🔥 Release Highlights 🔥

• [CVE-2024-37032] Ollama - Remote Code Execution (@kaks3c) [critical] 🔥
• [CVE-2024-36991] Splunk Enterprise - Local File Inclusion (@DhiyaneshDK) [high] 🔥
• [CVE-2024-36401] GeoServer RCE in Evaluating Property Name Expressions (@DhiyaneshDk) [critical] 🔥
• [CVE-2024-34102] Adobe Commerce & Magento - CosmicSting (@DhiyaneshDK) [critical] 🔥
• [CVE-2024-33113] D-LINK DIR-845L bsc_sms_inbox.php file - Information Disclosure (@pussycat0x) [medium] 🔥
• [CVE-2024-29972] Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account (@gy741) [critical] 🔥
• [CVE-2024-6028] Quiz Maker <= 6.5.8.3 - SQL Injection (@s4e-garage) [critical] 🔥
• [CVE-2023-52251] Kafka UI 0.7.1 Command Injection (@yhy0, @iamnoooob) [high] 🔥
• [CVE-2020-10189] ManageEngine Desktop Central Java Deserialization (@king-alexander) [critical] 🔥

What's Changed

New Templates Added: 75 | CVEs Added: 29 | First-time contributions: 5

• [CVE-2024-37881] SiteGuard WP Plugin <= 1.7.6 - Login Page Disclosure (@s4e-garage) [medium]
• [CVE-2024-37152] Argo CD Unauthenticated Access to sensitive setting (@DhiyaneshDk) [medium]
• [CVE-2024-37032] Ollama - Remote Code Execution (@kaks3c) [critical] 🔥
• [CVE-2024-36991] Splunk Enterprise - Local File Inclusion (@DhiyaneshDK) [high] 🔥
• [CVE-2024-36401] GeoServer RCE in Evaluating Property Name Expressions (@DhiyaneshDk) [critical] 🔥
• [CVE-2024-34102] Adobe Commerce & Magento - CosmicSting (@DhiyaneshDK) [critical] 🔥
• [CVE-2024-33610] Sharp Multifunction Printers - Cookie Exposure (@gy741) [medium]
• [CVE-2024-33605] Sharp Multifunction Printers - Directory Listing (@gy741) [high]
• [CVE-2024-33113] D-LINK DIR-845L bsc_sms_inbox.php file - Information Disclosure (@pussycat0x) [medium] 🔥
• [CVE-2024-32709] WP-Recall <= 16.26.5 - SQL Injection (@s4e-garage) [critical]
• [CVE-2024-29972] Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account (@gy741) [critical] 🔥
• [CVE-2024-27292] Docassemble - Local File Inclusion (@johnk3r) [high]
• [CVE-2024-25852] Linksys RE7000 - Command Injection (@s4e-garage) [high]
• [CVE-2024-6188] TrakSYS 11.x.x - Sensitive Data Exposure (@s4e-garage) [medium]
• [CVE-2024-6028] Quiz Maker <= 6.5.8.3 - SQL Injection (@s4e-garage) [critical] 🔥
• [CVE-2024-5947] Deep Sea Electronics DSE855 - Authentication Bypass (@s4e-garage) [medium]
• [CVE-2024-5522] WordPress HTML5 Video Player < 2.5.27 - SQL Injection (@JohnDoeAnonITA) [critical]
• [CVE-2024-5084] Hash Form <= 1.1.0 - Arbitrary File Upload (@s4e-garage) [critical]
• [CVE-2024-4836] Edito CMS - Sensitive Data Leak (@s4e-garage) [high]
• [CVE-2024-4434] LearnPress WordPress LMS Plugin <= 4.2.6.5 - SQL Injection (@s4e-garage) [critical]
• [CVE-2023-52251] Kafka UI 0.7.1 Command Injection (@yhy0, @iamnoooob) [high] 🔥
• [CVE-2023-47117] Label Studio - Sensitive Information Exposure (@iamnoooob, @rootxharsh, @pdresearch) [high]
• [CVE-2023-41599] JFinalCMS v5.0.0 - Directory Traversal (@pussycat0x) [medium]
• [CVE-2023-35161] XWiki >= 6.2-milestone-1 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-35160] XWiki >= 2.5-milestone-2 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-35159] XWiki >= 3.4-milestone-1 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-35156] XWiki >= 6.0-rc-1 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-3380] WAVLINK WN579X3 - Remote Command Execution (@pussycat0x) [critical]
• [CVE-2020-10189] ManageEngine Desktop Central Java Deserialization (@king-alexander) [critical] 🔥
• [CNVD-2023-03903] EduSoho < v22.4.7 - Local File Inclusion (@s4e-garage) [high]
• [CNVD-2021-64035] Leadsec VPN - Arbitrary File Read (@xiaoWangSec) [high]
• [spring4shell-CVE-2022-22965] Spring Framework RCE via Data Binding on JDK 9+ (@DhiyaneshDK, @ritikchaddha) [critical] 🔥
• [csv-injection] CSV Injection Detection (@DhiyaneshDK, @ritikchaddha) [medium]
