github projectdiscovery/nuclei-templates v10.3.2
Nuclei Templates v10.3.2 - Release Notes
on GitHub

13 hours ago

New Templates Added: 129 | CVEs Added: 56 | First-time contributions: 9 | Bounties rewarded: 7

🔥 Release Highlights 🔥

What's Changed

💰 Bounties Rewarded 💰

Bug Fixes

False Negatives

  • Improved detection in CVE-2020-35338 template (Issue #13676)
  • Enhanced default-asp-net-page template to detect modern ASP.NET welcome pages (Issue #13543)

False Positives

Enhancements

  • Enhanced eclipse-birt-panel template detection (PR #13955)
  • Added missing service tags to improve categorization (PR #13926)
  • Fixed tag typos across multiple templates (PR #13925)
  • Resolved duplicate template ID issue in gradio-lfi (PR #13922, Issue #13917)
  • Enriched GITBLIT template detection (PR #13898)
  • Improved IIS Shortname detection capabilities (PR #13885, Issue #4911)
  • Enhanced CVE-2025-61884 and CVE-2025-61882 templates (PR #13822, Issue #13813)
  • Converted non-CVE templates to proper CVE template format (PR #13797, Issue #13779)
  • Enhanced AEM querybuilder bypass detection (PR #13746)
  • Added HTTP/2 protocol support improvements (Issue #13709)

