Vulnerabilities with Nuclei Scanner Templates

Updated 51m ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

346,468 CVEs tracked 53,663 with exploits 4,859 exploited in wild 1,583 CISA KEV 4,077 Nuclei templates 52,324 vendors 43,878 researchers
4,077 results Clear all
CVE-2020-9039 9.8 CRITICAL NUCLEI EPSS 0.66
Couchbase Server < 4.6.5 - Incorrect Default Permissions
Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. The endpoint was unauthenticated and has been updated to only allow authenticated users to access these administrative APIs.
CWE-276 Feb 22, 2020
CVE-2020-8813 8.8 HIGH EXPLOITED 6 PoCs Analysis NUCLEI EPSS 0.94
Cacti 1.2.8 - Command Injection
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
CWE-78 Feb 22, 2020
CVE-2020-9043 8.8 HIGH EXPLOITED NUCLEI EPSS 0.30
Wpcentral < 1.5.1 - Information Disclosure
The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key.
CWE-200 Feb 17, 2020
CVE-2020-7209 9.8 CRITICAL EXPLOITED 2 PoCs Analysis NUCLEI EPSS 0.93
HP Linuxki < 6.0-2 - Remote Code Execution
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
Feb 13, 2020
CVE-2020-8656 9.8 CRITICAL EXPLOITED 3 PoCs Analysis NUCLEI EPSS 0.82
EyesOfNetwork <5.3 - SQL Injection
An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.
CWE-89 Feb 07, 2020
CVE-2020-8654 8.8 HIGH 3 PoCs Analysis NUCLEI EPSS 0.92
EyesOfNetwork <5.3 - Command Injection
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field.
CWE-78 Feb 07, 2020
CVE-2020-8657 9.8 CRITICAL KEV 1 PoC Analysis NUCLEI EPSS 0.89
EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token.
CWE-798 Feb 06, 2020
CVE-2020-8772 9.8 CRITICAL 1 PoC Analysis NUCLEI EPSS 0.94
InfiniteWP Client <1.9.4.5 - Privilege Escalation
The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in.
CWE-862 Feb 06, 2020
CVE-2020-8771 9.8 CRITICAL NUCLEI EPSS 0.89
Time Capsule <1.21.16 - Auth Bypass
The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts.
CWE-287 Feb 06, 2020
CVE-2020-8644 9.8 CRITICAL KEV 3 PoCs Analysis NUCLEI EPSS 0.94
PlaySMS <1.4.3 - XSS
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
CWE-94 Feb 05, 2020
CVE-2020-8641 8.8 HIGH 1 PoC Analysis NUCLEI EPSS 0.86
Lotus Core CMS 1.0.1 - Path Traversal
Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter.
CWE-22 Feb 05, 2020
CVE-2020-8615 6.5 MEDIUM 1 PoC Analysis NUCLEI EPSS 0.09
Tutor LMS <1.5.3 - CSRF
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).
CWE-352 Feb 04, 2020
CVE-2020-8115 6.1 MEDIUM EXPLOITED NUCLEI EPSS 0.51
Revive Adserver <= 5.0.3 - XSS
A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim.
CWE-79 Feb 04, 2020
CVE-2020-8515 9.8 CRITICAL KEV 4 PoCs Analysis NUCLEI EPSS 0.94
DrayTek - RCE
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.
CWE-78 Feb 01, 2020
CVE-2020-8512 6.1 MEDIUM 1 PoC Analysis NUCLEI EPSS 0.37
IceWarp Webmail Server <11.4.4.1 - XSS
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.
CWE-79 Feb 01, 2020
CVE-2020-2103 5.4 MEDIUM NUCLEI EPSS 0.45
Jenkins < 2.204.1 - Information Disclosure
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page.
CWE-200 Jan 29, 2020
CVE-2020-7980 9.8 CRITICAL EXPLOITED 2 PoCs Analysis NUCLEI EPSS 0.94
Intellian Aptus Web <1.24 - RCE
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.
CWE-78 Jan 25, 2020
CVE-2020-7107 6.1 MEDIUM NUCLEI EPSS 0.04
Etoilewebdesign Ultimate Faq < 1.8.30 - XSS
The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php.
CWE-79 Jan 16, 2020
CVE-2020-2551 9.8 CRITICAL KEV 12 PoCs Analysis NUCLEI EPSS 0.94
Oracle WebLogic Server <12.2.1.4 - RCE
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Jan 15, 2020
CVE-2020-2096 6.1 MEDIUM EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.94
Jenkins Gitlab Hook < 1.4.2 - XSS
Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.
CWE-79 Jan 15, 2020

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised -- A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-29635
Dlink Dir-823x Firmware - Command Injection
 CVE-2024-57728
Simple-help Simplehelp < 5.5.8 - Symlink Following
 CVE-2024-57726
Simple-help Simplehelp < 5.5.8 - Missing Authorization
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2026-20122
Cisco Catalyst SD-WAN Manager - Path Traversal
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration <10.1 - XSS
 CVE-2025-2749
Kentico Xperience < 13.0.178 - Path Traversal
 CVE-2023-27351
Papercut MF < 20.1.7 - Authentication Bypass
 CVE-2009-0238
Microsoft Office <2007 SP1 - RCE
 CVE-2012-1854
Microsoft Office <2010 - Privilege Escalation