Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/05/12 6:1 p.m.12 views

CVE-2026-41645

A flaw was found in Nuclei, a vulnerability scanner. A malicious target server can inject and execute supported DSL Domain Specific Language expressions within Nuclei's expression evaluation engine. This occurs when HTTP response data containing helper/function syntax is reused by multi-step...

5.3CVSS5.8AI score0.00344EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/20 11:33 a.m.5 views

CVE-2026-41282

A flaw was found in ProjectDiscovery Nuclei. This vulnerability allows for DSL Domain Specific Language expression injection when using environment variables for multi-step templates against untrusted targets. An attacker could exploit this by crafting malicious input, potentially leading to...

7.5CVSS5.7AI score0.0025EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/20 9:30 a.m.6 views

EUVD-2026-23795

ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...

4CVSS5.8AI score0.0025EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/20 9:16 a.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the -env-vars process when multi-step templates are used against untrusted targets. An attacker can execute arbitrary code by injecting malicious DSL expressions. This is only exploitable if multi-step...

7.5CVSS6.1AI score0.00344EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/20 9:16 a.m.2 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the -env-vars process when multi-step templates are used against untrusted targets. An attacker can execute arbitrary code by injecting malicious DSL expressions. This is only exploitable if multi-step...

7.5CVSS6.1AI score0.00344EPSS
Exploits0References2
NVD
NVD
added 2026/04/20 8:16 a.m.11 views

CVE-2026-41282

ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...

7.5CVSS0.0025EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/20 7:10 a.m.6 views

CVE-2026-41282

ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...

4CVSS5.8AI score0.0025EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/04/20 7:10 a.m.12 views

CVE-2026-41282

Summary: CVE-2026-41282 affects ProjectDiscovery Nuclei prior to 3.8.0, where DSL expression injection is possible when using -env-vars for multi-step templates against untrusted targets configured non-defaultly. The Red Hat advisory describes a flaw enabling DSL injection that could lead to unau...

7.5CVSS5.8AI score0.0025EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/20 7:10 a.m.8 views

CVE-2026-41282

ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...

4CVSS5.8AI score0.0025EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.4 views

PT-2026-33724

ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...

4CVSS5.8AI score0.0025EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.8 views

Nuclei 安全漏洞

Nuclei is a fast-customizable vulnerability scanner based on simple YAML, open-sourced by ProjectDiscovery. Versions of Nuclei prior to 3.8.0 have security vulnerabilities, which stem from DSL expression injection and may affect the use of multi-step templates...

7.5CVSS5.8AI score0.0025EPSS
Exploits0References2
Rows per page
Query Builder