github projectdiscovery/nuclei-templates v10.3.6
🎄 Nuclei Templates v10.3.6 – Christmas Release Notes
on GitHub

10 hours ago

New Templates Added: 163 | CVEs Added: 57 | First-time contributions: 6 | Bounties rewarded: 4

🔥 Release Highlights 🔥

What's Changed

💰 Bounties Rewarded 💰

Bug Fixes

False Negatives

False Positives

  • Fixed false positives in the following templates:

Enhancements

  • Enhanced WAF detection by adding FortiWEB WAF signatures to waf-detect.yaml (PR #14370).
  • Improved regex matchers in node-exporter-metrics.yaml for better accuracy (PR #14375).
  • Updated awstats-script.yaml template (PR #14413).

Templates Added

  • [CVE-2025-68613] n8n - RCE via Expression Injection (@rxerium, @PentesterFlow, @MuhamadJuwandi) [critical] 🔥
  • [CVE-2025-63387] Dify v1.9.1 - Broken Access Control (@dhiyaneshdk) [medium]
  • [CVE-2025-56819] Datart v1.0.0-rc.3 - RCE (@Redmomn) [critical]
  • [CVE-2025-56266] Avigilon ACM - Host Header Injection (@dhiyaneshdk) [medium]
  • [CVE-2025-55749] XWiki - Information Disclosure (@dhiyaneshdk) [high]
  • [CVE-2025-55184] React Server Components - Denial of Service (@dhiyaneshdk) [high] 🔥
  • [CVE-2025-52970] Fortinet FortiWeb - Authentication Bypass to Admin Privilege (@Sourabh-Sahu) [high] (vKEV) 🔥
  • [CVE-2025-47188] Mitel 6000 - OS Command Injection (@matejsmycka) [critical] (vKEV) 🔥
  • [CVE-2025-37164] HPE OneView - RCE (@dhiyaneshdk) [critical] (vKEV) 🔥
  • [CVE-2025-34299] Monsta FTP <= 2.11.2 - Unauthenticated RCE (@KrE80r) [critical] (vKEV) 🔥
  • [CVE-2025-14611] Gladinet CentreStack & Triofox - Hardcoded Credentials (@0xanis) [critical] (vKEV) 🔥
  • [CVE-2025-13486] Advanced Custom Fields Extended < 0.9.2 - RCE (@0xanis) [critical]
  • [CVE-2025-12139] Integrate Google Drive <= 1.5.3 - Information Disclosure (@meysam Bal-afkan) [high]
  • [CVE-2025-9808] The Events Calendar <= 6.15.2 - Information Disclosure (@zer0p0int) [medium]
  • [CVE-2024-47374] LiteSpeed Cache <= 6.5.0.2 - Stored XSS (@Sourabh-Sahu) [high]
  • [CVE-2024-39646] WordPress Custom 404 Pro <= 3.11.1 - Reflected XSS (@Sourabh-Sahu) [high]
  • [CVE-2024-35694] Wordpress WPMobile.App >= 11.42 - Cross-Site Scripting (@Sourabh-Sahu) [high]
  • [CVE-2024-35693] WordPress 12 Step Meeting List Plugin <= 3.14.33 - Cross-Site Scripting (@intelligent-ears) [medium]
  • [CVE-2024-31223] Fides Privacy Center ≤ 2.39.1 - Server-Side URL Disclosure (@hnd3884) [medium]
  • [CVE-2024-28253] OpenMetaData - SpEL Injection in PUT /api/v1/policies (@daffainfo) [critical]
  • [CVE-2024-28200] N-able N-central < 2024.2 - Authentication Bypass Detection (@rxerium) [critical] (vKEV) 🔥
  • [CVE-2024-25608] Liferay Portal - Open Redirect (@daffainfo) [medium]
  • [CVE-2024-2863] LG LED Assistant - Thumbnail Path Traversal File Upload (@Beginee) [high]
  • [CVE-2024-2862] LG LED Assistant - Unauthenticated Password Reset (@Beginee) [high]
  • [CVE-2023-45038] QNAP Music Station < 5.4.0 - Authentication Bypass (@daffainfo) [medium]
  • [CVE-2023-38952] ZKTeco BioTime <= 9.0.1 - Privilege Escalation (@riteshs4hu) [high]
