🔥 Release Highlights 🔥

• [CVE-2024-0200] Github Enterprise - Authenticated RCE (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2024-4956] Sonatype Nexus Repository Manager 3 - Local File Inclusion (@ritikchaddha) [high] 🔥
• [CVE-2024-0195] SpiderFlow Crawler Platform - Remote Code Execution (@pussycat0x) [critical] 🔥
• [CVE-2023-43374] Hoteldruid v3.0.5 - SQL Injection (@ritikchaddha) [critical] 🔥

What's Changed

New Templates Added: 62 | CVEs Added: 16 | First-time contributions: 3

• [CVE-2024-33288] Prison Management System - SQL Injection Authentication Bypass (@Kazgangap) [high]
• [CVE-2024-4956] Sonatype Nexus Repository Manager 3 - Local File Inclusion (@ritikchaddha) [high] 🔥
• [CVE-2024-3097] NextGEN Gallery <= 3.59 - Missing Authorization to Unauth Information Disclosure (@DhiyanesDK) [medium]
• [CVE-2024-1561] Gradio Applications - Local File Read (@Diablo) [high]
• [CVE-2024-0200] Github Enterprise - Authenticated RCE (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2024-0195] SpiderFlow Crawler Platform - Remote Code Execution (@pussycat0x) [critical] 🔥
• [CVE-2023-45855] qdPM 9.2 - Directory Traversal (@DhiyaneshDk) [high]
• [CVE-2023-44813] mooSocial v.3.1.8 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-43374] Hoteldruid v3.0.5 - SQL Injection (@ritikchaddha) [critical] 🔥
• [CVE-2023-36347] POS Codekop v2.0 - Broken Authentication (@princechaddha) [high]
• [CVE-2023-36284] QloApps 1.6.0 - SQL Injection (@ritikchaddha) [high]
• [CVE-2023-35158] XWiki - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-29827] Embedded JavaScript(EJS) 3.1.6 - Template Injection (@ritikchaddha) [critical]
• [CVE-2023-6065] Quttera Web Malware Scanner <= 3.4.1.48 - Sensitive Data Exposure (@Kazgangap) [medium]
• [CVE-2023-5991] Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion (@Kazgangap) [critical]
• [CVE-2023-4542] D-Link DAR-8000-10 - Command Injection (@pussycat0x) [critical]
• [CNVD-2017-06001] Dahua DSS - SQL Injection (@napgh0st, @ritikchaddha) [high]
• [softether-vpn-default-login] SoftEther VPN Admin Console - Default Login (@bhutch) [high]
• [ackee-panel] Ackee Panel - Detect (@userdehghani) [info]
• [craftercms-panel] CrafterCMS Login Panel - Detect (@righettod) [info]
• [easyvista-panel] EasyVista Login Panel - Detect (@righettod) [info]
• [f5-next-central-manager] F5 Next Central Manager Panel - Detect (@EgemenKochisarli) [info]
• [ghost-panel] Ghost Panel - Detect (@userdehghani) [info]
• [matomo-panel] Matomo Panel - Detect (@Arr0way, @userdehghani) [info]
• [microfocus-lifecycle-panel] Micro Focus Application Lifecycle Management - Panel (@righettod) [info]
• [n8n-panel] n8n Panel - Detect (@userdehghani) [info]
• [nocodb-panel] NocoDB Panel - Detect (@userdehghani) [info]
• [oracle-ebusiness-panel] Oracle E-Business Suite Login Panel - Detect (@righettod) [info]
• [pocketbase-panel] PocketBase Panel - Detect (@userdehghani) [info]
• [qlikview-accesspoint-panel] QlikView AccessPoint Login Panel - Detect (@righettod) [info]
• [tiny-rss-panel] Tiny RSS Panel - Detect (@userdehghani) [info]
• [unleash-panel] Unleash Panel - Detect (@userdehghani) [info]
• [tpot-honeypot-detect] T-Pot Honeypot - Detect (@rxerium) [info]
• [imgproxy-unauth] Imgproxy Unauthorized Access (@userdehghani) [low]
• [custom-xoops-installer] XOOPS Custom - Installation (@DhiyaneshDK) [high]
• [easy-viserlabs-installer] Easy Installer by ViserLab - Exposure (@DhiyaneshDk) [high]
• [forgejo-installer] Forgejo Installation Page - Exposure (@DhiyaneshDk) [high]
• [froxlor-installer] Froxlor Server Management - Installer (@DhiyaneshDK) [high]
• [growi-installer] GROWI Installer - Exposure (@DhiyaneshDk) [high]
• [ids-skills-installer] IDP Skills Installer - Exposure (@DhiyaneshDk) [high]
• [moosocial-installer] mooSocial Installation - Exposure (@ritikchaddha) [high]
• [octoprint-installer] OctoPrint Installation Page - Exposure (@DhiyaneshDk) [high]
• [openfire-setup] Openfire Setup - Exposure (@DhiyaneshDk) [high]
• [phpmyfaq-installer] phpMyFAQ Installation - Exposure (@ritikchaddha) [high]
• [qloapps-installer] QloApps - Installation (@ritikchaddha) [high]
• [trilium-notes-installer] Trilium Notes Installer - Exposure (@DhiyaneshDk) [high]
• [wiki-js-installer] Wiki.js Setup - Exposure (@DhiyaneshDk) [high]
• [xbackbone-installer] XBackBone Installer - Exposure (@DhiyaneshDk) [high]
• [unigui-server-monitor-exposure] UniGUI Server Monitor Panel - Exposure (@serrapa) [low]
• [apache-answer-detect] Apache Answer - Detection (@omranisecurity) [info]
• [boa-web-server] Boa Web Server - Detect (@johnk3r) [info]
• [craftercms-detect] CrafterCMS - Detect (@righettod) [info]
• [imgproxy-detect] Imgproxy Detect (@userdehghani) [info]
• [meilisearch-detect] Meilisearch - Detect (@userdehghani) [info]
• [microfocus-iprint-detect] Micro Focus iPrint Appliance - Detect (@righettod) [info]
• [statamic-detect] Statamic - Detect (@geeknik) [info]
• [tinyproxy-detect] Tinyproxy - Detect (@bhutch) [info]
• [uni-gui-framework] UniGUI Framework - Detect (@serrapa) [info]
• [wp-bricks-builder-theme] WordPress Bricks Builder Theme Version (@Anonymous) [info]
• [castel-digital-sqli] Castel Digital - Authentication Bypass (@Kazgangap) [high]
• [tendat-credential] Tendat Router Credential - Exposure (@pussycat0x) [high]
• [checkpoint-firewall-enum] Check Point Firewall - Detect (@pussycat0x) [info]

New Contributors

• @x676f64 made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/9690
• @Ahsraeisi made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/9793
• @jmac774 made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/9844

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.8.6...v9.8.7