Nuclei Templates

With the release of Nuclei v3.2.0, we've introduced a more powerful and versatile approach to conducting authenticated scans. Previously, authentication headers were primarily included using the -H flag, a method that had its limitations. The introduction of the new -secret-file flag overcomes these challenges by accepting

Last year we conducted an in-depth analysis of multiple vulnerabilities within Adobe ColdFusion, we derived valuable insights, one of which revolved around CFM and CFC handling, parsing and execution. We wondered if there are any other CFML Servers. Does this ring a bell? Allow us to introduce Lucee. We'

Summary of Releases v9.7.3, v9.7.4, and v9.7.5 This month, we've released multiple versions of Nuclei Templates that bring numerous enhancements to Nuclei users. Here are some highlighted stats from the combined releases: 🎉 157 new Templates added 🚀 20 first-time contributions 🔥 36 new CVEs

CVE-2023-22527 is a critical vulnerability within Atlassian's Confluence Server and Data Center. This vulnerability has the potential to permit unauthenticated attackers to inject OGNL expressions into the Confluence instance, thereby enabling the execution of arbitrary code and system commands. Technical Details Initial Analysis The CVE description provided by

CVE-2023-43177 is a critical vulnerability in CrushFTP. The vulnerability could potentially allow unauthenticated attackers with network access to the CrushFTP Instance to write files in the local file system and eventually in some versions could allow the executing of arbitrary system commands. Technical Details Based on the information shared in

Summary of Releases v9.6.9 and v9.7.0 🎉 124 new Templates added 🚀 14 first-time contributions 🔥 31 new CVEs added Introduction This month, we've seen several high-profile CVEs impacting various technologies. Key among them is CVE-2023-46604, a significant vulnerability in Apache ActiveMQ, notable for its potential for

GameOver(lay) encompasses two significant vulnerabilities within the Ubuntu kernel, CVE-2023-2640, and CVE-2023-32629, each carrying a high-severity rating with CVSS scores of 7.8. These vulnerabilities pose a critical threat, potentially affecting around 40% of Ubuntu users. The vulnerability lies within the OverlayFS module of the Ubuntu kernel, enabling a

CVE-2023-22518 is a critical vulnerability in Atlassian Confluence Data Center and Server. The vulnerability could potentially allow unauthenticated attackers with network access to the Confluence Instance to restore the database of the Confluence instance and eventually execute arbitrary system commands. Technical Details After performing a patch diff between the patched

Description: CVE-2023-46747 is a critical vulnerability in the F5 BIG-IP Configuration Utility identified as a request smuggling bug within the Apache JServ Protocol (AJP). The flaw could potentially allow unauthenticated attackers with network access to the BIG-IP system through the management port and/or self-IP addresses to execute arbitrary system