projectdiscovery/nuclei-templates v9.5.5

on GitHub

What's Changed

🔥 Highlights of this release:

[CVE-2023-30777] Advanced Custom Fields < 6.1.6 - Cross-Site Scripting (@r3y3r53) [medium] 🔥
[CVE-2023-28121] WooCommerce Payments - Unauthorized Admin Access (@dhiyaneshdk) [critical] 🔥
[CVE-2023-2822] Ellucian Ethos Identity CAS - Cross-Site Scripting (@guax1) [medium] 🔥
[CVE-2023-0297] PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE) (@MrHarshvardhan,@dhiyaneshdk) [critical] 🔥
[CVE-2022-4295] Show all comments < 7.0.1 - Cross-Site Scripting (@r3y3r53) [medium] 🔥

New Templates Added: 90

New CVEs Added: 41

• http/cves/2023/CVE-2023-36346.yaml by @r3Y3r53
• http/cves/2023/CVE-2023-36289.yaml by @theamanrawat
• http/cves/2023/CVE-2023-36287.yaml by @theamanrawat
• http/cves/2023/CVE-2023-33439.yaml by @harsh
• http/cves/2023/CVE-2023-30777.yaml by @r3Y3r53 🔥
• http/cves/2023/CVE-2023-30256.yaml by @theamanrawat
• http/cves/2023/CVE-2023-2822.yaml by @Guax1 🔥
• http/cves/2023/CVE-2023-28121.yaml by @DhiyaneshDK 🔥
• http/cves/2023/CVE-2023-2272.yaml by @r3Y3r53
• http/cves/2023/CVE-2023-2252.yaml by @r3Y3r53
• http/cves/2023/CVE-2023-2023.yaml by @r3Y3r53
• http/cves/2023/CVE-2023-1890.yaml by @r3Y3r53
• http/cves/2023/CVE-2023-1835.yaml by @r3Y3r53
• http/cves/2023/CVE-2023-1730.yaml by @theamanrawat
• http/cves/2023/CVE-2023-0514.yaml by @r3Y3r53
• http/cves/2023/CVE-2023-0297.yaml by @MrHarshvardhan, @DhiyaneshDk 🔥
• http/cves/2022/CVE-2022-44952.yaml by @r3Y3r53
• http/cves/2022/CVE-2022-44951.yaml by @r3Y3r53
• http/cves/2022/CVE-2022-44950.yaml by @r3Y3r53
• http/cves/2022/CVE-2022-44949.yaml by @r3Y3r53
• http/cves/2022/CVE-2022-44948.yaml by @r3Y3r53
• http/cves/2022/CVE-2022-44947.yaml by @r3Y3r53
• http/cves/2022/CVE-2022-44946.yaml by @r3Y3r53
• http/cves/2022/CVE-2022-44944.yaml by @r3Y3r53
• http/cves/2022/CVE-2022-43185.yaml by @r3Y3r53
• http/cves/2022/CVE-2022-43170.yaml by @r3Y3r53
• http/cves/2022/CVE-2022-43169.yaml by @r3Y3r53
• http/cves/2022/CVE-2022-43167.yaml by @r3Y3r53
• http/cves/2022/CVE-2022-43166.yaml by @r3Y3r53
• http/cves/2022/CVE-2022-43165.yaml by @r3Y3r53
• http/cves/2022/CVE-2022-43164.yaml by @r3Y3r53
• http/cves/2022/CVE-2022-4295.yaml by @r3Y3r53 🔥
• http/cves/2020/CVE-2020-35987.yaml by @r3Y3r53
• http/cves/2020/CVE-2020-35986.yaml by @r3Y3r53
• http/cves/2020/CVE-2020-35985.yaml by @r3Y3r53
• http/cves/2020/CVE-2020-35984.yaml by @r3Y3r53
• http/cves/2020/CVE-2020-19515.yaml by @theamanrawat
• http/cves/2019/CVE-2019-8390.yaml by @theamanrawat
• http/cves/2019/CVE-2019-14789.yaml by @r3Y3r53
• http/cves/2018/CVE-2018-6530.yaml by @gy741
• http/cves/2012/CVE-2012-5321.yaml by @ctflearner
• http/cnvd/2022/CNVD-2022-86535.yaml by @arliya,@ritikchaddha
• http/vulnerabilities/other/sitemap-sql-injection.yaml by @aravind
• http/vulnerabilities/wordpress/contus-video-gallery-sqli.yaml by @theamanrawat
• http/vulnerabilities/wordpress/leaguemanager-sql-injection.yaml by @theamanrawat
• http/vulnerabilities/wordpress/notificationx-sqli.yaml by @theamanrawat
