github projectdiscovery/nuclei-templates v9.8.8
on GitHub

latest releases: v9.9.0, v9.8.9
18 days ago

🔥 Release Highlights 🔥

  • [CVE-2024-27348] Apache HugeGraph-Server - Remote Command Execution (@dhiyaneshdk) [high] 🔥
  • [CVE-2024-24919] Check Point Quantum Gateway - Information Disclosure (@johnk3r) [high] 🔥
  • [CVE-2024-21683] Atlassian Confluence Data Center and Server - Remote Code Execution (@pdresearch) [high] 🔥
  • [CVE-2024-4358] Progress Telerik Report Server - Authentication Bypass (@dhiyaneshdk) [critical] 🔥
  • [CVE-2024-3495] Wordpress Country State City Dropdown <=2.7.2 - SQL Injection (@apple) [critical] 🔥

What's Changed

New Templates Added: 77 | CVEs Added: 17 | First-time contributions: 8

What's Changed

  • [CVE-2024-34470] HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion (@topscoder) [high]
  • [CVE-2024-27348] Apache HugeGraph-Server - Remote Command Execution (@dhiyaneshdk) [high] 🔥
  • [CVE-2024-25723] ZenML ZenML Server - Improper Authentication (@david Botelho Mariano) [critical]
  • [CVE-2024-24919] Check Point Quantum Gateway - Information Disclosure (@johnk3r) [high] 🔥
  • [CVE-2024-21683] Atlassian Confluence Data Center and Server - Remote Code Execution (@pdresearch) [high] 🔥
  • [CVE-2024-5230] FleetCart 4.1.1 - Information Disclosure (@SecurityForEveryone) [medium]
  • [CVE-2024-4358] Progress Telerik Report Server - Authentication Bypass (@dhiyaneshdk) [critical] 🔥
  • [CVE-2024-3822] Base64 Encoder/Decoder <= 0.9.2 - Cross-Site Scripting (@omranisecurity) [medium]
  • [CVE-2024-3495] Wordpress Country State City Dropdown <=2.7.2 - SQL Injection (@apple) [critical] 🔥
  • [CVE-2024-1380] Relevanssi (A Better Search) <= 4.22.0 - Query Log Export (@flx) [medium]
  • [CVE-2023-48084] Nagios XI < 5.11.3 - SQL Injection (@ritikchaddha) [critical]
  • [CVE-2023-35162] XWiki < 14.10.5 - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2023-3077] MStore API < 3.9.8 - SQL Injection (@dhiyaneshdk) [critical]
  • [CVE-2023-2059] DedeCMS 5.7.87 - Directory Traversal (@pussycat0x) [medium]
  • [CVE-2022-34534] Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure (@ritikchaddha) [high]
  • [CVE-2022-1580] Site Offline WP Plugin < 1.5.3 - Authorization Bypass (@Kazgangap) [medium]
  • [CVE-2022-0666] Microweber < 1.2.11 - CRLF Injection (@ritikchaddha) [high]
  • [sns-topic-public-accessible] Public Access of SNS Topics via Policy (@Ritesh_Gohil(#L4stPL4Y3R)) [high]
  • [webpack-sourcemap] Webpack Sourcemap (@Lucky0x0D, @PulseSecurity.co.nz) [low]
  • [CNVD-2024-15077] AJ-Report Open Source Data Screen - Remote Code Execution (@pussycat0x) [high]
  • [ampjuke-default-login] AmpJuke - Default Login (@ritikchaddha) [high]
  • [cambium-networks-default-login] Canopy 5.7GHz Access Point - Default Login (@defektive) [high]
  • [digital-watchdog-default-login] Digital Watchdog - Default Login (@omranisecurity) [high]
  • [busybox-repository-browser] Busybox Repository Browser - Detect (@ritikchaddha) [info]
  • [cisco-firepower-panel] Cisco Firepower Management Center login - Detect (@charles D) [info]
  • [cox-business-panel] Cox Business Dominion Gateway Login Panel - Detect (@dhiyaneshdk) [info]
  • [digital-watchdog-panel] Digital Watchdog - Detect (@ritikchaddha) [info]
  • [f5-admin-interface] F5 Admin Interface - Detect (@drewvravick) [info]
  • [fortisiem-panel] FortiSIEM Login Panel - Detect (@pussycat0x) [info]
  • [oracle-access-management] Oracle Access Management Login Panel - Detect (@righettod) [info]
  • [oracle-peoplesoft-panel] Oracle PeopleSoft Login Panel - Detect (@idealphase, @righettod) [info]
  • [vrealize-hyperic-panel] vRealize Hyperic Login Panel - Detect (@charles D) [info]
  • [wechat-corpsecret-key] Enterprise WeChat Corpsecret Key (@N0el4kLs) [info]
  • [netgear-boarddataww-rce] Netgear Devices boardDataWW.php - Unauth RCE (@pussycat0x) [critical]
