Vulnerabilities with Nuclei Scanner Templates

Updated 33m ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

346,378 CVEs tracked 53,627 with exploits 4,858 exploited in wild 1,583 CISA KEV 4,077 Nuclei templates 52,288 vendors 43,849 researchers
4,077 results Clear all
CVE-2014-3120 8.1 HIGH KEV 6 PoCs Analysis NUCLEI EPSS 0.83
Elasticsearch < 1.2 - Improper Access Control
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.
CWE-284 Jul 28, 2014
CVE-2014-5111 4 PoCs Analysis NUCLEI EPSS 0.68
Netfortris Trixbox - Path Traversal
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
CWE-22 Jul 28, 2014
CVE-2014-4210 6 PoCs Analysis NUCLEI EPSS 0.94
Oracle WebLogic Server <10.3.6.0 - Info Disclosure
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services.
Jul 17, 2014
CVE-2014-4942 NUCLEI EPSS 0.01
EasyCart <2.0.6 - Info Disclosure
The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.
CWE-200 Jul 11, 2014
CVE-2014-4941 NUCLEI EPSS 0.00
WordPress wp-cross-rss <1.7 - Path Traversal
Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.
CWE-22 Jul 11, 2014
CVE-2014-4940 2 PoCs Analysis NUCLEI EPSS 0.43
Tera Charts 0.1 - Path Traversal
Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.
CWE-22 Jul 11, 2014
CVE-2014-4513 NUCLEI EPSS 0.03
ActiveHelper LiveHelp <3.1.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter.
CWE-79 Jul 01, 2014
CVE-2014-2962 1 PoC Analysis NUCLEI EPSS 0.89
Belkin N150 F9k1009 Firmware < 1.00.07 - Path Traversal
Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
CWE-22 Jun 19, 2014
CVE-2014-2383 EXPLOITED 2 PoCs Analysis NUCLEI EPSS 0.55
dompdf <0.6.1 - Auth Bypass
dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.
CWE-200 Apr 28, 2014
CVE-2014-2908 EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.68
Siemens Simatic S7 Cpu 1200 Firmware - XSS
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Apr 25, 2014
CVE-2014-0160 7.5 HIGH KEV 85 PoCs Analysis NUCLEI EPSS 0.94
OpenSSL <1.0.1g - Info Disclosure
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
CWE-125 Apr 07, 2014
CVE-2014-2323 9.8 CRITICAL 1 PoC Analysis NUCLEI EPSS 0.90
lighttpd <1.4.35 - SQL Injection
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
CWE-89 Mar 14, 2014
CVE-2014-2321 EXPLOITED 3 PoCs Analysis NUCLEI EPSS 0.92
ZTE F460/F660 - RCE
web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.
CWE-264 Mar 11, 2014
CVE-2013-2621 6.1 MEDIUM 1 PoC Analysis NUCLEI EPSS 0.10
Telaen <1.3.1 - Open Redirect
Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL.
CWE-601 Feb 03, 2020
CVE-2013-4982 9.8 CRITICAL 1 PoC Analysis NUCLEI EPSS 0.40
AVTECH AVN801 DVR - Auth Bypass
AVTECH AVN801 DVR has a security bypass via the administration login captcha
CWE-287 Dec 27, 2019
CVE-2013-7285 9.8 CRITICAL 2 PoCs Analysis NUCLEI EPSS 0.15
Xstream API <1.4.6, 1.4.10 - RCE
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.
CWE-78 May 15, 2019
CVE-2013-2287 1 PoC Analysis NUCLEI EPSS 0.09
Roberta Bramski Uploader - XSS
Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.
CWE-79 Apr 04, 2014
CVE-2013-7240 1 PoC Analysis NUCLEI EPSS 0.41
Advanced Dewplayer <1.2 - Path Traversal
Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.
CWE-22 Jan 03, 2014
CVE-2013-7091 EXPLOITED 3 PoCs Analysis NUCLEI EPSS 0.92
Zimbra 7.2.2-8.0.2 - Path Traversal
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.
CWE-22 Dec 13, 2013
CVE-2013-6281 NUCLEI EPSS 0.03
Dhtmlxspreadsheet - XSS
Cross-site scripting (XSS) vulnerability in codebase/spreadsheet.php in the Spreadsheet (dhtmlxSpreadsheet) plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "page" parameter.
CWE-79 Oct 25, 2013

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised -- A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-29635
Dlink Dir-823x Firmware - Command Injection
 CVE-2024-57728
Simple-help Simplehelp < 5.5.8 - Symlink Following
 CVE-2024-57726
Simple-help Simplehelp < 5.5.8 - Missing Authorization
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2026-20122
Cisco Catalyst SD-WAN Manager - Path Traversal
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration <10.1 - XSS
 CVE-2025-2749
Kentico Xperience < 13.0.178 - Path Traversal
 CVE-2023-27351
Papercut MF < 20.1.7 - Authentication Bypass
 CVE-2009-0238
Microsoft Office <2007 SP1 - RCE
 CVE-2012-1854
Microsoft Office <2010 - Privilege Escalation