Vulnerabilities with Nuclei Scanner Templates

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

346,649 CVEs tracked 53,649 with exploits 4,860 exploited in wild 1,583 CISA KEV 4,077 Nuclei templates 52,377 vendors 43,908 researchers
4,077 results Clear all
CVE-2022-41840 7.5 HIGH EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.79
Welcart eCommerce <2.7.7 - Path Traversal
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
CWE-22 Nov 18, 2022
CVE-2022-43140 7.5 HIGH SSVC PoC NUCLEI EPSS 0.40
kkFileView v4.1.0 - SSRF
kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter.
CWE-918 Nov 17, 2022
CVE-2022-40881 9.8 CRITICAL EXPLOITED SSVC PoC 1 PoC Analysis NUCLEI EPSS 0.94
SolarView Compact 6.00 - Command Injection
SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php
CWE-77 Nov 17, 2022
CVE-2022-3980 9.8 CRITICAL EXPLOITED NUCLEI EPSS 0.88
Sophos Mobile < 9.7.5 - XXE
An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.
CWE-611 Nov 16, 2022
CVE-2022-40843 4.9 MEDIUM EXPLOITED NUCLEI EPSS 0.40
Tenda AC1200 V-W15Ev2 - Auth Bypass
The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator's user account.
Nov 15, 2022
CVE-2022-42118 6.1 MEDIUM NUCLEI EPSS 0.13
Liferay Portal < 7.4.2 - XSS
A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the `tag` parameter.
CWE-79 Nov 15, 2022
CVE-2022-3578 6.1 MEDIUM SSVC PoC NUCLEI EPSS 0.06
ProfileGrid WP <5.1.1 - XSS
The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
CWE-79 Nov 14, 2022
CVE-2022-3484 6.1 MEDIUM SSVC PoC NUCLEI EPSS 0.04
Wpb Show Core - XSS
The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
CWE-79 Nov 14, 2022
CVE-2022-3477 9.8 CRITICAL EXPLOITED SSVC PoC NUCLEI EPSS 0.63
Newsmag < 5.2.2 - Authentication Bypass
The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address
CWE-287 Nov 14, 2022
CVE-2022-40127 8.8 HIGH 2 PoCs Analysis NUCLEI EPSS 0.93
Apache Airflow < 2.4.0 - Code Injection
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.
CWE-94 Nov 14, 2022
CVE-2022-3481 9.8 CRITICAL EXPLOITED SSVC PoC NUCLEI EPSS 0.48
Opmc Woocommerce Dropshipping < 4.4 - SQL Injection
The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection
CWE-89 Nov 07, 2022
CVE-2022-3869 6.1 MEDIUM SSVC PoC 1 Writeup NUCLEI EPSS 0.15
froxlor/froxlor <0.10.38.2 - Code Injection
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.
CWE-94 Nov 05, 2022
CVE-2022-42749 6.1 MEDIUM SSVC PoC NUCLEI EPSS 0.03
Auieo Candidats - XSS
CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.
CWE-79 Nov 03, 2022
CVE-2022-42748 6.1 MEDIUM SSVC PoC NUCLEI EPSS 0.03
Auieo Candidats - XSS
CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.
CWE-79 Nov 03, 2022
CVE-2022-42747 6.1 MEDIUM SSVC PoC NUCLEI EPSS 0.03
Auieo Candidats - XSS
CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.
CWE-79 Nov 03, 2022
CVE-2022-42746 6.1 MEDIUM SSVC PoC NUCLEI EPSS 0.03
Auieo Candidats - XSS
CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.
CWE-79 Nov 03, 2022
CVE-2022-3800 6.3 MEDIUM NUCLEI EPSS 0.36
IBAX go-ibax - SQL Injection
A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212636.
CWE-89 Nov 01, 2022
CVE-2022-3254 9.8 CRITICAL EXPLOITED SSVC PoC NUCLEI EPSS 0.86
WordPress Classifieds Plugin <4.3 - SQL Injection
The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection
CWE-89 Oct 31, 2022
CVE-2022-2627 6.1 MEDIUM SSVC PoC NUCLEI EPSS 0.24
Newspaper WordPress <12 - XSS
The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting.
CWE-79 Oct 31, 2022
CVE-2022-3766 6.1 MEDIUM SSVC PoC 1 PoC Analysis NUCLEI EPSS 0.14
Phpmyfaq < 3.1.8 - XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
CWE-79 Oct 31, 2022

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised -- A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-29635
Dlink Dir-823x Firmware - Command Injection
 CVE-2024-57728
Simple-help Simplehelp < 5.5.8 - Symlink Following
 CVE-2024-57726
Simple-help Simplehelp < 5.5.8 - Missing Authorization
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2026-20122
Cisco Catalyst SD-WAN Manager - Path Traversal
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration <10.1 - XSS
 CVE-2025-2749
Kentico Xperience < 13.0.178 - Path Traversal
 CVE-2023-27351
Papercut MF < 20.1.7 - Authentication Bypass
 CVE-2009-0238
Microsoft Office <2007 SP1 - RCE
 CVE-2012-1854
Microsoft Office <2010 - Privilege Escalation