projectdiscovery/nuclei-templates v9.6.2

on GitHub

🔥 Highlight of this release:

[CVE-2023-38035] Ivanti Sentry - Authentication Bypass (@dhiyaneshdk,@iamnoooob,@rootxharsh) [critical] 🔥
[CVE-2022-47615] LearnPress Plugin < 4.2.0 - Local File Inclusion (@dhiyaneshdk) [critical] 🔥
[CVE-2022-46463] Harbor <=2.5.3 - Unauthorized Access (@arm!tage) [high] 🔥
[CVE-2022-39986] RaspAP 2.8.7 - Unauthenticated Command Injection (@dhiyaneshdk) [critical] 🔥
[CVE-2019-17662] ThinVNC 1.0b1 - Authentication Bypass (@dhiyaneshdk) [critical] 🔥

What's Changed

New Templates Added : 60

New CVEs Added: 15

First-time contributions: 7

• http/cves/2023/CVE-2023-39141.yaml by @dhiyaneshdk
• http/cves/2023/CVE-2023-38035.yaml by @dhiyaneshdk,@iamnoooob,@rootxharsh 🔥
• http/cves/2023/CVE-2023-4173.yaml by @momika233
• http/cves/2023/CVE-2023-3936.yaml by @luisfelipe146
• http/cves/2022/CVE-2022-47615.yaml by @dhiyaneshdk 🔥
• http/cves/2022/CVE-2022-46463.yaml by @arm!tage 🔥
• http/cves/2022/CVE-2022-39986.yaml by @dhiyaneshdk 🔥
• http/cves/2022/CVE-2022-1756.yaml by harsh
• http/cves/2021/CVE-2021-41460.yaml by @SleepingBag945
• http/cves/2021/CVE-2021-25065.yaml by harsh
• http/cves/2021/CVE-2021-24956.yaml by @ritikchaddha
• http/cves/2021/CVE-2021-24409.yaml by harsh
• http/cves/2019/CVE-2019-17662.yaml by @dhiyaneshdk 🔥
• http/cves/2019/CVE-2019-1898.yaml by @SleepingBag945
• http/cves/2015/CVE-2015-9323.yaml by Harsh
• http/cnvd/2023/CNVD-2023-08743.yaml by @SleepingBag945
• http/vulnerabilities/74cms/74cms-weixin-sqli.yaml by @SleepingBag945
• http/vulnerabilities/finereport/fine-report-v9-file-upload.yaml by @SleepingBag945
• http/vulnerabilities/jinhe/jinhe-oa-c6-lfi.yaml by @SleepingBag945
• http/vulnerabilities/other/apache-druid-log4j.yaml by @SleepingBag945
• http/vulnerabilities/other/aspcms-commentlist-sqli.yaml by @SleepingBag945
• http/vulnerabilities/other/caimore-gateway-rce.yaml by @momika233
• http/vulnerabilities/other/flir-ax8-rce.yaml by @momika233
• http/vulnerabilities/other/h3c-cvm-arbitrary-file-upload.yaml by @SleepingBag945
• http/vulnerabilities/other/hanta-rce.yaml by @momika233
• http/vulnerabilities/other/hikvision-isecure-center-rce.yaml by @SleepingBag945
• http/vulnerabilities/other/hongfan-ioffice-lfi.yaml by @SleepingBag945
• http/vulnerabilities/other/hongfan-ioffice-rce.yaml by @SleepingBag945
• http/vulnerabilities/other/hongfan-ioffice-sqli.yaml by @SleepingBag945
• http/vulnerabilities/other/landray-oa-erp-data-rce.yaml by @SleepingBag945
• http/vulnerabilities/other/maltrail-rce.yaml by @pussycat0x
• http/vulnerabilities/other/nacos-auth-bypass.yaml by @taielab,@pikpikcu,@SleepingBag945
• http/vulnerabilities/ruijie/ruijie-excu-shell.yaml by @momika233
• http/vulnerabilities/wordpress/wp-real-estate-xss.yaml by harsh
• http/misconfiguration/apache/apache-couchdb-unauth.yaml by @SleepingBag945
• http/misconfiguration/chatgpt-web-unauth.yaml by @SleepingBag945
• http/misconfiguration/feiyuxing-info-leak.yaml by @SleepingBag945
• http/misconfiguration/hikivision-env.yaml by @SleepingBag945
• http/misconfiguration/request-baskets-exposure.yaml by @dhiyaneshdk
• http/misconfiguration/unauth-redis-insight.yaml by @ggranjus
• http/default-logins/apache/kylin-default-login.yaml by @SleepingBag945
• http/default-logins/caimore/caimore-default-login.yaml by @pussycat0x
• http/default-logins/easyreport/easyreport-default-login.yaml by @SleepingBag945
• http/default-logins/feiyuxing/feiyuxing-default-login.yaml by @SleepingBag945
• http/default-logins/nacos/nacos-default-login.yaml by @SleepingBag945
• http/exposures/files/core-dump.yaml by @kazet
• http/exposed-panels/dell-bmc-panel-detect.yaml by @MegaManSec
• http/exposed-panels/ibm-openadmin-panel.yaml by @dhiyaneshdk
• http/exposed-panels/kasm-login-panel.yaml by @lum8rjack
• http/exposed-panels/maltrail-panel.yaml by @ritikchaddha
• http/exposed-panels/metasploit-panel.yaml by @lu4nx
• http/exposed-panels/navicat-server-panel.yaml by @ritikchaddha
• http/miscellaneous/defaced-website-detect.yaml by @ggranjus
• http/technologies/besu-server-detect.yaml by @nullfuzz
• http/technologies/erigon-server-detect.yaml by @nullfuzz
• http/technologies/geth-server-detect.yaml by @nullfuzz
• http/technologies/nethermind-server-detect.yaml by @nullfuzz
• network/jarm/c2/havoc-c2-jarm.yaml by @pussycat0x
• ssl/c2/havoc-c2.yaml by @pussycat0x
• http/osint/vampr.yaml by @MillerMedia

New Contributors

• @Lucky-Pulse made their first contribution in #7935
• @iamxhunt3r made their first contribution in #7943
• @Yoyoda75 made their first contribution in #7950
• @pphuahua made their first contribution in #7941
• @adrlsx made their first contribution in #8009
• @tstromberg made their first contribution in #8058
• @luisfelipe146 made their first contribution in #8064

Full Changelog: v9.6.1...v9.6.2