projectdiscovery/nuclei-templates v10.3.1 on GitHub

New Templates Added: `119` | CVEs Added: `88` | First-time contributions: `10` | Bounties rewarded: `12`

🔥 Release Highlights 🔥

[CVE-2025-49844] Redis Lua Parser < 8.2.2 - Use After Free (@pussycat0x) [critical] 🔥
[CVE-2025-46819] Redis < 8.2.1 Lua Long-String Delimiter - Out-of-Bounds Read (@pussycat0x) [high] 🔥
[CVE-2025-46818] Redis Lua Sandbox < 8.2.2 - Cross-User Escape (@pussycat0x) [high] 🔥
[CVE-2025-46817] Redis < 8.2.1 lua script - Integer Overflow (@pussycat0x) [critical] 🔥
[CVE-2025-20281] Cisco ISE - Remote Code Execution (@daffainfo) [critical] (vKEV) 🔥
[CVE-2024-42009] Roundcube Webmail - Cross-Site Scripting (@rxerium) [critical] (vKEV) 🔥
[CVE-2023-40044] WS_FTP Server - Insecure Deserialization (@0x_Akoko) [critical] (vKEV) 🔥
[CVE-2023-37582] Apache RocketMQ - Remote Command Execution (@daffainfo) [critical] (vKEV) 🔥
[CVE-2023-21839] Oracle WebLogic Server - Unauthorized Access (@daffainfo) [high] (vKEV) 🔥
[CVE-2023-3519] Citrix NetScaler ADC and NetScaler Gateway - RCE (@pussycat0x, @ritikchaddha) [critical] (vKEV) 🔥
[CVE-2022-31711] VMware vRealize Log Insight < v8.10.2 - Information Disclosure (@dhiyaneshdk) [medium] 🔥
[CVE-2022-31706] VMware vRealize Log Insight - Path Traversal (@ritikchaddha) [critical] (vKEV) 🔥
[CVE-2022-31704] VMware vRealize Log Insight - Improper Access Control to RCE (@ritikchaddha) [critical] (vKEV) 🔥
[CVE-2022-24682] Zimbra Collaboration Suite < 8.8.15 - Improper Encoding (@rxerium) [medium] 🔥
[CVE-2022-24086] Adobe Commerce (Magento) - Remote Code Execution (@daffainfo) [critical] (vKEV) 🔥
[CVE-2022-22956] VMware Workspace ONE Access - Authentication Bypass (@daffainfo) [critical] (vKEV) 🔥
[CVE-2021-33766] Microsoft Exchange - Authentication Bypass (@daffainfo) [high] (vKEV) 🔥
[CVE-2021-32478] Moodle 3.8-3.10.3 - Reflected XSS & Open Redirect (@hackergautam) [medium] 🔥
[CVE-2021-30118] Kaseya VSA < 9.5.7 - Arbitrary File Upload to Remote Code Execution (@daffainfo) [critical] (vKEV) 🔥
[CVE-2021-30116] Kaseya VSA < 9.5.7 - Credential Disclosure via Windows Agent (@daffainfo) [critical] (vKEV) 🔥
[CVE-2021-26072] Atlassian Confluence < 5.8.6 - Server-Side Request Forgery (@TechbrunchFR) [medium] 🔥
[CVE-2021-24220] Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload (@pussycat0x) [critical]
[CVE-2021-3287] Zoho ManageEngine OpManager < 12.5.329 - Remote Code Execution (@theamanrawat) [critical] (vKEV) 🔥
[CVE-2020-3952] VMware vCenter Server LDAP Broken Access Control (@0x_Akoko) [critical] (vKEV) 🔥
[CVE-2020-2883] Oracle WebLogic Server - Remote Code Execution (@daffainfo) [critical] (vKEV) 🔥
[CVE-2019-16072] Enigma NMS < 65.0.0 - Authenticated OS Command Injection (@0x_Akoko) [critical]
[CVE-2019-12989] Citrix SD-WAN and NetScaler SD-WAN - SQL Injection (@ritikchaddha) [critical] (vKEV) 🔥
[CVE-2018-18325] DotNetNuke 9.2 - 9.2.2 - Weak Encryption & Cookie Deserialization (@pdteam) [high] 🔥
[CVE-2018-15811] DotNetNuke 9.2 - 9.2.1 - Weak Encryption & Cookie Deserialization (@pdteam) [high] 🔥
[CVE-2018-11138] Quest KACE System Management Appliance 8.0.318 - RCE (@ritikchaddha) [critical] (vKEV) 🔥
[CVE-2017-18362] Kaseya VSA 2017 ConnectWise ManagedITSync - RCE (@pussycat0x) [critical] (vKEV) 🔥
[CVE-2010-20103] ProFTPd-1.3.3c - Backdoor Command Execution (@pussycat0x) [critical] 🔥