Templates Added

  • [CVE-2025-64446] FortiWeb - Authentication Bypass (@dhiyaneshdk, @watchtowr, @rapid7, @defusedcyber) [critical] (vKEV) 🔥
  • [CVE-2025-64095] DNN - Unrestricted Arbitrary File Upload (@dhiyaneshdk, @pussycat0x) [critical] 🔥
  • [CVE-2025-61884] Oracle E-Business Suite - SSRF (@Kazgangap) [high] (vKEV) 🔥
  • [CVE-2025-59287] Windows Server Update Service - Insecure Deserialization (@pussycat0x, @princechaddha) [critical] (vKEV) 🔥
  • [CVE-2025-58443] FOGProject <= 1.5.10.1673 - Authentication Bypass (@oleveloper) [critical] 🔥
  • [CVE-2025-55190] ArgoCD Project API Token Repository Credentials Exposure (@nukunga[seunghyeonJeon]) [critical] 🔥
  • [CVE-2025-54253] Adobe Experience Manager - Deserialization (@ritikchaddha, @dhiyaneshdk, @s4e-io) [critical] (vKEV) 🔥
  • [CVE-2025-54236] Adobe Commerce - Authentication Bypass (@dhiyaneshdk, @slcyber, @johnk3r) [critical] (vKEV) 🔥
  • [CVE-2025-52665] UniFi Access - Broken Access Control (@theamanrawat, @dhiyaneshdk) [critical] 🔥
  • [CVE-2025-52472] XWiki - HQL Injection (@ritikchaddha) [high]
  • [CVE-2025-51991] XWiki <= 17.3.0 - Server-Side Template Injection (SSTI) (@0x_Akoko) [critical]
  • [CVE-2025-51990] XWiki – Stored XSS (XSS) (@0x_Akoko) [medium]
  • [CVE-2025-51482] Letta Letta 0.7.12 - RCE (@RaghavArora14) [high]
  • [CVE-2025-44137] MapTiler Tileserver-php v2.0 - Unauth File Read (@0x_Akoko) [high]
  • [CVE-2025-44136] MapTiler Tileserver-php v2.0 - Unauth XSS (@0x_Akoko) [medium]
  • [CVE-2025-41243] Spring Cloud Gateway Server Webflux - Broken Access Control (@Redmomn) [critical] 🔥
  • [CVE-2025-32429] XWiki Platform - SQL Injection (@ritikchaddha) [critical]
  • [CVE-2025-31486] Vite server.fs.deny Bypass - Local File Inclusion (@wn147) [medium]
  • [CVE-2025-24354] Imgproxy < 3.27.2 - SSRF (SSRF) (@oksuzkayra) [medium]
  • [CVE-2025-12480] Triofox - Improper Access Control (@johnk3r, @GTi) [critical]
  • [CVE-2025-12101] Citrix NetScaler ADC & Gateway - Reflected XSS / Open Redirect (@dhiyaneshdk, @watchtowr) [medium] 🔥
  • [CVE-2025-11749] WordPress AI Engine Plugin - Token Exposure (@4m3rr0r) [critical] 🔥
  • [CVE-2025-9985] Featured Image from URL (FIFU) <= 5.2.7 - Unauth Information Exposure via Log File (@zer0p0int) [medium]
  • [CVE-2025-8943] Flowise < 3.0.1 - Remote Command Execution (@zezezez) [critical] 🔥
  • [CVE-2025-6403] Code-Projects School Fees Payment System 1.0 - SQL Injection (@hnd3884) [critical]
  • [CVE-2025-6174] WordPress Qwizcards < 3.95 - XSS (Reflected) (@0x_Akoko) [medium]
  • [CVE-2025-5605] WSO2 Management Console - Authentication Bypass (@dhiyaneshdk) [medium]
  • [CVE-2025-4302] Stop User Enumeration WordPress plugin - Authentication Bypass (@Kazgangap) [medium]
  • [CVE-2025-1550] Keras Model.load_model - Arbitrary Code Execution (@nukunga[seunghyeonJeon]) [critical] 🔥
  • [CVE-2025-1302] JSONPath Plus < 10.3.0 - RCE (@Jaenact) [critical] 🔥
  • [CVE-2025-1023] ChurchCRM - SQL Injection (@Kazgangap) [critical]
  • [CVE-2024-53900] Mongoose < 8.8.3 - RCE (@h4mg) [critical] 🔥
  • [CVE-2024-50857] GestioIP - Reflected XSS (@gaurang) [medium]
  • [CVE-2024-47575] FortiManager Unauth RCE (@0x_Akoko, @pussycat0x, @watchtowr) [critical] (vKEV) 🔥
  • [CVE-2024-37656] GnuBoard5 5.5.16 - Open Redirect (@0x_Akoko) [medium]
  • [CVE-2024-28623] RiteCMS 3.0.0 - XSS (@0x_Akoko) [medium]
  • [CVE-2024-27443] Zimbra Collaboration - XSS (XSS) (@rxerium) [medium] (vKEV) 🔥
  • [CVE-2024-23108] Fortinet FortiSIEM - OS Command Injection (@0x_Akoko) [critical] (vKEV) 🔥
  • [CVE-2024-11238] Landray EKP - Path Traversal (@theamanrawat) [medium]
  • [CVE-2024-10146] Simple File List < 6.1.13 - Reflected XSS (@0x_AKoko) [medium]
  • [CVE-2024-8852] All-in-One WP Migration < 7.87 - Unauth Information Disclosure (@flx) [medium]
  • [CVE-2024-6690] WP Content Copy Protection & No Right Click - Open Redirect (@0x_Akoko) [medium]