  • [directory-listing] Directory Listing Enabled (@themiddle) [low]
  • [dont-panic-traceback] DON'T PANIC Traceback (@ritikchaddha) [low]
  • [cowboy-detect] Cowboy - Detect (@Sechunt3r) [info]
  • [gabia-server-detect] Gabia Server - Detection (@jadu101) [info]
  • [gotweb-detect] GotWeb Detect (@lu4nx) [info]
  • [sparklighter-detect] Spark Lighter Detection (@icarot) [info]
  • [aquatronica-info-leak] Aquatronica Control System 5.1.6 - Information Disclosure (@SecurityForEveryone) [high]
  • [array-vpn-lfi] Array VPN - Arbitrary File Reading Vulnerability (@pussycat0x) [high]
  • [cerio-dt-rce] CERIO-DT Interface - Command Execution (@pussycat0x) [critical]
  • [easycvr-info-leak] EasyCVR video management - Users Information Exposure (@pussycat0x) [high]
  • [proftpd-backdoor] ProFTPd-1.3.3c - Backdoor Command Execution (@pussycat0x) [critical]
  • [samba-detect] Samba - Detection (@pussycat0x) [info]
  • [rsync-list-modules] Rsync List Modules - Enumeration (@pussycat0x) [low]
  • [bitvise-detect] SSH Bitvise Service - Detect (@abdullahisik) [info]
  • [activecollab-installer] ActiveCollab Installation Page - Exposure (@dhiyaneshdk) [high]
  • [call-com-installer] Call.com Setup Page - Exposure (@dhiyaneshdk) [high]
  • [cms-made-simple-installer] CMS Made Simple Installation Page - Exposure (@dhiyaneshdk) [high]
  • [confluence-installer] Confluence Installation Page - Exposure (@dhiyaneshdk) [high]
  • [cubebackup-setup-installer] CubeBackup Setup Page - Exposure (@dhiyaneshdk) [high]
  • [easy-wi-installer] Easy-WI Installation Page - Exposure (@dhiyaneshdk) [high]
  • [ejbca-enterprise-installer] EJBCA Enterprise Cloud Configuration Wizard - Exposure (@dhiyaneshdk) [high]
  • [flarum-installer] Flarum Installation Page - Exposure (@dhiyaneshdk) [high]
  • [fleetcart-installer] FleetCart Installation Page - Exposure (@dhiyaneshdk) [high]
  • [glpi-installer] GLPI Installation Page - Exposure (@dhiyaneshdk) [high]
  • [invicti-enterprise-installer] Invicti Enterprise Installation Page - Exposure (@dhiyaneshdk) [high]
  • [invoice-ninja-installer] Invoice Ninja Setup Page - Exposure (@dhiyaneshdk) [high]
  • [jfa-go-installer] jfa-go Setup Page - Exposure (@dhiyaneshdk) [high]
  • [justfans-installer] JustFans Installation Page - Exposure (@dhiyaneshdk) [high]
  • [librenms-installer] LibreNMS Installation Page - Exposure (@dhiyaneshdk) [high]
  • [mura-cms-setup-installer] Mura CMS Setup Page - Exposure (@dhiyaneshdk) [high]
  • [onlyoffice-installer] OnlyOffice Wizard Page - Exposure (@dhiyaneshdk) [high]
  • [openemr-setup-installer] OpenEMR Setup Installation Page - Exposure (@dhiyaneshdk) [high]
  • [orchard-installer] Orchard Setup Wizard - Exposure (@dhiyaneshdk) [high]
  • [pandora-fms-installer] Pandora FMS Installation Page - Exposure (@dhiyaneshdk) [high]
  • [profittrailer-installer] ProfitTrailer Setup Page - Exposure (@dhiyaneshdk) [high]
  • [projectsend-installer] ProjectSend Installation Page - Exposure (@dhiyaneshdk) [high]
  • [snipe-it-installer] Snipe-IT Setup Page - Exposure (@dhiyaneshdk) [high]
  • [stackposts-installer] StackPosts Installation Page - Exposure (@dhiyaneshdk) [high]
  • [tastyigniter-installer] TastyIgniter Setup Page - Exposure (@dhiyaneshdk) [high]
  • [ubersmith-installer] Ubersmith Setup Page - Exposure (@dhiyaneshdk) [high]
  • [uvdesk-helpdesk-installer] UVDesk Helpdesk Installation Page - Exposure (@dhiyaneshdk) [high]
  • [virtual-smartzone-installer] Virtual SmartZone Setup Wizard - Exposure (@dhiyaneshdk) [high]
  • [wowonder-installer] WoWonder Installation Page - Exposure (@dhiyaneshdk) [high]

New Contributors

Full Changelog: v9.8.7...v9.8.8

Check out latest releases or
releases around projectdiscovery/nuclei-templates v9.8.8

Don't miss a new nuclei-templates release

NewReleases is sending notifications on new releases.

Get notifications