Lucene search
+L
ProjectdiscoveryNuclei

6 matches found

cve
cve
added 2024/03/15 7:25 p.m.80 views

CVE-2024-27920

The CVE covers projectdiscovery/nuclei where unsigned code templates could be executed via workflows in Nuclei v3. root cause: oversight in workflow execution that allows executing unsigned templates. Impact: local execution with high severity per listed metrics; effects are mitigation-dependent ...

7.4CVSS7.4AI score0.00411EPSS
cve
cve
added 2024/09/04 3:36 p.m.69 views

CVE-2024-43405

Insight: CVE-2024-43405 affects ProjectDiscovery Nuclei. The issue is in the template signature verification (signer package), where a newline handling discrepancy between the signature verification and YAML parsing allows an attacker to craft templates that bypass digest verification and potenti...

7.8CVSS7.7AI score0.01118EPSS
cve
cve
added 2023/08/04 3:34 p.m.65 views

CVE-2023-37896

CVE-2023-37896 concerns a path traversal/sandbox sanitization flaw in the Go SDK path/file loading for Nuclei templates, not affecting the CLI. The issue occurred when relative paths were not converted to absolute paths before sandbox checks, permitting access to arbitrary filesystem files when u...

7.5CVSS7.5AI score0.0085EPSS
cve
cve
added 2026/05/08 3:14 a.m.37 views

CVE-2026-41646

Summary (CVE-2026-41646) : Nuclei prior to 3.8.0 is vulnerable where the JavaScript protocol runtime allows templates to read local .js/.json files via the require() function, bypassing the local-file-access restriction. Affected versions range from 3.0.0 up to, but not including, 3.8.0. The issu...

5.5CVSS5.7AI score0.00114EPSS
cve
cve
added 2026/05/08 3:17 a.m.27 views

CVE-2026-41645

CVE-2026-41645 affects Nuclei up to version 3.8.0, where the expression evaluation engine can be tricked by HTTP response-derived DSL expressions reused in multi-step templates. If -env-vars (-ev) is explicitly enabled, response data containing DSL expressions can expose host environment variable...

5.3CVSS5.8AI score0.00344EPSS
cve
cve
added 2026/04/20 7:10 a.m.19 views

CVE-2026-41282

Summary: CVE-2026-41282 affects ProjectDiscovery Nuclei prior to 3.8.0, where DSL expression injection is possible when using -env-vars for multi-step templates against untrusted targets configured non-defaultly. The Red Hat advisory describes a flaw enabling DSL injection that could lead to unau...

7.5CVSS5.8AI score0.0025EPSS