11 matches found
CVE-2026-41645
A flaw was found in Nuclei, a vulnerability scanner. A malicious target server can inject and execute supported DSL Domain Specific Language expressions within Nuclei's expression evaluation engine. This occurs when HTTP response data containing helper/function syntax is reused by multi-step...
CVE-2026-41282
A flaw was found in ProjectDiscovery Nuclei. This vulnerability allows for DSL Domain Specific Language expression injection when using environment variables for multi-step templates against untrusted targets. An attacker could exploit this by crafting malicious input, potentially leading to...
EUVD-2026-23795
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the -env-vars process when multi-step templates are used against untrusted targets. An attacker can execute arbitrary code by injecting malicious DSL expressions. This is only exploitable if multi-step...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the -env-vars process when multi-step templates are used against untrusted targets. An attacker can execute arbitrary code by injecting malicious DSL expressions. This is only exploitable if multi-step...
CVE-2026-41282
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
CVE-2026-41282
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
CVE-2026-41282
Summary: CVE-2026-41282 affects ProjectDiscovery Nuclei prior to 3.8.0, where DSL expression injection is possible when using -env-vars for multi-step templates against untrusted targets configured non-defaultly. The Red Hat advisory describes a flaw enabling DSL injection that could lead to unau...
CVE-2026-41282
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
PT-2026-33724
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
Nuclei 安全漏洞
Nuclei is a fast-customizable vulnerability scanner based on simple YAML, open-sourced by ProjectDiscovery. Versions of Nuclei prior to 3.8.0 have security vulnerabilities, which stem from DSL expression injection and may affect the use of multi-step templates...