Vulnerabilities with Nuclei Scanner Templates

Updated 2h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

358,849 CVEs tracked 54,498 with exploits 5,038 exploited in wild 1,623 CISA KEV 4,199 Nuclei templates 55,411 vendors 47,659 researchers
4,199 results Clear all
CVE-2023-30534 4.3 MEDIUM SSVC PoC NUCLEI EPSS 0.03
Cacti < 1.2.25 - Insecure Deserialization in graphs_new.php
Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory (phpseclib), the necessary gadgets are not included, making them inaccessible and the insecure deserializations not exploitable. Each instance of insecure deserialization is due to using the unserialize function without sanitizing the user input. Cacti has a “safe” deserialization that attempts to sanitize the content and check for specific values before calling unserialize, but it isn’t used in these instances. The vulnerable code lies in graphs_new.php, specifically within the host_new_graphs_save function. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CWE-502 Sep 05, 2023 STIX 2.1
CVE-2023-39361 9.8 CRITICAL 2 PoCs Analysis NUCLEI EPSS 0.88
Cacti - Unauthenticated SQL Injection via graph_view.php
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CWE-89 Sep 05, 2023 STIX 2.1
CVE-2023-39598 6.1 MEDIUM SSVC PoC NUCLEI EPSS 0.01
IceWarp WebClient 10.2.1 - Cross-Site Scripting via mid Parameter
Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.
CWE-79 Sep 05, 2023 STIX 2.1
CVE-2023-4284 6.1 MEDIUM SSVC PoC NUCLEI EPSS 0.01
Post Timeline WordPress Plugin < 2.2.6 - Reflected Cross-Site Scripting via AJAX Response
The Post Timeline WordPress plugin before 2.2.6 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Sep 04, 2023 STIX 2.1
CVE-2023-4151 6.1 MEDIUM SSVC PoC NUCLEI EPSS 0.01
Store Locator WordPress Plugin < 1.4.13 - Reflected Cross-Site Scripting via AJAX Response
The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Sep 04, 2023 STIX 2.1
CVE-2023-2813 6.1 MEDIUM NUCLEI EPSS 0.01
Multiple WordPress Themes < Various - Path Traversal
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable Store WordPress theme through 1.3.4, Fullbase WordPress theme before 1.2.1, Ilex WordPress theme before 1.4.2, Js O3 Lite WordPress theme through 1.5.8.2, Js Paper WordPress theme through 2.5.7, Kata WordPress theme before 1.2.9, Kata App WordPress theme through 1.0.5, Kata Business WordPress theme through 1.0.2, Looki Lite WordPress theme before 1.3.0, moseter WordPress theme through 1.3.1, Nokke WordPress theme before 1.2.4, Nothing Personal WordPress theme through 1.0.7, Offset Writing WordPress theme through 1.2, Opor Ayam WordPress theme through 18, Pinzolo WordPress theme before 1.2.10, Plato WordPress theme before 1.1.9, Polka Dots WordPress theme through 1.2, Purity Of Soul WordPress theme through 1.9, Restaurant PT WordPress theme before 1.1.3, Saul WordPress theme before 1.1.0, Sean Lite WordPress theme before 1.4.6, Tantyyellow WordPress theme through 1.0.0.5, TIJAJI WordPress theme through 1.43, Tiki Time WordPress theme through 1.3, Tuaug4 WordPress theme through 1.4, Tydskrif WordPress theme through 1.1.3, UltraLight WordPress theme through 1.2, Venice Lite WordPress theme before 1.5.5, Viala WordPress theme through 1.3.1, viburno WordPress theme before 1.3.2, Wedding Bride WordPress theme before 1.0.2, Wlow WordPress theme before 1.2.7 suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link.
Sep 04, 2023 STIX 2.1
CVE-2023-40208 7.1 HIGH NUCLEI EPSS 0.01
Stock Ticker <= 3.23.3 - Unauthenticated Reflected Cross-Site Scripting
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aleksandar Urošević Stock Ticker plugin <= 3.23.3 versions.
CWE-79 Sep 04, 2023 STIX 2.1
CVE-2023-4714 4.3 MEDIUM SSVC PoC NUCLEI EPSS 0.05
PlayTube 3.0.1 - Information Disclosure via Redirect Handler
A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. The identifier VDB-238577 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CWE-200 Sep 01, 2023 STIX 2.1
CVE-2023-41642 6.1 MEDIUM EXPLOITED SSVC PoC 1 Writeup NUCLEI EPSS 0.01
GruppoSCAI RealGimm 1.1.37p38 - XSS
Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.
CWE-79 Aug 31, 2023 STIX 2.1
CVE-2023-41538 6.1 MEDIUM SSVC PoC NUCLEI EPSS 0.01
phpjabbers PHP Forum Script 3.0 - XSS
phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.
CWE-79 Aug 30, 2023 STIX 2.1
CVE-2023-4596 9.8 CRITICAL EXPLOITED 4 PoCs Analysis NUCLEI EPSS 0.13
Forminator < 1.24.6 - Unauthenticated Arbitrary File Upload via upload_post_image()
The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CWE-434 Aug 30, 2023 STIX 2.1
CVE-2023-41266 8.2 HIGH KEV SSVC ACTIVE RANSOMWARE 1 PoC Analysis NUCLEI EPSS 0.85
Qlik Sense Enterprise for Windows <= May 2023 Patch 3 - Unauthenticated Path Traversal
A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.
CWE-22 Aug 29, 2023 STIX 2.1
CVE-2023-41265 9.6 CRITICAL KEV SSVC ACTIVE RANSOMWARE 1 PoC Analysis NUCLEI EPSS 0.85
Qlik Sense Enterprise for Windows <= May 2023 Patch 3 - HTTP Request Tunneling
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.
CWE-444 Aug 29, 2023 STIX 2.1
CVE-2023-39650 9.8 CRITICAL SSVC PoC NUCLEI EPSS 0.04
Theme Volty CMS Blog < 4.0.1 - SQL Injection via id Parameter
Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single.
CWE-89 Aug 28, 2023 STIX 2.1
CVE-2023-41109 9.8 CRITICAL EXPLOITED NUCLEI EPSS 0.64
SmartNode SN200 3.21.2-23021 - Command Injection
SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection.
CWE-78 Aug 28, 2023 STIX 2.1
CVE-2023-39560 9.8 CRITICAL 1 PoC Analysis NUCLEI EPSS 0.04
ECTouch v2 - SQL Injection via $arr['id'] Parameter
ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php.
CWE-89 Aug 28, 2023 STIX 2.1
CVE-2023-40755 6.1 MEDIUM SSVC PoC NUCLEI EPSS 0.01
PHPJabbers Callback Widget v1.0 - XSS
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0.
CWE-79 Aug 28, 2023 STIX 2.1
CVE-2023-40753 5.4 MEDIUM NUCLEI EPSS 0.01
PHPJabbers Ticket Support Script <3.2 - XSS
There is a Cross Site Scripting (XSS) vulnerability in the message parameter of index.php in PHPJabbers Ticket Support Script v3.2.
CWE-79 Aug 28, 2023 STIX 2.1
CVE-2023-40752 6.1 MEDIUM NUCLEI EPSS 0.01
PHPJabbers Make an Offer Widget v1.0 - XSS
There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0.
CWE-79 Aug 28, 2023 STIX 2.1
CVE-2023-40751 6.1 MEDIUM NUCLEI EPSS 0.01
PHPJabbers Fundraising Script v1.0 - XSS
PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripting (XSS) via the "action" parameter of index.php.
CWE-79 Aug 28, 2023 STIX 2.1

