Vulnerabilities with Nuclei Scanner Templates

Updated 4h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

357,591 CVEs tracked 54,441 with exploits 5,033 exploited in wild 1,621 CISA KEV 4,191 Nuclei templates 55,234 vendors 47,538 researchers
4,191 results Clear all
CVE-2017-18494 6.1 MEDIUM NUCLEI EPSS 0.01
Custom Search Plugin < 1.36 - Cross-Site Scripting
The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues.
CWE-79 Aug 13, 2019 STIX 2.1
CVE-2017-18493 6.1 MEDIUM NUCLEI EPSS 0.01
Custom Admin Page < 0.1.2 - Cross-Site Scripting
The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues.
CWE-79 Aug 13, 2019 STIX 2.1
CVE-2017-18492 6.1 MEDIUM NUCLEI EPSS 0.01
Contact Form to DB < 1.5.7 - Cross-Site Scripting
The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues.
CWE-79 Aug 13, 2019 STIX 2.1
CVE-2017-18491 6.1 MEDIUM NUCLEI EPSS 0.01
Contact Form Plugin < 4.0.6 - Stored Cross-Site Scripting
The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues.
CWE-79 Aug 13, 2019 STIX 2.1
CVE-2017-18490 6.1 MEDIUM NUCLEI EPSS 0.01
Contact Form Multi < 1.2.1 - Cross-Site Scripting
The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues.
CWE-79 Aug 13, 2019 STIX 2.1
CVE-2017-18505 6.1 MEDIUM NUCLEI EPSS 0.02
Twitter Button < 2.55 - Cross-Site Scripting
The twitter-plugin plugin before 2.55 for WordPress has XSS.
CWE-79 Aug 12, 2019 STIX 2.1
CVE-2017-18502 6.1 MEDIUM NUCLEI EPSS 0.02
WordPress Subscriber Plugin <1.3.5 - XSS
The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues.
CWE-79 Aug 12, 2019 STIX 2.1
CVE-2017-18501 6.1 MEDIUM NUCLEI EPSS 0.01
WordPress social-login-bws <0.2 - XSS
The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues.
CWE-79 Aug 12, 2019 STIX 2.1
CVE-2017-18500 6.1 MEDIUM NUCLEI EPSS 0.01
Social Buttons Pack < 1.1.1 - Cross-Site Scripting
The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues.
CWE-79 Aug 12, 2019 STIX 2.1
CVE-2017-8229 9.8 CRITICAL 1 Writeup NUCLEI EPSS 0.74
Amcrest IPM-721S < 2.420.ac00.16.r.20160909 - Unauthenticated Credential Disclosure via /current_config Endpoint
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary "sonia" is the one that has the vulnerable function that sets up the default credentials on the device. If one opens this binary in IDA-pro one will notice that this follows a ARM little endian format. The function sub_436D6 in IDA pro is identified to be setting up the configuration for the device. If one scrolls to the address 0x000437C2 then one can see that /current_config is being set as an ALIAS for /mnt/mtd/Config folder on the device. If one TELNETs into the device and navigates to /mnt/mtd/Config folder, one can observe that it contains various files such as Account1, Account2, SHAACcount1, etc. This means that if one navigates to http://[IPofcamera]/current_config/Sha1Account1 then one should be able to view the content of the files. The security researchers assumed that this was only possible only after authentication to the device. However, when unauthenticated access tests were performed for the same URL as provided above, it was observed that the device file could be downloaded without any authentication.
CWE-255 Jul 03, 2019 STIX 2.1
CVE-2017-5871 5.4 MEDIUM NUCLEI EPSS 0.03
Odoo <= 8.0-20160726 and 9 - URL Redirection to Untrusted Site
Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirection. The impact is: obtain sensitive information (remote).
CWE-601 May 22, 2019 STIX 2.1
CVE-2017-18362 9.8 CRITICAL KEV SSVC ACTIVE RANSOMWARE 1 PoC 1 Writeup NUCLEI EPSS 0.87
Kaseya VSA 2017 ConnectWise ManagedITSync - Remote Code Execution
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication.
CWE-89 Feb 05, 2019 STIX 2.1
CVE-2017-18349 9.8 CRITICAL EXPLOITED 2 PoCs Analysis NUCLEI EPSS 0.39
Fastjson Insecure Deserialization - Remote Code Execution
parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java.
CWE-20 Oct 23, 2018 STIX 2.1
CVE-2017-17762 7.5 HIGH EXPLOITED NUCLEI EPSS 0.05
Episerver 7 - Blind XML External Entity Injection
XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx.
CWE-611 Aug 29, 2018 STIX 2.1
CVE-2017-17736 9.8 CRITICAL 1 PoC Analysis NUCLEI EPSS 0.69
Kentico - Installer Privilege Escalation
Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.
CWE-425 Mar 23, 2018 STIX 2.1
CVE-2017-18024 6.1 MEDIUM NUCLEI EPSS 0.05
AvantFAX 3.3.3 - Cross-Site Scripting
AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.
CWE-79 Jan 10, 2018 STIX 2.1
CVE-2017-8046 9.8 CRITICAL EXPLOITED RANSOMWARE 13 PoCs Analysis NUCLEI EPSS 0.73
Spring Data REST < 2.6.9 and Spring Boot < 1.5.9 - Remote Code Execution via Malicious PATCH Request
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
CWE-20 Jan 04, 2018 STIX 2.1
CVE-2017-9965 5.8 MEDIUM NUCLEI EPSS 0.05
Pelco VideoXpert < 2.1 - Unauthenticated Sensitive Information Exposure via Directory Traversal
An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files.
CWE-22 Jan 02, 2018 STIX 2.1
CVE-2017-17731 9.8 CRITICAL EXPLOITED NUCLEI EPSS 0.13
DedeCMS 5.7 - SQL Injection
DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.
CWE-89 Dec 18, 2017 STIX 2.1
CVE-2017-17562 8.1 HIGH KEV SSVC ACTIVE 9 PoCs Analysis NUCLEI EPSS 0.96
Embedthis GoAhead <3.6.5 - Remote Code Execution
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.
Dec 12, 2017 STIX 2.1