  • [CVE-2023-27624] WordPress Redirect After Login <= 0.1.9 - Admin Stored XSS (@0x_Akoko) [medium]
  • [CVE-2023-23897] Ozette Plugins - Cross-Site Request Forgery (@popcorn94) [medium]
  • [CVE-2023-7164] WordPress BackWPup < 4.0.4 - Backup File Disclosure (@0x_Akoko) [high]
  • [CVE-2023-6266] WordPress Backup Migration <= 1.3.6 - Path Traversal (@riteshs4hu) [high]
  • [CVE-2023-3388] Beautiful Cookie Consent Banner < 2.10.2 - Cross-Site Scripting (@daffainfo) [high]
  • [CVE-2022-38130] KeySight RF - smsRestoreDatabaseZip UNC path to RCE (@daffainfo, @jjcho) [critical]
  • [CVE-2022-36923] Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils - getUserAPIKey Authentication Bypass (@daffainfo, @jjcho) [high]
  • [CVE-2022-34305] Apache Tomcat Examples Web Application - Cross-Site Scripting (@Sourabh-Sahu) [medium]
  • [CVE-2022-1029] Limit Login Attempts - Stored Cross-Site Scripting (@theamanrawat) [medium]
  • [CVE-2022-0873] WordPress Gmedia Photo Gallery Plugin < 1.20.0 - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2022-0765] WordPress Loco Translate < 2.6.1 - Cross-Site Scripting (@0x_Akoko) [medium]
  • [CVE-2021-37415] Zoho ManageEngine ServiceDesk Plus - Authentication Bypass (@daffainfo, @jjcho) [critical] 🔥
  • [CVE-2021-35042] Django QuerySet.order_by - SQL Injection (@0x_Akoko) [critical] 🔥
  • [CVE-2021-33829] Drupal 7 CKEditor XSS (@0x_Akoko) [medium]
  • [CVE-2021-25082] WordPress Popup Builder < 4.0.7 - RCE (@0x_Akoko) [critical] 🔥
  • [CVE-2021-24681] Duplicate Page WordPress - Stored Cross-Site Scripting (@theamanrawat) [medium]
  • [CVE-2021-24657] Limit Login Attempts WordPress - Stored Cross-site Scripting (@theamanrawat) [medium]
  • [CVE-2021-22175] GitLab CI Lint API - Server-Side Request Forgery (@0x_Akoko) [high]
  • [CVE-2021-20617] Acmailer - Improper Access Control to OS Command Injection (@daffainfo) [critical]
  • [CVE-2021-3007] Laminas Project laminas-http - RCE (@0xanis) [critical]
  • [CVE-2021-2135] Oracle WebLogic Server - RCE (@hnd3884) [critical] (vKEV) 🔥
  • [CVE-2020-26836] SAP Solution Manager - Open Redirect (@gal Nagli, @lrvt) [medium]
  • [CVE-2020-25200] Pritunl VPN Server 1.29.2145.25 - Username Enumeration (@pussycat0x) [medium]
  • [CVE-2020-20627] GiveWP - Missing Authorization to Settings Update (@daffainfo) [medium]
  • [CVE-2020-12832] WordPress Simple File List - Path Traversal (@riteshs4hu) [critical]
  • [CVE-2019-9082] ThinkPHP < 3.2.4 - RCE (@0xanis) [high]
  • [CVE-2019-5591] FortiOS - Insecure LDAP Configuration Detection (@ayewo) [medium]
  • [CVE-2019-4061] IBM BigFix Platform - Information Disclosure (@daffainfo) [medium]
  • [CVE-2017-18580] WordPress Shortcodes Ultimate <= 5.0.0 - Authenticated RCE (@0x_Akoko) [critical]
  • [CVE-2017-17762] Episerver 7 - Blind XML External Entity Injection (@pussycat0x) [high]
  • [CVE-2015-8350] WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS (@0x_Akoko) [medium]
  • [ai-code-execution] AI Code Execution Detection (@princechaddha) [high]
  • [ai-data-exfiltration] AI Data Exfiltration Detection (@princechaddha) [high]
