Vulnerabilities with Nuclei Scanner Templates

Updated 1h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

346,391 CVEs tracked 53,627 with exploits 4,859 exploited in wild 1,583 CISA KEV 4,077 Nuclei templates 52,294 vendors 43,856 researchers
4,077 results Clear all
CVE-2017-11629 6.1 MEDIUM NUCLEI EPSS 0.00
dayrui FineCms <5.0.10 - XSS
dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request.
CWE-79 Jul 26, 2017
CVE-2017-11586 6.1 MEDIUM NUCLEI EPSS 0.07
dayrui FineCms 5.0.9 - Open Redirect
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php.
CWE-601 Jul 24, 2017
CVE-2017-11444 9.8 CRITICAL NUCLEI EPSS 0.79
Intelliants Subrion Cms < 4.1.4 - SQL Injection
Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
CWE-89 Jul 19, 2017
CVE-2017-1000029 7.5 HIGH NUCLEI EPSS 0.69
Oracle Glassfish Server - Information Disclosure
Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication.
CWE-200 Jul 17, 2017
CVE-2017-1000028 7.5 HIGH EXPLOITED 5 PoCs Analysis NUCLEI EPSS 0.94
Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
CWE-22 Jul 17, 2017
CVE-2017-11165 9.8 CRITICAL 2 PoCs Analysis NUCLEI EPSS 0.91
Datataker Dt80 Dex Firmware - Information Disclosure
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.
CWE-200 Jul 12, 2017
CVE-2017-11107 6.1 MEDIUM NUCLEI EPSS 0.00
Phpldapadmin < 1.2.3 - XSS
phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.
CWE-79 Jul 08, 2017
CVE-2017-10974 7.5 HIGH EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.90
Yaws - Path Traversal
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product.
CWE-22 Jul 07, 2017
CVE-2016-8706 8.1 HIGH NUCLEI EPSS 0.52
Memcached - RCE
An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
CWE-190 Jan 06, 2017
CVE-2016-3510 9.8 CRITICAL 3 PoCs Analysis NUCLEI EPSS 0.94
Oracle WebLogic Server - Info Disclosure
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586.
Jul 21, 2016
CVE-2016-2004 9.8 CRITICAL 4 PoCs Analysis NUCLEI EPSS 0.93
HPE Data Protector <7.03_108,8.x<8.15,9.x<9.06 - RCE
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.
CWE-306 Apr 21, 2016
CVE-2016-15043 9.8 CRITICAL EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.83
WP Mobile Detector <3.5 - File Upload
The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
CWE-434 Jul 19, 2025
CVE-2016-15042 9.8 CRITICAL EXPLOITED 2 PoCs Analysis NUCLEI EPSS 0.74
WordPress <4.0, WordPress <1.1 - Unauthenticated RCE
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
CWE-434 Oct 16, 2024
CVE-2016-15041 7.2 HIGH EXPLOITED 2 PoCs Analysis NUCLEI EPSS 0.11
MainWP Dashboard - WordPress <3.1.2 - XSS
The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mwp_setup_purchase_username’ parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CWE-79 Oct 16, 2024
CVE-2016-10993 5.4 MEDIUM 1 PoC Analysis NUCLEI EPSS 0.02
Scoreme < 2016-04-01 - XSS
The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter.
CWE-79 Sep 17, 2019
CVE-2016-10976 6.1 MEDIUM NUCLEI EPSS 0.00
Kodebyraaet Safe Editor < 1.2 - XSS
The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS.
CWE-79 Sep 17, 2019
CVE-2016-10973 6.1 MEDIUM NUCLEI EPSS 0.01
Brafton < 3.4.8 - XSS
The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php.
CWE-79 Sep 16, 2019
CVE-2016-10972 9.8 CRITICAL EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.63
Tagdiv Newspaper < 6.7.2 - Improper Privilege Management
The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.
CWE-269 Sep 16, 2019
CVE-2016-10960 8.8 HIGH EXPLOITED NUCLEI EPSS 0.71
Joomlaserviceprovider Wsecure < 2.4 - Improper Input Validation
The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
CWE-20 Sep 16, 2019
CVE-2016-10956 7.5 HIGH 3 PoCs Analysis NUCLEI EPSS 0.91
Mail-masta - Improper Input Validation
The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
CWE-20 Sep 16, 2019

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised -- A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2025-29635
Dlink Dir-823x Firmware - Command Injection
 CVE-2024-57728
Simple-help Simplehelp < 5.5.8 - Symlink Following
 CVE-2024-57726
Simple-help Simplehelp < 5.5.8 - Missing Authorization
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2026-20122
Cisco Catalyst SD-WAN Manager - Path Traversal
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration <10.1 - XSS
 CVE-2025-2749
Kentico Xperience < 13.0.178 - Path Traversal
 CVE-2023-27351
Papercut MF < 20.1.7 - Authentication Bypass
 CVE-2009-0238
Microsoft Office <2007 SP1 - RCE
 CVE-2012-1854
Microsoft Office <2010 - Privilege Escalation