4 matches found
CVE-2026-41282
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
CVE-2024-40641 Unsigned code template execution through workflows in projectdiscovery/nuclei
Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute workflow files. In...
CVE-2021-40149
creationtimestamp| type| source ---|---|--- 2022-07-26 04:30:44+00:00| seen| https://t.me/cibsecurity/46408 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-40149.yaml...
CVE-2022-2168
creationtimestamp| type| source ---|---|--- 2022-07-17 14:27:41+00:00| seen| https://t.me/cibsecurity/46384 2025-04-06 08:48:29+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-2168.yaml...