Vulnerabilities with Nuclei Scanner Templates

Updated 4h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

346,682 CVEs tracked 53,700 with exploits 4,860 exploited in wild 1,583 CISA KEV 4,077 Nuclei templates 52,389 vendors 43,933 researchers
4,077 results Clear all
CVE-2022-1815 7.5 HIGH NUCLEI EPSS 0.25
Diagrams Drawio < 18.1.2 - Information Disclosure
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.
CWE-918 May 25, 2022
CVE-2022-1221 6.1 MEDIUM EXPLOITED NUCLEI EPSS 0.03
Gwyn's Imagemap Selector < 0.3.3 - XSS
The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting.
CWE-79 May 23, 2022
CVE-2022-0781 9.8 CRITICAL EXPLOITED NUCLEI EPSS 0.83
Nirweb support WP <2.8.2 - SQL Injection
The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection
CWE-89 May 23, 2022
CVE-2022-0346 6.1 MEDIUM EXPLOITED NUCLEI EPSS 0.03
XML Sitemap Generator <2.0.4 - XSS/RCE
The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on.
CWE-79 May 23, 2022
CVE-2022-22972 9.8 CRITICAL EXPLOITED 4 PoCs Analysis NUCLEI EPSS 0.94
Vmware Identity Manager - Authentication Bypass
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
May 20, 2022
CVE-2022-21500 7.5 HIGH EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.94
Oracle E-Business Suite 12.2 - Unauthorized Access
Vulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. Note: Authentication is required for successful attack, however the user may be self-registered. <br> <br>Oracle E-Business Suite 12.1 is not impacted by this vulnerability. Customers should refer to the Patch Availability Document for details. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
May 20, 2022
CVE-2022-1711 7.5 HIGH NUCLEI EPSS 0.35
Diagrams Drawio < 18.0.5 - SSRF
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.
CWE-918 May 17, 2022
CVE-2022-1713 7.5 HIGH NUCLEI EPSS 0.90
Diagrams Drawio < 18.0.4 - SSRF
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.
CWE-918 May 16, 2022
CVE-2022-1398 6.5 MEDIUM NUCLEI EPSS 0.40
External Media Without Import < 1.1.2 - SSRF
The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks
CWE-918 May 16, 2022
CVE-2022-1386 9.8 CRITICAL EXPLOITED 7 PoCs Analysis NUCLEI EPSS 0.94
Fusion Builder < 3.6.2 - SSRF
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures.
CWE-918 May 16, 2022
CVE-2022-0873 4.8 MEDIUM NUCLEI EPSS 0.01
Codeasily Gmedia Gallery < 1.20.0 - XSS
The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed
CWE-79 May 16, 2022
CVE-2022-0867 9.8 CRITICAL EXPLOITED NUCLEI EPSS 0.85
Reputeinfosystems Pricing Table < 3.6.1 - SQL Injection
The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users
CWE-89 May 16, 2022
CVE-2022-1442 7.5 HIGH SSVC PoC 1 PoC Analysis NUCLEI EPSS 0.75
Wpmet Metform Elementor Contact Form Builder - Missing Authorization
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3.
CWE-862 May 10, 2022
CVE-2022-1013 9.8 CRITICAL NUCLEI EPSS 0.66
Ays-pro Personal Dictionary < 1.3.4 - SQL Injection
The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability.
CWE-89 May 09, 2022
CVE-2022-0948 9.8 CRITICAL EXPLOITED NUCLEI EPSS 0.73
Pluginbazaar Order Listener For Woocommerce < 3.2.2 - SQL Injection
The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection
CWE-89 May 09, 2022
CVE-2022-0826 9.8 CRITICAL EXPLOITED NUCLEI EPSS 0.80
Wp-video-gallery-free < 1.7.1 - SQL Injection
The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
CWE-89 May 09, 2022
CVE-2022-0817 9.8 CRITICAL NUCLEI EPSS 0.65
Badgeos < 3.7.0 - SQL Injection
The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
CWE-89 May 09, 2022
CVE-2022-0814 9.8 CRITICAL NUCLEI EPSS 0.58
Ubigeo DE Peru Para Woocommerce < 3.6.4 - SQL Injection
The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections
CWE-89 May 09, 2022
CVE-2022-0592 9.8 CRITICAL EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.70
MapSVG WP <6.2.20 - SQL Injection
The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users.
CWE-89 May 09, 2022
CVE-2022-0424 5.3 MEDIUM 1 PoC Analysis NUCLEI EPSS 0.42
The Popup by Supsystic WordPress <1.10.9 - Info Disclosure
The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users
CWE-306 May 09, 2022

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised -- A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-29635
Dlink Dir-823x Firmware - Command Injection
 CVE-2024-57728
Simple-help Simplehelp < 5.5.8 - Symlink Following
 CVE-2024-57726
Simple-help Simplehelp < 5.5.8 - Missing Authorization
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2026-20122
Cisco Catalyst SD-WAN Manager - Path Traversal
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration <10.1 - XSS
 CVE-2025-2749
Kentico Xperience < 13.0.178 - Path Traversal
 CVE-2023-27351
Papercut MF < 20.1.7 - Authentication Bypass
 CVE-2009-0238
Microsoft Office <2007 SP1 - RCE
 CVE-2012-1854
Microsoft Office <2010 - Privilege Escalation