What's Changed

💰 Bounties Rewarded 💰

CVE-2025-20281 - Cisco ISE - Remote Code Execution (KEV and vKEV) (PR #13610)
CVE-2022-22956 - VMware Workspace ONE Access - Authentication Bypass (vKEV) (PR #13597)
CVE-2023-37582 - Apache RocketMQ NameServer - Remote Command Execution (vKEV) (PR #13580)
CVE-2021-30118 - Kaseya VSA - Arbitrary File Upload Leading to RCE (vKEV) (PR #13560)
CVE-2021-30116 - Kaseya VSA - Credential Disclosure (KEV and vKEV) (PR #13558)
CVE-2023-30194 - PrestaShop posstaticfooter - SQL Injection (vKEV) (PR #13551)
CVE-2021-33766 - Microsoft Exchange Server - Information Disclosure (KEV and vKEV) (PR #13547)
CVE-2023-21839 - Oracle WebLogic Server - Unauthorized Access (KEV and vKEV) (PR #13546)
CVE-2021-38154 - Canon Devices - Authentication Bypass (vKEV) (PR #13545)
CVE-2022-31181 - PrestaShop - SQL Injection (vKEV) (PR #13544)
CVE-2022-43939 - Hitachi Vantara Pentaho - Security Restriction Bypass (KEV and vKEV) (PR #13395)

Bug Fixes

Fixed CVE-2025-49825 version matching (PR #13701)
Fixed typo in CVE-2021-35064.yaml (PR #13699)
Fixed detection in CVE-2022-31711.yaml (PR #13618)
Fixed typo in BIGipServer matcher (PR #13633)
Fixed CVE-2022-22956.yaml (PR #13673)
Fixed IBM Eclipse Help System false positive (PR #13589)

False Negatives

Addressed false negative in CVE-2025-61882 template (Issue #13540)
Addressed false negative in generic-linux-lfi.yaml (Issue #12864)
Addressed false negative in CVE-2023-20198 Cisco IOS XE RCE (Issue #12324)

False Positives

Reduced false positives and improved accuracy in the following templates:
- CVE-2024-2782 (Issue #13525, PR #13668)
- CVE-2020-11514 (Issue #13520)
- CVE-2025-5777 - CitrixBleed 2 (Issue #13197)
- CVE-2022-1595.yaml - Multiple false positives (Issue #12792)
- addeventlistener-detect (Issue #11589)
- external-service-interaction (Issue #10850)

Enhancements

Implemented asset-discovery and vulnerability detection distinction across templates (PR #13648)
Enhanced Hashicorp Vault detection by removing vault-unsealed-unauth and improving hashicorp-vault-detect (PR #13660)
Enhanced XWiki RCE detection capabilities (PR #13684)
Added new POC for yonyou-nc-arbitrary-file-read (PR #13624)
Improved Moodle changelog file detection for newer versions (PR #13654)
Removed cloudapp.net from takeover templates as no longer exploitable (PR #13679)
Enhanced SNMPv3 fingerprint detection (PR #13661)