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-41702: Forty-Seven Microseconds in /var/run/vmware/cnx-tmp
May 17, 2026
Hermes Agent with EIP Harness: The Vulnerability Research Assistant That Also Runs Your Pipelines
May 13, 2026
CVE-2026-41940: cPanel & WHM Pre-Auth RCE - Two Write Paths, One Filter
May 01, 2026
EIP STIX 2.1 / TAXII 2.1 Feed: Exploit Intelligence for Your Stack
Apr 29, 2026
CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
 View all posts →

CVEForge Labs

CVE-2026-45829 CRITICAL
ChromaDB >=1.0.0 - Unauthenticated Remote Code Execution via Malicious Model Repository
CVE-2026-42859 HIGH
Neat VNC: Buffer overflow due to oversized RSA public keys
CVE-2026-3296 CRITICAL
Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata
CVE-2026-34980 HIGH
OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
CVE-2026-35414 MEDIUM
OpenSSH < 10.3 - Always-Incorrect Control Flow Implementation in Authorized Keys Principals Handling
CVE-2026-33765 CRITICAL
Pi-hole Web <6.0 savesettings.php - Command Injection
CVE-2026-4105 MEDIUM
Red Hat Enterprise Linux 10 - Improper Access Control via systemd-machined RegisterMachine D-Bus Method
CVE-2026-30861 CRITICAL
WeKnora 0.2.5-0.2.9 - Unauthenticated Remote Code Execution via MCP stdio Configuration Validation Bypass
CVE-2026-30860 CRITICAL
WeKnora <0.2.12 - RCE via SQL Injection
CVE-2026-28391 CRITICAL
OpenClaw <2026.2.2 - Command Injection
 View all labs →

KEV Gaps

CVE-2026-20262
Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
 CVE-2026-54420
Litespeed Technologies cPanel Plugin < 2.4.8 - UNIX Symbolic Link (Symlink) Following
 CVE-2026-48027
Compromised Nx Console version 18.95.0
 CVE-2026-8398
DAEMON Tools Lite 12.5.0.2421-12.5.0.2434 - Embedded Malicious Code in Trojanized Installer
 CVE-2026-45498
Microsoft Defender Denial of Service Vulnerability
 CVE-2009-1537
Microsoft DirectX 7.0-9.0c - Remote Code Execution via QuickTime Movie Parser Filter
 CVE-2026-6973
Ivanti Endpoint Manager Mobile < 12.6.1.1, < 12.7.0.1, < 12.8.0.1 - Authenticated Remote Code Execution
 CVE-2025-29635
D-Link DIR-823X 240126 and 240802 - Authenticated Remote Command Execution via /goform/set_prohibiting
 CVE-2024-57728
SimpleHelp < 5.5.8 - Authenticated Path Traversal and Arbitrary File Write via Zip Slip
 CVE-2024-57726
SimpleHelp < 5.5.8 - Missing Authorization for API Key Creation
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation