What's Changed

🔥 Release Highlights 🔥

• [CVE-2024-47176] CUPS - Remote Code Execution (@princechaddha) [high] 🔥
• [CVE-2024-47062] Navidrome < 0.53.0 - Authenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2024-46986] Camaleon CMS < 2.8.1 Arbitrary File Write to RCE (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2024-45519] Zimbra Collaboration Suite <9.0.0 - RCE (@pdresearch, @iamnoooob, @parthmalhotra, @ice3man543) [critical] 🔥
• [CVE-2024-45507] Apache OFBiz - Remote Code Execution (@chybeta, @iamnooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2024-44000] LiteSpeed Cache <= 6.4.1 - Sensitive Information Exposure (@s4e-io) [high] 🔥
• [CVE-2024-38473] Apache HTTP Server - ACL Bypass (@pdteam) [high] 🔥
• [CVE-2024-30188] Apache DolphinScheduler >= 3.1.0, < 3.2.2 File Read/Write (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
• [CVE-2024-28397] pyload-ng js2py - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [medium] 🔥
• [CVE-2024-9014] pgAdmin 4 - Authentication Bypass (@s4e-io) [critical] 🔥
• [CVE-2024-8522] LearnPress – WordPress LMS - SQL Injection (@pdresearch, @iamnoooob, @rootxharsh) [critical] 🔥
• [CVE-2024-8503] VICIdial - SQL Injection (@s4e-io) [critical] 🔥
• [CVE-2024-5276] Fortra FileCatalyst Workflow <= v5.1.6 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2023-43654] PyTorch TorchServe SSRF (@DhiyaneshDk) [critical] 🔥
• [CVE-2023-27584] Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2019-0232] Apache Tomcat CGIServlet enableCmdLineArguments - Remote Code Execution (@DhiyaneshDk) [high] 🔥

Bug Fixes

• Resolved unresolved variables found: FQDN (#10349).

False Negatives

• Improve detection and reduce false negatives for CVE-2024-47176 (Issue #10864).

False Positives

• Fixed false positive for CVE-2021-33044 (#10863).
• Removed CVE-2023-35489 due to false positives (Issue #10800).
• Update to fix false positives in CVE-2024-41667.yaml (#10751).
• Resolved false positive in CVE-2024-41667.yaml (#10749).

Enhancements

• Added regex extractor for user-agent of HTTP request to identify vulnerable devices in CVE-2024-47176.yaml (#10864).
• Updated severity in apple-cups-exposure.yaml (#10857).
• Severity update for jwk-json-leak.yaml (#10840).
• Added nacos configuration leak detection (#10825).
• Refactored the "git-repository-browser" template (#10801).
• Moved http/cves/CVE-2024-45507.yaml to http/cves/2024/CVE-2024-45507.yaml (#10785).
• Refactored the "kubelet-metrics" template (#10765).
• Refactored the "GITEA" template (#10752).
• Optimized templates due to Nuclei changes and added new templates (Issue #10285).
• Deleted http/fuzzing/valid-gmail-check.yaml as the Gmail API is no longer active (#10865).