  • [ai-prompt-injection] AI Prompt Injection Detection (@princechaddha) [high]
  • [ai-safety-bypass] AI Safety Control Bypass Detection (@princechaddha) [unknown]
  • [pdfjs-content-spoofing] Mozilla PDF.js - Content Spoofing (@0x_Akoko) [medium]
  • [cisco-esa-panel] Cisco Email Security Appliance - Panel (@rxerium, @darses) [info]
  • [hpe-oneview-panel] HPE OneView - Panel Detect (@rxerium) [info]
  • [temboard-panel] temBoard Panel - Detect (@righettod) [info]
  • [ambassador-api-diagnostics-exposure] Ambassador API Gateway Diagnostics - Exposure (@0x_Akoko) [medium]
  • [wordpress-db-exposure] WordPress Database Backup File - Exposure (@0x_Akoko) [high]
  • [cakefile-exposure] Cakefile - Exposure (@0x_Akoko) [info]
  • [codekit-config-exposure] CodeKit Configuration Exposure (@pussycat0x) [low]
  • [glimpse-data-exposure] Glimpse Diagnostics - Sensitive Data Exposure (@0x_Akoko) [high]
  • [node-repl-history-disclosure] Node.js REPL History Disclosure (@pussycat0x) [low]
  • [phpci-yml] PHPCI Configuration Exposure "phpci.yml" Exposure (@dhiyaneshdk) [info]
  • [python-setup-config] Python Setup Configuration - Exposure (@dhiyaneshdk) [low]
  • [rexify-config-exposure] Rexify Configuration - Exposure (@theamanrawat) [high]
  • [xampp-phpinfo-detect] XAMPP PHP info Page - Detect (@pussycat0x) [low]
  • [eclipse-project-exposure] Eclipse .project Configuration - Exposure (@0x_Akoko) [info]
  • [python-history-disclosure] Python History File Disclosure (@pussycat0x) [low]
  • [wp-w3-total-cache-exposure] WordPress W3 Total Cache - Cache Files Exposure (@pussycat0x) [high]
  • [yarn-integrity-disclosure] Yarn Integrity File Disclosure (@pussycat0x) [info]
  • [bitrix-log-file-disclosure] Bitrix Site Manager - Log File Disclosure (@0x_Akoko) [medium]
  • [wp-easy-google-fonts-log-disclosure] WordPress Easy Google Fonts - Error Log Disclosure (@0x_Akoko) [low]
  • [wp-flexible-shipping-log] WordPress Flexible Shipping - Log File Exposure (@dhiyaneshdk) [medium]
  • [wp-importer-log-disclosure] WordPress Importer - Error Log Disclosure (@0x_Akoko) [low]
  • [wp-pretty-link-log-disclosure] WordPress Pretty Link - Error Log Disclosure (@0x_Akoko) [low]
  • [wp-wps-hide-login-log] WordPress WPS Hide Login - Error Log Disclosure (@pussycat0x) [low]
  • [secrets-patterns-pii] Secrets Patterns (PII) (@dwisiswant0) [info]
  • [apache-mod-negotiation-listing] Apache mod_negotiation - Pseudo Directory Listing (@0x_Akoko) [low]
  • [browserconfig-xml] Browser Configuration "browserconfig.xml" Exposure (@dhiyaneshdk) [info]
  • [buildpath-file-disclosure] .buildpath - File Disclosure (@ritikchaddha) [low]
  • [eslint-ignore-exposure] Eslint Ignore File Exposure (@dhiyaneshdk) [low]
  • [gcs-bucket-listing] Google Cloud Storage - Public Bucket Listing (@0x_Akoko) [unknown]
  • [metabase-installer-exposure] Metabase Installer - Exposure (@0x_Akoko) [high]
  • [jetty-directory-listing] Eclipse Jetty - Directory Listing Enabled (@ritikchaddha) [low]
  • [jfrog-artifactory-exposure] JFrog Artifactory Artifacts Exposure (@dhiyaneshdk) [low]
