558 matches found
CVE-2026-41282
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
CVE-2026-41282
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
CVE-2021-26947
creationtimestamp| type| source ---|---|--- 2026-04-20 05:29:04+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-26947.yaml...
PT-2026-33724
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
Nuclei 安全漏洞
Nuclei is a fast-customizable vulnerability scanner based on simple YAML, open-sourced by ProjectDiscovery. Versions of Nuclei prior to 3.8.0 have security vulnerabilities, which stem from DSL expression injection and may affect the use of multi-step templates...
CVE-2026-2262
creationtimestamp| type| source ---|---|--- 2026-04-18 01:18:04+00:00| published-proof-of-concept| Telegram/u5f3Gra6Haipf3VJEB4yu-gwc95-0FLxvYnhbIvKSTo7fn8 2026-04-21 03:41:01+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/CVE-2026-2262.yaml 2026-04-22...
CVE-2026-40887
creationtimestamp| type| source ---|---|--- 2026-04-17 06:31:34+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-40887.yaml 2026-04-19 21:03:03+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mjuu2zdoll2i 2026-04-21...
CVE-2026-21484
creationtimestamp| type| source ---|---|--- 2026-04-15 06:48:35+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-21484.yaml 2026-04-17 21:02:33+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mjpt4bq5ps2r...
CVE-2026-4106
creationtimestamp| type| source ---|---|--- 2026-04-12 01:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/79929 2026-04-12 02:46:41+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-4106.yaml 2026-04-12 03:00:07+00:00|...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: vexctl, hubble, grpcurl, kaf, etcd, gitness, chartmuseum, witness, kubernetes-dashboard-api, flux-image-reflector-controller, helm-mapkubeapis, secrets-store-csi-driver-provider-azure, aws-flb-kinesis, gcsfuse, grafana, terraform-provider-tls,...
GHSA-XMRV-PMRH-HHX2 vulnerabilities
Vulnerabilities for packages: terragrunt, aws-nuke, ksops, rekor, grafana, teleport, aws-otel-collector, crossplane-provider-aws-kinesis, crossplane-provider-aws-elasticache, crossplane-provider-aws-s3, zot, velero, litestream, k8sgpt, steampipe, grype, vault-secrets-webhook,...
GHSA-XMRV-PMRH-HHX2 vulnerabilities
Vulnerabilities for packages: spire-server-fips, commercial-grafana, dapr, gitaly, kaniko, crossplane-provider-aws-ec2, crossplane-provider-aws-memorydb-fips, crossplane-provider-aws-sqs-fips, weaviate, percona-server-mongodb-operator, docker, crossplane-provider-aws-ssm, cerbos,...
CVE-2023-6825
creationtimestamp| type| source ---|---|--- 2026-04-08 14:00:52+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2023/CVE-2023-6825.yaml 2026-04-10 21:03:06+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mj67urtpyt27...
CVE-2026-25616
creationtimestamp| type| source ---|---|--- 2026-04-08 04:11:57+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-25616.yaml 2026-04-10 21:03:15+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mj67usncez2x...
CVE-2026-39987
creationtimestamp| type| source ---|---|--- 2026-04-08 04:00:00+00:00| published-proof-of-concept| https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc 2026-04-09 04:00:00+00:00| exploited|...
CVE-2026-39365
creationtimestamp| type| source ---|---|--- 2026-04-06 12:13:21+00:00| published-proof-of-concept| https://github.com/vitejs/vite/security/advisories/GHSA-4w7w-66w2-5vf9 2026-04-06 12:13:21+00:00| published-proof-of-concept| https://github.com/vitejs/vite/security/advisories/GHSA-4w7w-66w2-5vf9...
CVE-2026-28358
creationtimestamp| type| source ---|---|--- 2026-04-02 04:59:00+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-28358.yaml...
RuleForge: Automated Generation and Validation for Web Vulnerability Detection at Scale
Security teams face a challenge: the volume of newly disclosed Common Vulnerabilities and Exposures CVEs far exceeds the capacity to manually develop detection mechanisms. In 2025, the National Vulnerability Database published over 48,000 new vulnerabilities, motivating the need for automation. W...
CVE-2026-32285 vulnerabilities
Vulnerabilities for packages: eksctl, lazygit, goreleaser, nfpm, dagger, terragrunt, loki, witness, grafana, teleport, minio, ollama, prometheus, gitlab-runner, maru, malcontent, rclone, k8sgpt, dgraph, grafana-alloy, datadog-agent, terraform-mcp-server, redpanda, cri-tools, kubevela, vcluster,...
CVE-2025-54597
creationtimestamp| type| source ---|---|--- 2026-03-31 00:56:22+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-54597.yaml 2026-04-01 21:02:38+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mihlnmpohj2l...