  • [CVE-2024-4180] The Events Calendar < 6.4.0.1 - XSS (@0x_Akoko) [medium]
  • [CVE-2024-0801] Arcserve Unified Data Protection - Unauth DoS in ASNative.dll (@daffainfo) [high]
  • [CVE-2024-0799] Arcserve Unified Data Protection - Authentication Bypass (@daffainfo) [critical]
  • [CVE-2023-39121] Emlog 2.1.9 - SQL Injection (@wjch611) [high]
  • [CVE-2023-34048] VMware vCenter Server - Out-of-Bounds Write (@ritikchaddha) [critical] (vKEV) 🔥
  • [CVE-2023-2437] UserPro <= 5.1.1 - Authentication Bypass (@intelligent-ears) [critical] (vKEV) 🔥
  • [CVE-2022-26143] Mitel MiCollab - Information Disclosure & Denial of Service (@theamanrawat) [critical]
  • [CVE-2021-45467] Control Web Panel (CWP) - File Inclusion (@ritikchaddha) [critical] (vKEV) 🔥
  • [CVE-2021-41419] QVIS NVR/DVR - RCE (@Me9187) [critical]
  • [CVE-2021-4374] WordPress Automatic Plugin - Unauth Options Change (@intelligent-ears) [critical]
  • [CVE-2020-14644] Oracle WebLogic Server - RCE (Insecure Deserialization) (@hnd3884) [critical] (vKEV) 🔥
  • [CVE-2019-11507] Pulse Secure Pulse Connect Secure - XSS (Reflected) (@theamanrawat) [medium]
  • [CVE-2019-6443] NTPsec > 1.1.3 - 'ctl_getitem' Out-of-Bounds Read (@pussycat0x, @0x_Akoko) [critical]
  • [CVE-2018-6882] Zimbra Collaboration Suite - XSS (@Sourabh-Sahu) [medium]
  • [k8s-controller-manager-bind-address] Ensure kube-controller-manager --bind-address is set to localhost (@songyaeji) [high]
  • [k8s-scheduler-bind-address] Ensure kube-scheduler --bind-address is set to localhost (@songyaeji) [high]
  • [auto-login-enabled] macOS Automatic Login Enabled (@geeknik) [high]
  • [filevault-disabled] macOS FileVault Disabled (@geeknik) [high]
  • [firewall-disabled] macOS Application Firewall Disabled (@geeknik) [medium]
  • [gatekeeper-disabled] macOS Gatekeeper Disabled (@geeknik) [high]
  • [guest-user-enabled] macOS Guest User Enabled (@geeknik) [medium]
  • [insecure-cron-jobs] macOS World-Writable Cron Jobs (@geeknik) [medium]
  • [insecure-etc-exports-permissions] macOS Insecure /etc/exports Permissions (@geeknik) [high]
  • [insecure-etc-fstab-permissions] macOS Insecure /etc/fstab Permissions (@geeknik) [high]
  • [insecure-etc-hostconfig-permissions] macOS Insecure /etc/hostconfig Permissions (@geeknik) [high]
  • [insecure-etc-inetd-conf-permissions] macOS Insecure /etc/inetd.conf Permissions (@geeknik) [high]
  • [insecure-homebrew-permissions] macOS World-Writable Homebrew Files (@geeknik) [medium]
  • [insecure-launchd-jobs] macOS World-Writable Launchd Jobs (@geeknik) [medium]
  • [insecure-startup-items] macOS World-Writable Startup Items (@geeknik) [medium]
  • [insecure-sudo-timestamp] macOS Excessive Sudo Timestamp Timeout (@geeknik) [medium]
  • [insecure-sudoers-permissions] macOS Insecure /etc/sudoers Permissions (@geeknik) [high]
  • [insecure-tty-permissions] macOS World-Readable TTY Devices (@geeknik) [medium]
  • [insecure-umask] macOS Permissive Umask Configuration (@geeknik) [medium]
  • [sip-disabled] macOS System Integrity Protection (SIP) Disabled (@geeknik) [high]
  • [ssh-service-running] macOS SSH Service Running (@geeknik) [info]
  • [suid-sgid-files] macOS SUID/SGID Files Detection (@geeknik) [high]
  • [dns-axfr-enabled] DNS Zone Transfer Check (AXFR) (@matejsmycka) [medium]
  • [dkim-record-detect] DKIM Record - Detection (@princechaddha) [info]
  • [deep-link-custom-scheme-detect] Android Deep Link - Detect Custom Schemes (@7h3b4dger) [info]
  • [exported-activities] Android Exported Activities - Detect (@7h3b4dger) [info]
  • [exported-broadcast-receivers] Android Exported Broadcast Receivers in AndroidManifest.xml - Detect (@7h3b4dger) [info]
  • [exported-providers] Android Exported Providers - Detect (@7h3b4dger) [info]
  • [exported-services] Android Exported Services - Detect (@7h3b4dger) [info]
