Fedora: Security Advisory (FEDORA-2025-1ba6ab39aa)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-9985

creationtimestamp| type| source ---|---|--- 2025-11-05 08:15:15+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-9985.yaml 2025-11-05 22:20:44+00:00| published-proof-of-concept| https://t.me/realcodeb0ss/146 2025-11-06 21:02:29+00:00| seen|...

EUVD-2024-2134

Malicious code in bioql PyPI...

Fedora 43 : golang-github-projectdiscovery-chaos-client (2025-a6574c5095)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-a6574c5095 advisory. Automatic update for golang-github-projectdiscovery-chaos-client-0.5.2-1.fc43. Changelog Sun Jul 13 2025 Mikel Olasagasti Uranga - 0.5.2-1 - Update ...

CVE-2024-10486

creationtimestamp| type| source ---|---|--- 2024-11-19 00:05:04+00:00| seen| https://t.me/cvedetector/11406 2025-04-03 17:49:08+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-10486.yaml...

GO-2024-3114 Nuclei Template Signature Verification Bypass in github.com/projectdiscovery/nuclei

Nuclei Template Signature Verification Bypass in github.com/projectdiscovery/nuclei...

GO-2024-2989 projectdiscovery/nuclei allows unsigned code template execution through workflows in github.com/projectdiscovery/nuclei

projectdiscovery/nuclei allows unsigned code template execution through workflows in github.com/projectdiscovery/nuclei...

MAL-2024-2902 Malicious code in projectdiscovery (npm)

--- -= Per source details. Do not edit below this line.=-...

GO-2024-2907 Files or Directories Accessible to External Parties in ProjectDiscovery in github.com/projectdiscovery/interactsh

Files or Directories Accessible to External Parties in ProjectDiscovery in github.com/projectdiscovery/interactsh...

Arbitrary File Read/Write

github.com/projectdiscovery/interactsh is vulnerable to Arbitrary File Read/Write. The vulnerability is due to improper smb server restrictions which allows an attacker to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login...

Files or Directories Accessible to External Parties in ProjectDiscovery

Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login...

CVE-2024-5262

Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login...

CVE-2024-5262 ProjectDiscovery Interactsh - Files or Directories Accessible to External Parties

Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login...

Arbitrary Code Execution

github.com/projectdiscovery/nuclei is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper validation of signed workflows within the parseWorkflowTemplate function in workflows.go, which allows the execution of unsigned code templates through workflows...

CVE-2024-27920

projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing cust...

CVE-2024-27920

The CVE covers projectdiscovery/nuclei where unsigned code templates could be executed via workflows in Nuclei v3. root cause: oversight in workflow execution that allows executing unsigned templates. Impact: local execution with high severity per listed metrics; effects are mitigation-dependent ...

CVE-2024-27920 Unsigned code template execution through workflows in projectdiscovery/nuclei

projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing cust...

Atlassian Confluence SSTI Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence SSTI Injection', 'Description' = %q This module exploits an SSTI injection in Atlassian Confluence servers. A specially...

Atlassian Confluence SSTI Injection

This module exploits an SSTI injection in Atlassian Confluence servers. A specially crafted HTTP request uses the injection to evaluate an OGNL expression resulting in OS command execution. Versions 8.5.0 through 8.5.3 and 8.0 to 8.4 are known to be vulnerable. Module Options msf use...

~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation

Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence Server, within three days of public disclosure. Tracked as CVE-2023-22527 CVSS score: 10.0, the vulnerability impacts out-of-date versions of the...