Template Updates

New Templates Added: 86 | CVEs Added: 41 | First-time contributions: 2

• [CVE-2024-47176] CUPS - Remote Code Execution (@princechaddha) [high] 🔥
• [CVE-2024-47062] Navidrome < 0.53.0 - Authenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2024-46986] Camaleon CMS < 2.8.1 Arbitrary File Write to RCE (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2024-45622] ASIS - SQL Injection Authentication Bypass (@s4e-io) [critical]
• [CVE-2024-45519] Zimbra Collaboration Suite <9.0.0 - RCE (@pdresearch, @iamnoooob, @parthmalhotra, @ice3man543) [critical] 🔥
• [CVE-2024-45507] Apache OFBiz - Remote Code Execution (@chybeta, @iamnooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2024-44000] LiteSpeed Cache <= 6.4.1 - Sensitive Information Exposure (@s4e-io) [high] 🔥
• [CVE-2024-41810] Twisted - Open Redirect & XSS (@KoYejune0302, @cheoljun99, @sim4110, @gy741) [medium]
• [CVE-2024-38473] Apache HTTP Server - ACL Bypass (@pdteam) [high] 🔥
• [CVE-2024-36683] PrestaShop productsalert - SQL Injection (@mastercho) [critical]
• [CVE-2024-30269] DataEase <= 2.4.1 - Sensitive Information Exposure (@s4e-io) [medium]
• [CVE-2024-30188] Apache DolphinScheduler >= 3.1.0, < 3.2.2 File Read/Write (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
• [CVE-2024-28397] pyload-ng js2py - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [medium] 🔥
• [CVE-2024-22207] Fastify Swagger-UI - Information Disclosure (@DhiyaneshDK, @iamnoooob) [medium]
• [CVE-2024-9014] pgAdmin 4 - Authentication Bypass (@s4e-io) [critical] 🔥
• [CVE-2024-8883] Keycloak - Open Redirect (@iamnoooob, @rootxharsh, @pdresearch) [medium]
• [CVE-2024-8752] WebIQ 2.15.9 - Directory Traversal (@s4e-io) [high]
• [CVE-2024-8522] LearnPress – WordPress LMS - SQL Injection (@pdresearch, @iamnoooob, @rootxharsh) [critical] 🔥
• [CVE-2024-8503] VICIdial - SQL Injection (@s4e-io) [critical] 🔥
• [CVE-2024-8484] REST API TO MiniProgram <= 4.7.1 - SQL Injection (@s4e-io) [high]
• [CVE-2024-6845] SmartSearchWP < 2.4.6 - OpenAI Key Disclosure (@s4e-io) [medium]
• [CVE-2024-5276] Fortra FileCatalyst Workflow <= v5.1.6 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2024-3673] Web Directory Free < 1.7.3 - Local File Inclusion (@s4e-io) [critical]
• [CVE-2023-47253] Qualitor <= 8.20 - Remote Code Execution (@s4e-io) [critical]
• [CVE-2023-43654] PyTorch TorchServe SSRF (@DhiyaneshDk) [critical] 🔥
• [CVE-2023-39650] PrestaShop Theme Volty CMS Blog - SQL Injection (@mastercho) [critical]
• [CVE-2023-39024] Harman Media Suite <= 4.2.0 - Local File Disclosure (@s4e-io) [high]
• [CVE-2023-38192] SuperWebMailer 9.00.0.01710 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-27847] PrestaShop xipblog - SQL Injection (@mastercho) [critical]
• [CVE-2023-27584] Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2023-6568] Mlflow - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-6275] TOTVS Fluig Platform - Cross-Site Scripting (@s4e-io) [medium]
• [CVE-2023-3578] DedeCMS 5.7.109 - Server-Side Request Forgery (@ritikchaddha) [critical]
• [CVE-2023-3188] Owncast - Server Side Request Forgery (@DhiyaneshDk) [medium]
• [CVE-2022-24637] Open Web Analytics 1.7.3 - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical]
• [CVE-2020-11441] phpMyAdmin 5.0.2 - CRLF Injection (@ritikchaddha) [medium]
• [CVE-2019-6793] GitLab Enterprise Edition - Server-Side Request Forgery (@ritikchaddha) [high]
• [CVE-2019-0232] Apache Tomcat CGIServlet enableCmdLineArguments - Remote Code Execution (@DhiyaneshDk) [high] 🔥
• [CVE-2017-3133] Fortinet FortiOS < 5.6.0 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2017-3132] Fortinet FortiOS < 5.6.0 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2017-3131] FortiOS 5.4.0 to 5.6.0 - Cross-Site Scripting (@ritikchaddha) [medium]