Templates Added

[CVE-2025-61666] Traccar(Windows) 6.1- 6.8.1 - Local File Inclusion (@securitytaters) [high]
[CVE-2025-59049] Mockoon < 9.2.0 - Path Traversal (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2025-58751] Vite Dev Server - Path Traversal (@wn147) [low]
[CVE-2025-57808] ESPHome - Authentication Bypass (@Sean-Kim) [high]
[CVE-2025-55748] XWiki Platform - Path Traversal (@Redmomn) [high]
[CVE-2025-55747] XWiki Platform - Information Disclosure (@Redmomn) [high]
[CVE-2025-53771] Microsoft SharePoint Server - AuthBypass (ToolShell) (@_l0gg, @SamIntruder, @sfewer-r7, @iamnoooob, @pdresearch) [medium] (vKEV) 🔥
[CVE-2025-49844] Redis Lua Parser < 8.2.2 - Use After Free (@pussycat0x) [critical] 🔥
[CVE-2025-48703] CWP (Control Web Panel) < 0.9.8.1205 - Remote Code Execution (@theamanrawat) [critical] (vKEV)
[CVE-2025-46819] Redis < 8.2.1 Lua Long-String Delimiter - Out-of-Bounds Read (@pussycat0x) [high] 🔥
[CVE-2025-46818] Redis Lua Sandbox < 8.2.2 - Cross-User Escape (@pussycat0x) [high] 🔥
[CVE-2025-46817] Redis < 8.2.1 lua script - Integer Overflow (@pussycat0x) [critical] 🔥
[CVE-2025-34509] Sitecore Experience Manager (XM) and Experience Platform (XP) - Hardcoded Credentials (@daffainfo) [high]
[CVE-2025-34038] Fanwei e-cology - SQL Injection (@ritikchaddha) [high]
[CVE-2025-25037] Aquatronica Controller System <= 5.1.6 - Information Disclosure (@s4e-io) [high]
[CVE-2025-25034] SugarCRM - Unauthenticated Remote Code Execution via PHP Object Injection (@Redmomn) [critical] (vKEV)
[CVE-2025-20281] Cisco ISE - Remote Code Execution (@daffainfo) [critical] (vKEV) 🔥
[CVE-2025-11750] Dify - User Enumeration via "Account not found" Message (@Kazgangap) [medium]
[CVE-2025-11371] Gladinet CentreStack & TrioFox - Local File Inclusion (@Kazgangap) [medium]
[CVE-2025-9242] WatchGuard IKEv2 Out-of-Bounds Write Vulnerability (@pussycat0x, @dhiyaneshdk, @watchtowr) [critical]
[CVE-2025-9196] Trinity Audio <= 5.21.0 - Information Exposure (@Kazgangap) [medium]
[CVE-2025-5701] HyperComments <= 1.2.2 - Arbitrary Options Update (@kylew1004) [critical]
[CVE-2024-42009] Roundcube Webmail - Cross-Site Scripting (@rxerium) [critical] (vKEV) 🔥
[CVE-2024-35286] Mitel MiCollab <= 9.8.0.33 - SQL Injection (@daffainfo) [critical]
[CVE-2024-13979] St. Joe ERP system - SQL Injection (@dhiyaneshdk) [critical]
[CVE-2024-10708] System Dashboard < 2.8.15 - Admin+ Path Traversal (@0x_Akoko) [medium]
[CVE-2024-9166] TitanNit Web Control 2.01/Atemio 7600 - Remote Code Execution (@dhiyaneshdk) [critical]
[CVE-2023-40044] WS_FTP Server - Insecure Deserialization (@0x_Akoko) [critical] (vKEV) 🔥
[CVE-2023-37582] Apache RocketMQ - Remote Command Execution (@daffainfo) [critical] (vKEV) 🔥
[CVE-2023-34133] SonicWall GMS and Analytics - SQL Injection (@theamanrawat) [high] (vKEV)
[CVE-2023-30194] Prestashop posstaticfooter <= 1.0.0 - SQL Injection (@daffainfo) [critical]
