Vulnerabilities with Nuclei Scanner Templates

Updated 1h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

346,589 CVEs tracked 53,640 with exploits 4,860 exploited in wild 1,583 CISA KEV 4,077 Nuclei templates 52,361 vendors 43,897 researchers
4,077 results Clear all
CVE-2021-3287 9.8 CRITICAL EXPLOITED NUCLEI EPSS 0.88
ManageEngine OpManager SumPDU Java Deserialization
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
CWE-502 Apr 22, 2021
CVE-2021-27850 9.8 CRITICAL EXPLOITED 5 PoCs Analysis NUCLEI EPSS 0.94
Apache Tapestry <5.7.0 - RCE
A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later.
CWE-502 Apr 15, 2021
CVE-2021-3017 7.5 HIGH NUCLEI EPSS 0.81
Intelbras WIN 300/WRN 342 - Info Disclosure
The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.
Apr 14, 2021
CVE-2021-26812 6.1 MEDIUM NUCLEI EPSS 0.19
Jitsi Meet < 2.8.3 - XSS
Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application.
CWE-79 Apr 14, 2021
CVE-2021-28481 9.8 CRITICAL EXPLOITED NUCLEI EPSS 0.34
Microsoft Exchange Server - Remote Code Execution
Microsoft Exchange Server Remote Code Execution Vulnerability
Apr 13, 2021
CVE-2021-28480 9.8 CRITICAL 3 PoCs Analysis NUCLEI EPSS 0.87
Microsoft Exchange Server - Remote Code Execution
Microsoft Exchange Server Remote Code Execution Vulnerability
Apr 13, 2021
CVE-2021-30175 9.8 CRITICAL 1 Writeup NUCLEI EPSS 0.86
ZEROF Web Server 1.0 - SQL Injection
ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page.
CWE-89 Apr 13, 2021
CVE-2021-27905 9.8 CRITICAL 5 PoCs Analysis NUCLEI EPSS 0.94
Apache Solr - SSRF
The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.
CWE-918 Apr 13, 2021
CVE-2021-30151 6.1 MEDIUM NUCLEI EPSS 0.19
Sidekiq <6.2.0 - XSS
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
CWE-79 Apr 06, 2021
CVE-2021-3374 5.3 MEDIUM NUCLEI EPSS 0.83
Rstudio Shiny Server < 1.5.16 - Path Traversal
Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash.
CWE-22 Apr 02, 2021
CVE-2021-26072 4.3 MEDIUM EXPLOITED NUCLEI EPSS 0.21
Atlassian Confluence Data Center < 5.8.6 - SSRF
The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability.
CWE-918 Apr 01, 2021
CVE-2021-28164 5.3 MEDIUM 3 PoCs Analysis NUCLEI EPSS 0.93
Eclipse Jetty - Information Disclosure
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
CWE-551 Apr 01, 2021
CVE-2021-28918 9.1 CRITICAL 1 Writeup NUCLEI EPSS 0.86
Netmask < 1.0.6 - SSRF
Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.
CWE-704 Apr 01, 2021
CVE-2021-28937 7.5 HIGH NUCLEI EPSS 0.34
Acexy Wireless-n Wifi Repeater Firmware - Cleartext Storage
The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext. The page can be intercepted on HTTP.
CWE-312 Mar 29, 2021
CVE-2021-29156 7.5 HIGH 3 PoCs Analysis NUCLEI EPSS 0.89
Forgerock Openam < 13.5.1 - Injection
ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key.
CWE-74 Mar 25, 2021
CVE-2021-27320 7.5 HIGH NUCLEI EPSS 0.76
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter.
CWE-89 Mar 24, 2021
CVE-2021-27319 7.5 HIGH NUCLEI EPSS 0.72
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter.
CWE-89 Mar 24, 2021
CVE-2021-27316 7.5 HIGH NUCLEI EPSS 0.71
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter.
CWE-89 Mar 24, 2021
CVE-2021-27315 7.5 HIGH NUCLEI EPSS 0.71
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter.
CWE-89 Mar 24, 2021
CVE-2021-27310 6.1 MEDIUM 1 Writeup NUCLEI EPSS 0.04
Clansphere CMS 2011.4 - XSS
Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter.
CWE-79 Mar 23, 2021

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised -- A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-29635
Dlink Dir-823x Firmware - Command Injection
 CVE-2024-57728
Simple-help Simplehelp < 5.5.8 - Symlink Following
 CVE-2024-57726
Simple-help Simplehelp < 5.5.8 - Missing Authorization
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2026-20122
Cisco Catalyst SD-WAN Manager - Path Traversal
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration <10.1 - XSS
 CVE-2025-2749
Kentico Xperience < 13.0.178 - Path Traversal
 CVE-2023-27351
Papercut MF < 20.1.7 - Authentication Bypass
 CVE-2009-0238
Microsoft Office <2007 SP1 - RCE
 CVE-2012-1854
Microsoft Office <2010 - Privilege Escalation