (@pussycat0x) [high]
• [CVE-2019-18952] Xfilesharing 2.5.1 - Arbitrary File Upload (@daffainfo) [critical]
• [CVE-2019-18217] ProFTPD < 1.3.6b - Remote Unauthenticated DoS (@pussycat0x) [high]
• [CVE-2019-17232] WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated Options Import and Export (@daffainfo) [high] 🔥
• [CVE-2019-11886] Yellow Pencil Visual Theme Customizer < 7.2.1 - Privilege Escalation (@daffainfo) [high] 🔥
• [CVE-2019-9621] Zimbra Collaboration Suite - SSRF (@riteshs4hu) [high] 🔥 (KEV) (vKEV)
• [CVE-2019-7276] Optergy Proton/Enterprise - Unauthenticated RCE via Backdoor Console (@daffainfo) [critical] 🔥 (vKEV)
• [CVE-2019-6703] Total Donations Plugin for WordPress < 2.0.6 - Arbitrary Options Update (@dhiyaneshdk) [critical] 🔥
• [CVE-2018-11511] ASUSTOR ADM 3.1.0.RFQ3 - SQL Injection (@ritikchaddha) [critical]
• [CVE-2018-1217] Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Control (@daffainfo) [critical] 🔥
• [CVE-2016-10972] Newspaper Theme 6.4–6.7.1 - Privilege Escalation (@pussycat0x) [critical] 🔥
• [CVE-2015-9415] BJ Lazy Load (Timthumb) <= 0.7.5 - Remote File Inclusion (@s4e-io) [high]
• [CVE-2015-9406] mTheme Unus < 2.3 - Directory Traversal (@pussycat0x) [high]
• [CVE-2015-1419] vsftpd <= 3.0.2 - Access Restriction Bypass (@pussycat0x) [medium]
• [CVE-2014-1843] Titan FTP Server < 10.40 - User Properties Traversal (@pussycat0x) [medium]
• [CVE-2014-1842] Titan FTP Server Search Function < 10.40 - User Enumeration (@pussycat0x) [medium]
• [CVE-2014-1841] Titan FTP Server < 10.40 Move Function - Directory Traversal (@pussycat0x) [medium]
• [CVE-2011-3171] Pure-FTPd ≤ 1.0.22 - Directory Traversal (@pussycat0x) [low]
• [CVE-2011-0762] vsftpd < 2.3.3 - DoS (@pussycat0x) [medium]
• [CVE-2010-3867] ProFTPD < 1.3.3c - Directory Traversal via mod_site_misc (@pussycat0x) [high]
• [CVE-2009-0884] FileZilla Server < 0.9.31 - SSL/TLS Packet Overflow DoS (@pussycat0x) [medium]
• [CVE-2008-5281] Titan FTP Server 6.05 DELE Command - Heap Overflow (@pussycat0x) [critical]
• [CVE-2008-0702] Titan FTP Server 6.03 and 6.0.5.549 - Heap Overflow via Long Commands (@pussycat0x) [critical]
• [CVE-2006-6565] FileZilla Server < 0.9.22 - DoS via Wildcard Commands (@pussycat0x) [medium]
• [CVE-2006-2173] FileZilla FTP Server 2.2.22 - Buffer Overflow (@pussycat0x) [medium]
• [CVE-2005-0851] FileZilla Server < 0.9.6 - DoS via MODE Z Infinite Loop (@pussycat0x) [medium]
• [CVE-2005-0850] FileZilla Server < 0.9.6 - DoS via MS-DOS Device Names (@pussycat0x) [medium]
• [CVE-2004-1641] Titan FTP ≤ 3.21 - Heap Overflow via Long Commands (@pussycat0x) [medium]
• [CVE-2004-1602] ProFTPD 1.2.x - Username Enumeration via Timing Attack (@pussycat0x) [medium]
• [CVE-2004-0656] Pure-FTPd ≤ 1.0.18 - DoS via Connection Limit Exhaustion (@pussycat0x) [medium]
• [CVE-2004-0437] Titan FTP Server 3.01 - DoS via LIST Command Disconnection (@pussycat0x) [medium]
• [rdp-ntlm-info] RDP - NTLM Information Disclosure (@matejsmycka) [info]