• http/vulnerabilities/wordpress/zero-spam-sql-injection.yaml by @theamanrawat
• http/default-logins/esafenet-cdg-default-login.yaml by @chesterblue
• http/default-logins/leostream/leostream-default-login.yaml by @bhutch
• http/default-logins/pyload/pyload-default-login.yaml by @DhiyaneshDk
• http/misconfiguration/proxy/open-proxy-external.yaml by @gtrrnr
• http/misconfiguration/unauth-temporal-web-ui.yaml by @ggranjus
• network/misconfig/apache-dubbo-unauth.yaml by @j4vaovo
• network/misconfig/apache-rocketmq-broker-unauth.yaml by @j4vaovo
• http/exposures/configs/collibra-properties.yaml by @0xPugazh
• http/exposures/files/pnpm-lock.yaml by @noraj
• http/exposures/tokens/adafruit/adafruit-api-key.yaml by @DhiyaneshDK
• http/exposures/tokens/adobe/adobe-client-id.yaml by @DhiyaneshDK
• http/exposures/tokens/airtable/airtable-api-key.yaml by @DhiyaneshDK
• http/exposures/tokens/algolia/algolia-api-key.yaml by @DhiyaneshDK
• http/exposures/tokens/alibaba/alibaba-accesskey-id.yaml by @DhiyaneshDK
• http/exposures/tokens/alibaba/alibaba-secretkey-id.yaml by @DhiyaneshDK
• http/exposures/tokens/asana/asana-client-id.yaml by @DhiyaneshDK
• http/exposures/tokens/asana/asana-client-secret.yaml by @DhiyaneshDK
• http/exposures/tokens/atlassian-token.yaml by @DhiyaneshDK
• http/exposed-panels/arangodb-web-Interface.yaml by @pussycat0x
• http/exposed-panels/arcserve-panel.yaml by @DhiyaneshDk
• http/exposed-panels/c2/hookbot-rat.yaml by @pussycat0x
• http/exposed-panels/c2/mystic-stealer.yaml by @pussycat0x
• http/exposed-panels/cloudpanel-login.yaml by @DhiyaneshDk
• http/exposed-panels/dell-idrac.yaml by @kazet
• http/exposed-panels/efak-login-panel.yaml by @irshad ahamed
• http/exposed-panels/pritunl-panel.yaml by @irshad ahamed
• http/exposed-panels/pyload-panel.yaml by @DhiyaneshDk
• http/exposed-panels/qdpm-login-panel.yaml by @theamanrawat
• http/exposed-panels/shell-box.yaml by @irshad ahamed
• http/exposed-panels/untangle-admin-login.yaml by @irshad ahamed
• http/exposed-panels/uptime-kuma-panel.yaml by @irshad ahamed
• file/keys/adafruit-key.yaml by @DhiyaneshDK
• file/keys/adobe/adobe-client.yaml by @DhiyaneshDK
• file/keys/airtable-key.yaml by @DhiyaneshDK
• file/keys/algolia-key.yaml by @DhiyaneshDK
• file/keys/alibaba/alibaba-key-id.yaml by @DhiyaneshDK
• file/keys/alibaba/alibaba-secret-id.yaml by @DhiyaneshDK
• file/keys/asana/asana-clientid.yaml by @DhiyaneshDK
• file/keys/asana/asana-clientsecret.yaml by @DhiyaneshDK
• file/keys/atlassian/atlassian-api-token.yaml by @DhiyaneshDK
• file/webshell/asp-webshell.yaml by @lu4nx
• file/webshell/jsp-webshell.yaml by @lu4nx
• file/webshell/php-webshell.yaml by @lu4nx

New Contributors

• @ghoeffner made their first contribution in #7603
• @mosesrenegade made their first contribution in #7604
• @ErikOwen made their first contribution in #7344
• @Marcuccio made their first contribution in #7614
• @Armandhe-China made their first contribution in #6405
• @aravindb26 made their first contribution in #7372

Full Changelog: v9.5.4...v9.5.5