• [xinclude-injection] XInclude Injection - Detection (@DhiyaneshDK, @ritikchaddha) [high]
• [apache-apollo-default-login] Apache Apollo - Default Login (@ritikchaddha) [high]
• [caprover-default-login] Caprover - Default Login (@ritikchaddha) [high]
• [dialogic-xms-default-login] Dialogic XMS Admin Console - Default Login (@ritikchaddha) [high]
• [jeedom-default-login] Jeedom - Default Login (@ritikchaddha) [high]
• [ruijie-nbr-default-login] Ruijie NBR Series Routers - Default Login (@pussycat0x) [high]
• [apache-apollo-panel] Apache Apollo Panel - Detect (@ritikchaddha) [info]
• [dialogic-xms-console] Dialogic XMS Admin Console - Detect (@ritikchaddha) [info]
• [endpoint-protector-panel] Endpoint Protector Login Panel - Detect (@pussycat0x) [info]
• [label-studio-panel] Label Studio - Login Panel (@DhiyaneshDK) [info]
• [sql-server-dump] SQL Server - Dump Files (@userdehghani) [medium]
• [apache-pinot-config] Apache Pinot - Exposure (@icarot) [medium]
• [filestash-admin-config] Filestash Admin Password Configuration (@DhiyaneshDK) [high]
• [neo4j-neodash-config] Neo4j Neodash Config - Exposure (@icarot) [medium]
• [jwk-json-leak] JSON Web Key File - Exposure (@Mohsen Yaghoubi) [low]
• [coolify-register-account] Coolify Register User Account - Enabled (@DhiyaneshDk) [medium]
• [forgejo-repo-exposure] Forgejo Repositories - Exposure (@DhiyaneshDK) [medium]
• [kodbox-installer] Kodbox Installation Page - Exposure (@DhiyaneshDK) [high]
• [piwigo-installer] Piwigo Installation Page - Exposure (@DhiyaneshDK) [high]
• [poste-io-installer] Poste.io - Installer (@DhiyaneshDK) [high]
• [subrion-installer] Subrion CMS Web Installer - Exposure (@ritikchaddha) [high]
• [label-studio-signup] Label Studio - Sign-up Detect (@DhiyaneshDK) [unknown]
• [laragon-phpinfo] Laragon - phpinfo Disclosure (@DhiyaneshDk) [low]
• [seq-dashboard-unauth] Seq Dashboard - Unauthenticated (@DhiyaneshDK) [high]
• [apache-cloudstack-detect] Apache CloudStack - Detect (@pussycat0x) [info]
• [apache-pinot-detect] Apache Pinot - Detect (@icarot) [info]
• [neo4j-neodash-detect] Neo4j Neodash - Detect (@icarot) [info]
• [wordpress-chaty] Floating Chat Widget' Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty Detection (@ricardomaia) [info]
• [polyfill-backdoor] Polyfill.io - Detection (@kazet) [low]
• [hjsoft-hcm-lfi] Hongjing HCM - Local File Inclusion (@s4e-garage) [high]
• [hjsoft-hcm-sqli] Hongjing HCM - Sql Injection (@s4e-garage) [high]
• [hjsoft-hcm-tb-sqli] Hongjing HCM - Time-Based Sql Injection (@s4e-garage) [high]
• [jinhe-oa-c6-upload-lfi] Jinhe OA_C6_UploadFileDownLoadnew - Arbitrary File Read (@pussycat0x) [high]
• [next-js-cache-poisoning] Next.js Cache Poisoning (@Ice3man543) [high]
• [azon-dominator-sqli] Azon Dominator - SQL Injection (@s4e-garage) [high]
• [bagisto-csti] Bagisto 2.1.2 Client-Side Template Injection (@s4e-garage) [medium]
• [crocus-lfi] Crocus system Service.do - Arbitrary File Read (@pussycat0x) [high]
• [enjoyrmis-sqli] EnjoyRMIS - SQL Injection (@s4e-garage) [high]
• [h3c-cnsss-arbitrary-file-upload] H3C CNSSS - Arbitrary File Upload (@s4e-garage) [critical]
• [pingsheng-electronic-sqli] Pingsheng Electronic Reservoir Supervision Platform - Sql Injection (@s4e-garage) [high]
• [sharp-printers-lfi] Sharp Multifunction Printers - Local File Inclusion (@gy741) [high]
• [ldap-metadata] LDAP Metadata - Enumeration (@pussycat0x) [info]

New Contributors

• @yhy0 made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/9345
• @JohnDoeAnonITA made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/10137
• @zeroc00I made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/10171
• @IPv4v6 made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/10212
• @BitThr3at made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/10224

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.9.0...v9.9.1