[CVE-2023-21839] Oracle WebLogic Server - Unauthorized Access (@daffainfo) [high] (vKEV) 🔥
[CVE-2023-6655] Hongjing e-HR 2020 - SQL Injection (@pussycat0x) [high]
[CVE-2023-3519] Citrix NetScaler ADC and NetScaler Gateway - RCE (@pussycat0x, @ritikchaddha) [critical] (vKEV) 🔥
[CVE-2022-48323] Sunflower Simple and Personal 1.0.1.43315 - Remote Code Execution (@daffainfo) [critical]
[CVE-2022-43939] Hitachi Pentaho Business Analytics Server - Bypass Authorization (@daffainfo) [high]
[CVE-2022-38812] AeroCMS 0.1.1 - SQL Injection (@shivampand3y) [medium]
[CVE-2022-37122] Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Path Traversal (@gy741) [high]
[CVE-2022-31711] VMware vRealize Log Insight < v8.10.2 - Information Disclosure (@dhiyaneshdk) [medium] 🔥
[CVE-2022-31706] VMware vRealize Log Insight - Path Traversal (@ritikchaddha) [critical] (vKEV) 🔥
[CVE-2022-31704] VMware vRealize Log Insight - Improper Access Control to RCE (@ritikchaddha) [critical] (vKEV) 🔥
[CVE-2022-31181] PrestaShop - SQL Injection to Eval Injection (@daffainfo) [critical] (vKEV)
[CVE-2022-27228] Bitrix Site Manager - Remote Code Execution (@theamanrawat) [critical] (vKEV)
[CVE-2022-24682] Zimbra Collaboration Suite < 8.8.15 - Improper Encoding (@rxerium) [medium] 🔥
[CVE-2022-24086] Adobe Commerce (Magento) - Remote Code Execution (@daffainfo) [critical] (vKEV) 🔥
[CVE-2022-22956] VMware Workspace ONE Access - Authentication Bypass (@daffainfo) [critical] (vKEV) 🔥
[CVE-2021-39411] Hospital Management System 1.0 - Cross-Site Scripting (@arafatansari) [high]
[CVE-2021-38154] Canon Devices - Authentication Bypass in Catwalk Server (@daffainfo) [high]
[CVE-2021-37292] KevinLAB BEMS (Building Energy Management System) - Backdoor Account (@gy741) [high]
[CVE-2021-35064] Kramer VIAware - Privilege Escalation and Remote Code Execution (@ritikchaddha) [critical]
[CVE-2021-33766] Microsoft Exchange - Authentication Bypass (@daffainfo) [high] (vKEV) 🔥
[CVE-2021-32478] Moodle 3.8-3.10.3 - Reflected XSS & Open Redirect (@hackergautam) [medium] 🔥
[CVE-2021-30118] Kaseya VSA < 9.5.7 - Arbitrary File Upload to Remote Code Execution (@daffainfo) [critical] (vKEV) 🔥
[CVE-2021-30116] Kaseya VSA < 9.5.7 - Credential Disclosure via Windows Agent (@daffainfo) [critical] (vKEV) 🔥
[CVE-2021-27877] Veritas Backup Exec - Broken Authentication (@pussycat0x, @dhiyaneshdk) [high]
[CVE-2021-27858] FatPipe WARP/IPVPN/MPVPN - Authorization Bypass (@gy741) [medium]
[CVE-2021-27856] FatPipe WARP/IPVPN/MPVPN - Backdoor Account (@gy741) [critical]
[CVE-2021-26072] Atlassian Confluence < 5.8.6 - Server-Side Request Forgery (@TechbrunchFR) [medium] 🔥
[CVE-2021-24220] Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload (@pussycat0x) [critical]
[CVE-2021-24212] WooCommerce Help Scout - Arbitrary File Upload (@ritikchaddha) [critical]
[CVE-2021-20086] Odoo Apps - Cross-Site Scripting via Prototype Pollution (@1337rokudenashi) [high]
