Vulnerabilities with Nuclei Scanner Templates

Updated 5h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

346,417 CVEs tracked 53,633 with exploits 4,859 exploited in wild 1,583 CISA KEV 4,077 Nuclei templates 52,306 vendors 43,872 researchers
4,077 results Clear all
CVE-2019-7219 6.1 MEDIUM 1 PoC Analysis NUCLEI EPSS 0.15
Zarafa Webapp <2.0.1.47791 - XSS
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.
CWE-79 Apr 11, 2019
CVE-2019-7139 9.8 CRITICAL EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.60
Magento <2.1.18-2.3.2 - SQL Injection
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
CWE-89 Apr 10, 2019
CVE-2019-10692 9.8 CRITICAL 1 PoC Analysis NUCLEI EPSS 0.89
Codecabin WP GO Maps < 7.11.18 - SQL Injection
In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.
CWE-89 Apr 02, 2019
CVE-2019-6715 7.5 HIGH 2 PoCs Analysis NUCLEI EPSS 0.91
W3 Total Cache <0.9.4 - Info Disclosure
pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data.
Apr 01, 2019
CVE-2019-10647 9.8 CRITICAL EXPLOITED 1 Writeup NUCLEI EPSS 0.56
Zzzcms Zzzphp - Unrestricted File Upload
ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of inc/zzz_file.php restrictions. For example, source%5B%5D=http%3A%2F%2F192.168.0.1%2Ftest.php can be used if the 192.168.0.1 web server sends the contents of a .php file (i.e., it does not interpret a .php file).
CWE-434 Mar 30, 2019
CVE-2019-9922 7.5 HIGH NUCLEI EPSS 0.85
Harmis JE Messenger 1.2.2 - Path Traversal
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files.
CWE-22 Mar 29, 2019
CVE-2019-10232 9.8 CRITICAL EXPLOITED 1 Writeup NUCLEI EPSS 0.89
Teclib-edition Gestionnaire Libre DE Parc Informatique - SQL Injection
Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
CWE-89 Mar 27, 2019
CVE-2019-5418 7.5 HIGH KEV 12 PoCs Analysis NUCLEI EPSS 0.94
Ruby On Rails File Content Disclosure (
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
CWE-22 Mar 27, 2019
CVE-2019-10068 9.8 CRITICAL KEV 2 PoCs Analysis NUCLEI EPSS 0.94
Kentico <12.0.15, 11.0.48, 10.0.52, 9.x - Code Injection
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted.
CWE-502 Mar 26, 2019
CVE-2019-7609 10.0 CRITICAL KEV 17 PoCs Analysis NUCLEI EPSS 0.94
Kibana Timelion Prototype Pollution RCE
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
CWE-94 Mar 25, 2019
CVE-2019-3396 9.8 CRITICAL KEV RANSOMWARE 27 PoCs Analysis NUCLEI EPSS 0.94
Atlassian Confluence Widget Connector Macro Velocity Template Injection
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
CWE-22 Mar 25, 2019
CVE-2019-9978 6.1 MEDIUM KEV 17 PoCs Analysis NUCLEI EPSS 0.88
Social Warfare <3.5.3 - Stored XSS
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
CWE-79 Mar 24, 2019
CVE-2019-9915 6.1 MEDIUM NUCLEI EPSS 0.14
GetSimpleCMS 3.3.13 - Open Redirect
GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.
CWE-601 Mar 22, 2019
CVE-2019-9912 6.1 MEDIUM NUCLEI EPSS 0.01
wp-google-maps <7.10.43 - XSS
The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.
CWE-79 Mar 22, 2019
CVE-2019-7238 9.8 CRITICAL KEV 7 PoCs Analysis NUCLEI EPSS 0.94
Sonatype Nexus Repository Manager <3.15.0 - Privilege Escalation
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
Mar 21, 2019
CVE-2019-9762 9.8 CRITICAL EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.54
PHPSHE 1.7 - SQL Injection
A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication.
CWE-89 Mar 14, 2019
CVE-2019-9632 7.5 HIGH NUCLEI EPSS 0.79
ESAFENET CDG V3-V5 - File Download
ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request.
Mar 08, 2019
CVE-2019-0192 9.8 CRITICAL EXPLOITED 2 PoCs Analysis NUCLEI EPSS 0.94
Apache Solr < 5.5.5 - Insecure Deserialization
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.
CWE-502 Mar 07, 2019
CVE-2019-4061 5.3 MEDIUM EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.80
IBM Bigfix Platform < 9.2.16 - Information Disclosure
IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869.
CWE-200 Feb 27, 2019
CVE-2019-9194 9.8 CRITICAL EXPLOITED 6 PoCs Analysis NUCLEI EPSS 0.93
Std42 Elfinder < 2.1.48 - OS Command Injection
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
CWE-78 Feb 26, 2019

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised -- A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-29635
Dlink Dir-823x Firmware - Command Injection
 CVE-2024-57728
Simple-help Simplehelp < 5.5.8 - Symlink Following
 CVE-2024-57726
Simple-help Simplehelp < 5.5.8 - Missing Authorization
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2026-20122
Cisco Catalyst SD-WAN Manager - Path Traversal
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration <10.1 - XSS
 CVE-2025-2749
Kentico Xperience < 13.0.178 - Path Traversal
 CVE-2023-27351
Papercut MF < 20.1.7 - Authentication Bypass
 CVE-2009-0238
Microsoft Office <2007 SP1 - RCE
 CVE-2012-1854
Microsoft Office <2010 - Privilege Escalation