  • [joomla-registration-enabled] Joomla - User Registration Enabled (@0x_Akoko) [info]
  • [nexus-repository-anonymous-access] Nexus Repository Manager - Anonymous Access Enabled (@0x_Akoko) [medium]
  • [vscode-slnx-sqlite-disclosure] Visual Studio Code - Slnx.SQLite File Disclosure (@ritikchaddha) [high]
  • [nextgen-gallery-pro-error-log] WordPress NextGEN Gallery Pro - Error Log Disclosure (@ritikchaddha) [medium]
  • [wordfence-rules-disclosure] WordPress Wordfence - Rules File Disclosure (@ritikchaddha) [medium]
  • [wordfence-waf-logs-disclosure] WordPress Wordfence - WAF Logs and Data Disclosure (@ritikchaddha) [low]
  • [wordpress-amp-fpd] WordPress AMP - FPD (@pussycat0x) [low]
  • [wordpress-cmb2-fpd] WordPress CMB2 - FPD (@ritikchaddha) [low]
  • [wordpress-imsanity-fpd] WordPress Plugin Imsanity - FPD (@ritikchaddha) [low]
  • [wordpress-storefront-fpd] WordPress Storefront Theme - FPD (@pussycat0x) [low]
  • [wp-add-to-any-fpd] WordPress AddToAny Share Buttons Plugin - FPD (@pussycat0x) [low]
  • [wp-astra-sites-fpd] WordPress Astra Sites - FPD (@ritikchaddha) [low]
  • [wp-beaver-builder-lite-version-fpd] Beaver Builder Page Builder - FPD (@theamanrawat) [low]
  • [wp-cookie-law-info-fpd] WordPress Plugin GDPR Cookie Consent - FPD (@ritikchaddha) [low]
  • [wp-image-widget-fpd] Image Widget - FPD (@theamanrawat) [low]
  • [wp-iwp-client-fpd] WordPress Plugin InfiniteWP Client - FPD (@ritikchaddha) [low]
  • [wp-maintenance-mode-fpd] WordPress WP Maintenance Mode - FPD (@ritikchaddha) [low]
  • [wp-members-error-log-disclosure] WordPress Members / Membership & User Role Editor Plugin - Error Log Disclosure (@ritikchaddha) [low]
  • [wp-migrate-db-fpd] WordPress WP Migrate DB - FPD (@pussycat0x) [low]
  • [wp-oceanwp-fpd] WordPress OceanWP - FPD (@ritikchaddha) [low]
  • [wp-pretty-links-fpd] WordPress Pretty Links - FPD (@ritikchaddha) [low]
  • [wp-rank-math-seo-fpd] WordPress SEO Plugin Rank Math - FPD (@ritikchaddha) [low]
  • [wp-safe-svg-fpd] WordPress Plugin Safe SVG - FPD (@ritikchaddha) [low]
  • [wp-simple-301-redirects-fpd] Simple 301 Redirects - FPD (@theamanrawat) [low]
  • [wp-smushit-fpd] WP Smushit - FPD (@theamanrawat) [low]
  • [wp-svg-support-fpd] WordPress SVG Support - FPD (@pussycat0x) [low]
  • [wp-table-of-contents-plus-fpd] WordPress Table of Contents Plus - FPD (@ritikchaddha) [low]
  • [wp-the-events-calendar-fpd] WordPress The Events Calendar - FPD (@ritikchaddha) [low]
  • [wp-toc-plus-fpd] WordPress Plugin Table of Contents Plus - FPD (@ritikchaddha) [low]
  • [wp-wordfence-fpd] Wordfence - FPD (@theamanrawat) [low]
  • [wp-wp-mail-smtp-fpd] WordPress WP Mail SMTP - FPD (@ritikchaddha) [low]
  • [wp-yith-woocommerce-wishlist-fpd] WordPress YITH WooCommerce Wishlist - FPD (@ritikchaddha) [low]
  • [wp-yoast-seo-fpd] WordPress Yoast SEO - FPD (@ritikchaddha) [low]
  • [x-backend-server-header-detect] X-Backend-Server Header - Exposure (@pussycat0x) [low]
  • [fastcgi-test-page] FastCGI Test Page (@dhiyaneshdk) [info]
  • [krpano-detect] Krpano Panorama Viewer - Detection (@matejsmycka) [info]