[CVE-2021-3287] Zoho ManageEngine OpManager < 12.5.329 - RCE (@theamanrawat) [critical] (vKEV) 🔥
[CVE-2021-3018] IPeakCMS 3.5 - SQL Injection (@theamanrawat) [critical]
[CVE-2020-29279] 74CMS - Remote File Inclusion (@dhiyaneshdk) [critical]
[CVE-2020-22165] PHPGurukul Hospital Management System 4.0 - SQL Injection (@ritikchaddha) [high]
[CVE-2020-21998] HomeAutomation 3.3.2 - Open Redirect (@0x_Akoko) [medium]
[CVE-2020-20601] ThinkCMF X2.2.2 - Remote Code Execution (@pikpikcu) [critical]
[CVE-2020-10257] ThemeREX Addons - Remote Code Execution (@theamanrawat) [critical]
[CVE-2020-4429] IBM Data Risk Manager - Hardcoded Credentials (@Kazgangap) [critical]
[CVE-2020-4427] IBM Data Risk Manager - Authentication Bypass via SAML (@ritikchaddha) [critical]
[CVE-2020-3952] VMware vCenter Server LDAP Broken Access Control (@0x_Akoko) [critical] (vKEV) 🔥
[CVE-2020-2883] Oracle WebLogic Server - Remote Code Execution (@daffainfo) [critical] (vKEV) 🔥
[CVE-2019-16072] Enigma NMS < 65.0.0 - Authenticated OS Command Injection (@0x_Akoko) [critical]
[CVE-2019-12989] Citrix SD-WAN and NetScaler SD-WAN - SQL Injection (@ritikchaddha) [critical] (vKEV) 🔥
[CVE-2019-9874] Sitecore Experience Platform - Deserialization of Untrusted Data (@ritikchaddha) [critical] (vKEV)
[CVE-2019-4716] IBM Planning Analytics - Authentication Bypass & RCE (@0x_Akoko) [critical]
[CVE-2018-25114] osCommerce 2.3.4.1 - Remote Code Execution (@Suman_Kar) [critical]
[CVE-2018-18325] DotNetNuke 9.2 - 9.2.2 - Weak Encryption & Cookie Deserialization (@pdteam) [high] 🔥
[CVE-2018-17173] LG Supersign EZ CMS - Remote Code Execution (@pussycat0x) [critical] (vKEV)
[CVE-2018-15811] DotNetNuke 9.2 - 9.2.1 - Weak Encryption & Cookie Deserialization (@pdteam) [high] 🔥
[CVE-2018-11138] Quest KACE System Management Appliance 8.0.318 - RCE (@ritikchaddha) [critical] (vKEV) 🔥
[CVE-2018-10088] XiongMai uc-httpd 1.0.0 - Buffer Overflow (@0x_Akoko) [critical] (vKEV)
[CVE-2017-20194] Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure (@dhiyaneshdk) [medium]
[CVE-2017-18362] Kaseya VSA 2017 ConnectWise ManagedITSync - Remote Code Execution (@pussycat0x) [critical] (vKEV) 🔥
[CVE-2017-9965] Schneider Electric Pelco VideoXpert Enterprise 2.0 - Path Traversal (@0x_akoko) [medium]
[CVE-2015-10141] Xdebug <= 2.5.5 - Command Injection (@pwnhxl) [critical]
[CVE-2010-20103] ProFTPd-1.3.3c - Backdoor Command Execution (@pussycat0x) [critical] 🔥
[CVE-2010-2018] Lokomedia CMS - Local File Inclusion (@r3Y3r53) [high]
[k8s-apiserver-anonymous-access] Ensure kube-apiserver --anonymous-auth is explicitly disabled (@songyaeji) [high]
[k8s-apiserver-token-auth-file] Detect kube-apiserver --token-auth-file usage (@songyaeji) [high]
[apache-mod-cluster-exposure] Apache mod_proxy_cluster Cluster Manager Interface - Exposure (@oleveloper) [info]
[commvault-panel] Commvault Web Console Panel - Detect (@rxerium) [info]
[hoobs-panel] HOOBS Panel - Detect (@rxerium) [info]