• [crestron-airmedia-default-login] Crestron Airmedia 2.0 - Default Login (@andrew Lentz) [high]
• [mitel-6000-default-login] Mitel 6000 - Default Login (@matejsmycka) [high]
• [ritecms-default-login] RiteCMS - Default Login (@0x_Akoko) [high]
• [allegro-rompager-panel] Allegro RomPager - Panel (@matejsmycka) [info]
• [gocontrol-event-admin-panel] Go.Control Event Administration Panel - Detect (@Mys7ic) [info]
• [ni-web-based-panel] NI Web-based Configuration & Monitoring - Detect (@dhiyaneshdk, @matejsmycka) [info]
• [postman-collection-exposure] Postman Collection Exposure (@hamza Sahin) [low]
• [redoc-api-docs] ReDoc API Docs - Detect (@hamza Sahin) [info]
• [tolgee-api] Tolgee API - Detect (@matejsmycka) [info]
• [pinata-api-key] Pinata API Key - Expose (@0xPugal) [info]
• [labview-service-locator-enum] LabVIEW/NI Service Locator (@matejsmycka) [info]
• [apollo-sandbox-ui-exposed] Apollo Sandbox UI - Exposed (@hamza Sahin) [low]
• [graphql-directive-overloading] GraphQL Directive Overloading (@shamo0) [info]
• [graphql-voyager] GraphQL Voyager - Exposed (@hamza Sahin) [low]
• [mfp-unauth-exposure] Multi-function Printer - Unauthorized Access (@matejsmycka) [medium]
• [symfony-conflicting-misconfig] Symfony Conflicting Headers - Information Disclosure (@wakedxy) [medium]
• [tolgee-api-anonymous] Tolgee API - Misconfiguration Anonymous Access (@matejsmycka) [medium]
• [unauth-pact-broker] Unauth Pact Broker - Detect (@pdteam) [medium]
• [vault-unsealed-unauth] HashiCorp Vault API - Exposure (@hamza Sahin) [low]
• [weaviate-exposure] Weaviate - Exposure (@dhiyaneshdk) [low]
• [bank-central-asia-phish] Bank Central Asia Phishing - Detect (@bocgoInfosec) [info]
• [bsky] Bsky User Name Information - Detect (@gl0bal01) [info]
• [flightradar24] Flightradar24 User Name Information - Detect (@gl0bal01) [info]
• [mastodon-social-vivaldi] Mastodon-social vivaldi User Name Information - Detect (@gl0bal01) [info]
• [moto-trip] Moto-trip User Name Information - Detect (@gl0bal01) [info]
• [wordpress-site] WordPress Site Name Information - Detect (@gl0bal01) [info]
• [meteobridge-detect] MeteoBridge - Detect (@rxerium) [info]
• [woodpecker-detect] Woodpecker - Detect (@righettod) [info]
• [churchcrm-xss] ChurchCRM - Cross-Site Scripting (@pikpikcu) [medium]
• [justboil-me-image-upload] JustBoil.me Images Plugin - Exposed Image Upload (@0xr2r) [medium]
• [p7-office-xss] Р7-Office 12.5 - Cross-Site Scripting (@0xPugal) [medium]
• [eol-openssh-debian] EOL Debian OpenSSH - Detect (@matejsmycka) [medium]
• [famatech-radmin-detect] Famatech Radmin - Detect (@matejsmycka) [info]

New Contributors

• @gl0bal01 made their first contribution in #12457
• @ruppde made their first contribution in #13462
• @HamzaSahin61 made their first contribution in #13450
• @Andrew-Lentz made their first contribution in #13413
• @bocgoInfosec made their first contribution in #13417
• @wakedxy made their first contribution in #13245

Full Changelog: v10.2.9...v10.3.0