  • [cross-site-tracing-xss] Cross Site Tracing - Cross-Site Scripting (@ritikchaddha) [low]
  • [jira-https-mode-open-redirect] JIRA in HTTPS mode - Open Redirect (@0x_Akoko) [medium]
  • [wordpress-meta-box-fpd] WordPress Meta Box - FPD (@pussycat0x) [low]
  • [wp-acf-fpd] Advanced Custom Fields (ACF) - FPD (@theamanrawat) [low]
  • [wp-admin-menu-editor-fpd] Admin Menu Editor - FPD (@theamanrawat) [low]
  • [wp-all-in-one-seo-pack-fpd] WordPress All in One SEO Pack - FPD (@theamanrawat) [low]
  • [wp-all-in-one-wp-security-and-firewall-fpd] All In One WP Security & Firewall - FPD (@theamanrawat) [low]
  • [wp-astra-fpd] WordPress Astra - FPD (@dhiyaneshdk) [low]
  • [wp-better-wp-security-login-disclosure] WordPress Solid Security < 9.0.1 - Unauthenticated Login Page Disclosure (@0x_Akoko) [medium]
  • [wp-buddypress-open-redirect] WordPress BuddyPress < 2.9.2 - Authenticated Open Redirect (@0x_Akoko) [low]
  • [wp-caldera-forms-xss] Caldera Forms <= 1.5.4 - Cross-Site Scripting (@theamanrawat) [medium]
  • [wp-contact-form-7-fpd] WordPress Contact Form 7 - FPD (@pussycat0x) [low]
  • [wp-contact-form-fpd] WordPress Contact Form - FPD (@pussycat0x) [low]
  • [wp-duplicate-post-fpd] Duplicate Post - FPD (@theamanrawat) [low]
  • [wp-duracelltomi-google-tag-manager-fpd] WordPress Plugin Google Tag Manager - FPD (@dhiyaneshdk) [low]
  • [wp-easy-fancybox-fpd] Easy FancyBox - FPD (@theamanrawat) [low]
  • [wp-google-analytics-fpd] WordPress Google Analytics - FPD (@0x_Akoko) [info]
  • [wp-google-site-kit-fpd] WordPress Plugin Site Kit by Google - FPD (@0x_Akoko) [info]
  • [wp-googlecaptcha-fpd] WordPress Plugin reCaptcha by BestWebSoft (google-captcha) - FPD (@dhiyaneshdk) [low]
  • [wp-hello-dolly-fpd] WordPress Plugin Hello Dolly - FPD (@dhiyaneshdk) [low]
  • [wp-intuitive-custom-post-order-fpd] WordPress Plugin Intuitive Custom Post Order - FPD (@dhiyaneshdk) [low]
  • [wp-jetpack-fpd] JetPack - FPD (@theamanrawat) [low]
  • [wp-megamenu-fpd] WordPress Plugin Max Mega Menu (megamenu) - FPD (@dhiyaneshdk) [low]
  • [wp-newsletter-fpd] WordPress Plugin Newsletter - FPD (@dhiyaneshdk) [low]
  • [wp-pagenavi-fpd] WordPress WP-PageNavi - FPD (@dhiyaneshdk) [low]
  • [wp-responsive-fpd] WordPress Coming Soon Page - FPD (@dhiyaneshdk) [low]
  • [wp-sg-cachepress-fpd] WordPress Plugin SG Optimizer - FPD (@dhiyaneshdk) [low]
  • [wp-ssl-insecure-content-fixer-fpd] WordPress Plugin SSL Insecure Content Fixer - FPD (@dhiyaneshdk) [low]
  • [wp-super-cache-fpd] WordPress WP Super Cache - FPD (@dhiyaneshdk) [low]
  • [wp-widget-logic-fpd] WordPress Widget Logic - FPD (@dhiyaneshdk) [low]
  • [wp-woocommerce-admin-fpd] WordPress Plugin WooCommerce Admin (woocommerce-admin) FPD (@dhiyaneshdk) [low]
  • [wp-worker-fpd] WordPress ManageWP Worker - FPD (@dhiyaneshdk) [low]
  • [apache-kvrocks-exposed] Apache Kvrocks - Exposed (@icarot) [high]

New Contributors

Full Changelog: v10.3.5...v10.3.6

Check out latest releases or
releases around projectdiscovery/nuclei-templates v10.3.6

Don't miss a new nuclei-templates release

NewReleases is sending notifications on new releases.

Get notifications