• [bonita-default-login] Bonita - Default Login (@DhiyaneshDk) [high]
• [camaleon-default-login] Camaleon CMS - Default Login (@DhiyaneshDK) [high]
• [canon-c3325-default-login] Canon R-ADV C3325 - Default-Login (@ritikchaddha) [high]
• [dragonfly-default-login] Dragonfly - Default Login (@DhiyaneshDK) [high]
• [filegator-default-login] Filegator - Default-Login (@ritikchaddha) [high]
• [nginx-proxy-manager-default-login] Nginx Proxy Manager - Default Login (@barttran2000) [high]
• [pcoweb-default-login] pCOWeb - Default-Login (@ritikchaddha) [high]
• [topaccess-default-login] Toshiba TopAccess - Default-Login (@ritikchaddha) [high]
• [tplink-r470t-default-login] TP-LINK Router R470T - Default-Login (@ritikchaddha) [high]
• [tplink-wR940n-default-login] TP-Link Wireless N Router WR940N - Default-Login (@ritikchaddha) [high]
• [bonita-portal-panel] Bonita Portal Login - Detect (@DhiyaneshDK) [info]
• [camaleon-panel] Camaleon CMS Login - Panel (@DhiyaneshDK) [info]
• [canon-iradv-c3325] Canon iR-ADV C3325 Panel - Detect (@ritikchaddha) [info]
• [cgit-panel] CGIT - Detect (@tess, @righettod) [info]
• [docuware-panel] DocuWare - Detect (@righettod) [info]
• [dragonfly-panel] DragonFly Login - Panel (@DhiyaneshDK) [info]
• [filecatalyst-panel] FileCatalyst File Transfer Solution - Detect (@DhiyaneshDK) [info]
• [filegator-panel] FileGator Panel - Detect (@ritikchaddha) [info]
• [ivanti-csa-panel] Ivanti(R) Cloud Services Appliance - Panel (@rxerium) [info]
• [maestro-listserv-panel] Maestro LISTSERV - Detect (@righettod) [info]
• [open-web-analytics-panel] Open Web Analytics Login - Detect (@DhiyaneshDK) [info]
• [pcoweb-panel] pCOWeb Panel - Detect (@ritikchaddha) [info]
• [qualitor-itsm-panel] Qualitor ITSM - Detect (@johnk3r) [info]
• [topaccess-panel] Toshiba TopAccess Panel - Detect (@ritikchaddha) [info]
• [tplink-r470t-panel] TP-LINK Router R470T - Detect (@ritikchaddha) [info]
• [canon-c3325-unauth] Canon R-ADV C3325 - Unauth (@ritikchaddha) [high]
• [dragonfly-public-signup] DragonFly Public - Signup Enabled (@DhiyaneshDK) [high]
• [navidrome-admin-install] Navidrome Admin User Creation (@DhiyaneshDK) [critical]
• [open-web-analytics-installer] Open Web Analytics Installer - Exposure (@DhiyaneshDK) [high]
• [pcoweb-unauth] pCOWeb - Unauth (@ritikchaddha) [high]
• [cups-detect] CUPS - Detect (@rxerium) [info]
• [domibus-detect] Domibus - Detect (@righettod) [info]
• [hugegraph-detect] HugeGraph - Detect (@rxerium) [info]
• [lobechat-detect] LobeChat - Detect (@s4e-io) [info]
• [torchserve-detect] TorchServe API Description - Detect (@DhiyaneshDk) [info]
• [wordpress-extendify] Extendify Detection (@ricardomaia) [info]
• [wordpress-wp-mail-logging] WP Mail Logging Detection (@ricardomaia) [info]
• [fumengyun-sqli] Fumeng - SQL Injection (@ritikchaddha) [critical]
• [motic-dsm-arbitrary-file-read] MoticDSM - Arbitrary File Read (@s4e-io) [high]
• [nacos-info-leak] Nacos - Information Disclosure (@s4e-io) [high]
• [netpower-npfw-lfi] Netpower NPFW - Local File Inclusion (@ritikchaddha) [high]
• [newcapec-rce] Newcapec - Remote Code Execution (@ritikchaddha) [critical]
• [nginx-webui-rce] nginxWebUI ≤ 3.5.0 - Remote Command Execution (@ritikchaddha) [critical]
• [panmicro-arbitrary-file-read] Panmicro E-Mobile System - Arbitrary File Read (@s4e-io) [high]
• [onimai-rat-c2] Onimai RAT C2 SSL Certificate - Detect (@worldwidefuckfest) [info]

New Contributors

• @worldwidefuckfest made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/10818
• @KoYejune0302 made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/10428

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v10.0.0...v10.0.1