[ictbroadcast-panel] ICTBroadcast Login Panel - Detect (@rxerium) [info]
[kong-manager-exposure] Kong Manager OSS/Admin - Exposure (@Krishna Jaishwal) [medium]
[skysea-panel] SKYSEA Client View Panel - Detect (@rxerium) [info]
[telecontrol-server-basic-panel] Telecontrol Server Basic Panel - Detect (@Kazgangap) [info]
[thingsboard-panel] ThingsBoard Panel - Detect (@righettod) [info]
[asyncapi-inventory] AsyncAPI Spec Inventory (@HamzaSahin61) [info]
[nextjs-vite-public-env] Next.js / Vite Public ENV Exposure (@hamza Sahin) [medium]
[aws-secret-key] AWS Secret Key (@tess, @Chemo850) [unknown]
[elastic-cloud-api-key] Elastic Cloud API Key Detection (@Chemo850) [high]
[heroku-oauth2-token] Heroku OAuth2 Token (@Chemo850) [info]
[openai-admin-api-key] OpenAI Admin API Key Detection (@Chemo850) [info]
[openai-service-account-api-key] OpenAI Service Account API Key (@Chemo850) [info]
[unauth-innovatrics-smartface-panel] Unauthenticated SmartFace Panel - Detect (@matejsmycka) [medium]
[ictbroadcast-installer] ICTBroadcast Installation Wizard (@dhiyaneshdk) [high]
[kace-sma-installer] KACE Systems Management Appliance - Installer (@ritikchaddha) [high]
[shibboleth-open-redirect] Shibboleth SSO - Open Redirect (@aushack) [medium]
[unauth-ckfinder] CKFinder - Unauthenticated Exposure (@amjad Ali) [high]
[unauth-esphome] ESPHome Web Server access - Unauthenticated Access (@pussycat0x) [high]
[redirect-pizza-takeover] Redirect.pizza Subdomain Takeover Detection (@ranjan Kumar) [high]
[backdrop-cms-detect] Backdrop CMS - Detect (@5tr1x) [info]
[centos-eol] CentOS EOL - Detect (@staticnoise) [info]
[enigma-nms-detect] Enigma NMS - Detection (@0x_Akoko) [info]
[xwiki-detect] XWiki - Detection (@matejsmycka) [info]
[yonyou-nc-lfi] UFIDA NC - Arbitrary File Read (@vva) [high]
[snmpv3-detect] SNMPv3 Fingerprint - Detect (@matejsmycka) [info]
[mDNS-enum] mDNS Enumeration (@matejsmycka) [low]

New Contributors

@Chemo850 made their first contribution in #13557
@mlinton made their first contribution in #13564
@fportantier made their first contribution in #13586
@Redmomn made their first contribution in #13579
@ranjan1560 made their first contribution in #13652
@lap1nou made their first contribution in #13654
@qwe-kai made their first contribution in #13624
@hhha456 made their first contribution in #13571
@rob-picard-teleport made their first contribution in #13701
@227Abdulrahuman made their first contribution in #13679

Full Changelog: v10.3.0...v10.3.1

projectdiscovery/nuclei-templates v10.3.1 Nuclei Templates v10.3.1 - Release Notes on GitHub

New Templates Added: 119 | CVEs Added: 88 | First-time contributions: 10 | Bounties rewarded: 12

🔥 Release Highlights 🔥

What's Changed

Templates Added

New Contributors

projectdiscovery/nuclei-templates v10.3.1
Nuclei Templates v10.3.1 - Release Notes

on GitHub

New Templates Added: `119` | CVEs Added: `88` | First-time contributions: `10` | Bounties rewarded: `12`