CVE-2026-41645

A flaw was found in Nuclei, a vulnerability scanner. A malicious target server can inject and execute supported DSL Domain Specific Language expressions within Nuclei's expression evaluation engine. This occurs when HTTP response data containing helper/function syntax is reused by multi-step...

CVE-2026-41645

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP response...

CVE-2026-41645

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP response...

CVE-2026-41282

A flaw was found in ProjectDiscovery Nuclei. This vulnerability allows for DSL Domain Specific Language expression injection when using environment variables for multi-step templates against untrusted targets. An attacker could exploit this by crafting malicious input, potentially leading to...

EUVD-2026-23795

ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...

CVE-2026-41282

ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...

CVE-2026-41282

ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...

CVE-2026-41282

ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...

CVE-2026-41282

ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...

PT-2026-33724

ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...