  • [webview-file-access-fromfileurl-java] Android WebView File Access from file URLs - Detect in Java sources (@7h3b4dger) [info]
  • [webview-file-access-java] Android File Access - Detect in Java sources (@7h3b4dger) [info]
  • [webview-universal-access-java] Android WebView Universal Access - Detect in Java sources (@7h3b4dger) [info]
  • [churchcrm-default-login] ChurchCRM - Default Login (@Kazgangap) [high]
  • [erpnext-default-login] ERPNext - Default Login (@0x_Akoko) [high]
  • [openwebui-default-login] Open WebUI - Default Login (@matejsmycka) [critical]
  • [cascade-cms-panel] Cascade CMS Panel - Detect (@righettod) [info]
  • [celonis-login-panel] Celonis Login - Panel (@r3dg33k) [info]
  • [churchcrm-panel] ChurchCRM Panel - Detect (@Kazgangap) [info]
  • [monsta-ftp-detect] Monsta FTP - Detect (@rxerium) [info]
  • [unifi-os-panel] UniFi OS - Panel (@Dhiyanesh) [info]
  • [generic-php-files] Generic PHP Backup Information Disclosure (@sheikhrishad, @matejsmycka) [medium]
  • [aem-dispatcher-bypass] Adobe Experience Manager - Dispatcher Bypass (@dhiyaneshdk, @assetnote) [medium]
  • [aem-querybuilder-bypass] AEM QueryBuilder JSON Exposure - Bypass (@tess, @assetnote) [critical]
  • [cockroachdb-information-disclosure] CockroachDB Information Disclosure (@pussycat0x) [medium]
  • [cockroachdb-unauth-exposure] CockroachDB Unauth Console Exposure (@pussycat0x) [high]
  • [churchcrm-installer] ChurchCRM - Setup Exposure (@Kazgangap) [high]
  • [servicenow-stats-page] ServiceNow Stats Page - Detection (@cham423) [info]
  • [servicenow-threads-page] ServiceNow Threads Page - Detection (@cham423) [info]
  • [tomcat-snoop-servlet-exposed] Apache Tomcat - Snoop Servlet Information Disclosure (@Thabisocn) [info]
  • [mailgun-takeover] Mailgun Takeover Detection (@projectdiscoveryai) [medium]
  • [cherrypy-detect] CherryPy Web Server - Detect (@Shivam Kamboj) [info]
  • [flowweb-detect] FlowWeb Web Server - Detection (@Shivam Kamboj) [info]
  • [hedgedoc-detect] HedgeDoc Collaborative Editor - Detect (@Rupendra0) [info]
  • [intel-amt-detect] Intel Active Management Technology Server Detection (@Shivam Kamboj) [info]
  • [ipswitch-imail-detect] Ipswitch IMail Server - Detect (@Shivam Kamboj) [info]
  • [lighttpd-detect] Lighttpd Web Server - Detect (@Shivam Kamboj) [info]
  • [miniupnpd-detect] MiniUPnPd - Detect (@Shivam Kamboj) [info]
  • [websphere-detect] IBM WebSphere Application Server (@Shivam Kamboj) [info]
  • [bentoml-ssrf] Bentoml - Server Side Request Forgery (@ritikchaddha) [critical]
  • [xss-uri-reflected] Reflected XSS (@Nadino, @geeknik, @matejsmycka) [low]
  • [gradio-image-ssrf] Gradio Image Component - SSRF (@ritikchaddha) [high]
  • [gradio-lfi] Gradio - Local File Inclusion (@ritikchaddha) [critical]
  • [cl-te-http-smuggling] Basic CL.TE - HTTP request smuggling (@pdteam, @akincibor) [low]
  • [te-cl-http-smuggling] Basic TE.CL - HTTP Request Smuggling (@pdteam, @akincibor) [low]
  • [unifi-create-user] UniFi - Unauth Creation Access For Users (@dhiyaneshdk) [high]
  • [unifi-nfc-credentials] UniFi - NFC Credentials (@dhiyaneshdk) [high]
  • [vnc-default-login] VNC Default Login (@pussycat0x) [high]
  • [ntp-version-detect] NTP Version Detection (@pussycat0x) [info]
  • [unauth-mqtt-broker] MQTT Unauth Broker - Detect (@matejsmycka) [high]
  • [ntp-enum-variables-enabled] NTP Enum Variables - Enabled (@matejsmycka) [info]
  • [adsb-ultrafeeder-detect] ADSB Ultrafeeder Beast Mode - Detection (@Random-Robbie) [info]
  • [rtl-tcp-server-detect] RTL-TCP Server Detection (@RandomRobbie) [info]
  • [unauth-java-message-broker-detect] Unauth Java Message Broker - Detect (@matejsmycka) [low]

New Contributors

Full Changelog: v10.3.1...v10.3.2

Check out latest releases or
releases around projectdiscovery/nuclei-templates v10.3.2

Don't miss a new nuclei-templates release

NewReleases is sending notifications on new releases.

Get notifications