Lucene search
K

5 matches found

OSV
OSV
added 2026/06/25 10:34 p.m.7 views

GO-2026-5473 Nuclei: Environment variable disclosure via Response-Derived DSL Expressions in github.com/projectdiscovery/nuclei

Nuclei: Environment variable disclosure via Response-Derived DSL Expressions in github.com/projectdiscovery/nuclei...

7.5CVSS5.8AI score0.00344EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/08 3:17 a.m.37 views

CVE-2026-41645 Nuclei: Environment variable disclosure via Response-Derived DSL Expressions

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP response...

5.3CVSS0.00344EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/08 3:17 a.m.9 views

CVE-2026-41645 Nuclei: Environment variable disclosure via Response-Derived DSL Expressions

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP response...

5.3CVSS5.8AI score0.00344EPSS
Exploits0References6
OSV
OSV
added 2026/04/22 7:59 p.m.10 views

GHSA-JM34-66CF-QPVR Nuclei: Environment variable disclosure via Response-Derived DSL Expressions

A vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP response data containing helper/function syntax gets reused by multi-step templates. If the -env-vars / -ev option is...

5.3CVSS5.9AI score0.00344EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/04/22 7:59 p.m.10 views

Nuclei: Environment variable disclosure via Response-Derived DSL Expressions

A vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP response data containing helper/function syntax gets reused by multi-step templates. If the -env-vars / -ev option is...

5.3CVSS5.9AI score0.00344EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder