Vulnerabilities with Nuclei Scanner Templates

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

346,544 CVEs tracked 53,640 with exploits 4,860 exploited in wild 1,583 CISA KEV 4,077 Nuclei templates 52,344 vendors 43,890 researchers
4,077 results Clear all
CVE-2021-3378 9.8 CRITICAL 3 PoCs Analysis NUCLEI EPSS 0.93
Fortilogger < 5.2.0 - Unrestricted File Upload
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.
CWE-434 Feb 01, 2021
CVE-2021-25646 8.8 HIGH EXPLOITED 13 PoCs Analysis NUCLEI EPSS 0.94
Apache Druid <0.20.0 - XSS
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.
Jan 29, 2021
CVE-2021-3297 7.8 HIGH EXPLOITED NUCLEI EPSS 0.81
Zyxel NBG2105 V1.00(AAGU.2)C0 - Privilege Escalation
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
CWE-287 Jan 26, 2021
CVE-2021-3223 7.5 HIGH EXPLOITED NUCLEI EPSS 0.92
Node-RED-Dashboard <2.26.2 - Path Traversal
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
CWE-22 Jan 26, 2021
CVE-2021-25864 7.5 HIGH EXPLOITED NUCLEI EPSS 0.57
Dgtl Huemagic - Path Traversal
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.
CWE-22 Jan 26, 2021
CVE-2021-3110 9.8 CRITICAL 1 PoC Analysis NUCLEI EPSS 0.72
Prestashop - SQL Injection
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.
CWE-89 Jan 20, 2021
CVE-2021-3129 9.8 CRITICAL KEV RANSOMWARE 34 PoCs Analysis NUCLEI EPSS 0.94
Ignition <2.5.2 - RCE
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
Jan 12, 2021
CVE-2021-3019 7.5 HIGH 8 PoCs Analysis NUCLEI EPSS 0.93
ffay lanproxy 0.1 - Path Traversal
ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection to the intranet.
CWE-22 Jan 05, 2021
CVE-2021-3018 9.8 CRITICAL EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.79
ipeak Infosystems ibexwebCMS <3.5 - SQL Injection
ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the id parameter on the /cms/print.php page.
CWE-89 Jan 05, 2021
CVE-2021-3007 9.8 CRITICAL EXPLOITED 3 PoCs Analysis NUCLEI EPSS 0.90
Laminas Project laminas-http <2.14.2 - Code Injection
Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer supported by the maintainer. NOTE: the laminas-http vendor considers this a "vulnerability in the PHP language itself" but has added certain type checking as a way to prevent exploitation in (unrecommended) use cases where attacker-supplied data can be deserialized
CWE-502 Jan 04, 2021
CVE-2021-3002 6.1 MEDIUM NUCLEI EPSS 0.13
Seo Panel 4.8.0 - XSS
Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.
CWE-79 Jan 01, 2021
CVE-2021-24910 6.1 MEDIUM NUCLEI EPSS 0.15
Transposh WordPress Translation <1.0.8 - XSS
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue
CWE-79 Aug 22, 2022
CVE-2021-25104 6.1 MEDIUM NUCLEI EPSS 0.03
Ocean Extra WP <1.9.5 - XSS
The Ocean Extra WordPress plugin before 1.9.5 does not escape generated links which are then used when the OceanWP is active, leading to a Reflected Cross-Site Scripting issue
CWE-79 Jun 20, 2022
CVE-2021-25111 6.1 MEDIUM NUCLEI EPSS 0.02
WordPress Admin <1.5.2 - Open Redirect
The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue
CWE-601 Apr 25, 2022
CVE-2021-25094 8.1 HIGH EXPLOITED 6 PoCs Analysis NUCLEI EPSS 0.91
Tatsu Wordpress Plugin RCE
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker.
CWE-306 Apr 25, 2022
CVE-2021-25120 6.1 MEDIUM NUCLEI EPSS 0.26
WordPress <6.2.7 - XSS
The Easy Social Feed Free and Pro WordPress plugins before 6.2.7 do not sanitise some of their parameters used via AJAX actions before outputting them back in the response, leading to Reflected Cross-Site Scripting issues
CWE-79 Apr 18, 2022
CVE-2021-24987 6.1 MEDIUM NUCLEI EPSS 0.06
WordPress Plugin <7.13.30 - XSS
The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue.
CWE-79 Apr 11, 2022
CVE-2021-24746 6.1 MEDIUM NUCLEI EPSS 0.02
WordPress Social Sharing Plugin <3.3.40 - XSS
The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue.
CWE-79 Mar 28, 2022
CVE-2021-20323 6.1 MEDIUM 3 PoCs Analysis NUCLEI EPSS 0.66
Redhat Keycloak < 17.0.0 - XSS
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.
CWE-79 Mar 25, 2022
CVE-2021-25003 9.8 CRITICAL EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.92
WPCargo Track & Trace <6.9.0 - RCE
The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE
CWE-434 Mar 14, 2022

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised -- A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-29635
Dlink Dir-823x Firmware - Command Injection
 CVE-2024-57728
Simple-help Simplehelp < 5.5.8 - Symlink Following
 CVE-2024-57726
Simple-help Simplehelp < 5.5.8 - Missing Authorization
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2026-20122
Cisco Catalyst SD-WAN Manager - Path Traversal
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration <10.1 - XSS
 CVE-2025-2749
Kentico Xperience < 13.0.178 - Path Traversal
 CVE-2023-27351
Papercut MF < 20.1.7 - Authentication Bypass
 CVE-2009-0238
Microsoft Office <2007 SP1 - RCE
 CVE-2012-1854
Microsoft Office <2010 - Privilege Escalation