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-41702: Forty-Seven Microseconds in /var/run/vmware/cnx-tmp
May 17, 2026
Hermes Agent with EIP Harness: The Vulnerability Research Assistant That Also Runs Your Pipelines
May 13, 2026
CVE-2026-41940: cPanel & WHM Pre-Auth RCE - Two Write Paths, One Filter
May 01, 2026
EIP STIX 2.1 / TAXII 2.1 Feed: Exploit Intelligence for Your Stack
Apr 29, 2026
CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
 View all posts →

CVEForge Labs

CVE-2026-45829 CRITICAL
ChromaDB >=1.0.0 - Unauthenticated Remote Code Execution via Malicious Model Repository
CVE-2026-42859 HIGH
Neat VNC: Buffer overflow due to oversized RSA public keys
CVE-2026-3296 CRITICAL
Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata
CVE-2026-34980 HIGH
OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
CVE-2026-35414 MEDIUM
OpenSSH < 10.3 - Always-Incorrect Control Flow Implementation in Authorized Keys Principals Handling
CVE-2026-33765 CRITICAL
Pi-hole Web <6.0 savesettings.php - Command Injection
CVE-2026-4105 MEDIUM
Red Hat Enterprise Linux 10 - Improper Access Control via systemd-machined RegisterMachine D-Bus Method
CVE-2026-30861 CRITICAL
WeKnora 0.2.5-0.2.9 - Unauthenticated Remote Code Execution via MCP stdio Configuration Validation Bypass
CVE-2026-30860 CRITICAL
WeKnora <0.2.12 - RCE via SQL Injection
CVE-2026-28391 CRITICAL
OpenClaw <2026.2.2 - Command Injection
 View all labs →

KEV Gaps

CVE-2026-48027
Compromised Nx Console version 18.95.0
 CVE-2026-8398
DAEMON Tools Lite 12.5.0.2421-12.5.0.2434 - Embedded Malicious Code in Trojanized Installer
 CVE-2026-45498
Microsoft Defender Denial of Service Vulnerability
 CVE-2009-1537
Microsoft DirectX 7.0-9.0c - Remote Code Execution via QuickTime Movie Parser Filter
 CVE-2026-6973
Ivanti Endpoint Manager Mobile < 12.6.1.1, < 12.7.0.1, < 12.8.0.1 - Authenticated Remote Code Execution
 CVE-2025-29635
D-Link DIR-823X 240126 and 240802 - Authenticated Remote Command Execution via /goform/set_prohibiting
 CVE-2024-57728
SimpleHelp < 5.5.8 - Authenticated Path Traversal and Arbitrary File Write via Zip Slip
 CVE-2024-57726
SimpleHelp < 5.5.8 - Missing Authorization for API Key Creation
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration Suite 8.8.15, 9.0, 10.0-10.1 - Stored Cross-Site Scripting via Crafted Email HTML Content