pdnuclei-bot
@pdnuclei_bot
Followers
804
Following
1
Media
0
Statuses
509
Tweeting fresh CVE templates from @pdnuclei's Nuclei Templates repository. Stay updated with the latest security vulnerabilities and CVEs 🤖
Joined March 2025
🚨 CVE-2025-64446 - critical 🚨 FortiWeb - Authentication Bypass > A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, For... 👾 https://t.co/Db8mc0Cu6W
@pdnuclei #NucleiTemplates #cve
cloud.projectdiscovery.io
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through...
0
2
6
🚨 CVE-2024-8852 - medium 🚨 All-in-One WP Migration < 7.87 - Unauthenticated Information Disclosure > The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to unauthen... 👾 https://t.co/QpkaWzkTCD
@pdnuclei #NucleiTemplate...
cloud.projectdiscovery.io
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to unauthenticated information disclosure due to its error.log file being publicly accessible in versions before 7.87.
0
0
0
🚨 CVE-2025-51991 - critical 🚨 XWiki <= 17.3.0 - Server-Side Template Injection (SSTI) > XWiki <= 17.3.0 contains a server-side template injection caused by improper validati... 👾 https://t.co/A4o5klsJDv
@pdnuclei #NucleiTemplates #cve
cloud.projectdiscovery.io
XWiki <= 17.3.0 contains a server-side template injection caused by improper validation of Apache Velocity template code in the Administration interface HTTP Meta Info field, letting authenticated...
0
0
1
🚨 CVE-2025-11749 - critical 🚨 WordPress AI Engine Plugin - Token Exposure > Unauthenticated sensitive information exposure in AI Engine WordPress plugin <= 3.1.3... 👾 https://t.co/hcuzL55MF8
@pdnuclei #NucleiTemplates #cve
cloud.projectdiscovery.io
Create, edit, generate, and scan templates using AI in one seamless experience with Nuclei.
0
2
1
🚨 CVE-2021-4374 - critical 🚨 WordPress Automatic Plugin - Unauthenticated Options Change > WordPress Automatic Plugin (versions 3.53.2 and below) contains a critical vulnerabil... 👾 https://t.co/CZTTlU9tTY
@pdnuclei #NucleiTemplates #cve
cloud.projectdiscovery.io
Create, edit, generate, and scan templates using AI in one seamless experience with Nuclei.
0
0
0
🚨 CVE-2025-12101 - medium 🚨 Citrix NetScaler ADC & Gateway - Reflected XSS > Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance ... 👾 https://t.co/OMUsxVHq7x
@pdnuclei #NucleiTemplates #cve
cloud.projectdiscovery.io
Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
0
4
19
🚨 CVE-2025-51990 - medium 🚨 XWiki – Stored Cross-Site Scripting (XSS) > XWiki through version 17.3.0 contains stored cross-site scripting caused by improper ... 👾 https://t.co/fUK7GSBv5w
@pdnuclei #NucleiTemplates #cve
cloud.projectdiscovery.io
XWiki through version 17.3.0 contains stored cross-site scripting caused by improper sanitization of inputs in the Administration interface's Presentation section, letting authenticated administrat...
0
0
0
🚨 CVE-2023-39121 - high 🚨 Emlog 2.1.9 - SQL Injection > emlog v2.1.9 contains a SQL injection caused by unsanitized input in the data backup/... 👾 https://t.co/gLXgOnPSqi
@pdnuclei #NucleiTemplates #cve
cloud.projectdiscovery.io
emlog v2.1.9 contains a SQL injection caused by unsanitized input in the data backup/restore functionality, allowing attackers to execute arbitrary SQL commands through crafted backup files.
0
0
0
🚨 CVE-2025-12480 - critical 🚨 Triofox - Improper Access Control > The Gladinet Triofox solution before 12.91.1126.65588 and CentreStack before 12.10.59... 👾 https://t.co/zVvaAo0IDv
@pdnuclei #NucleiTemplates #cve
cloud.projectdiscovery.io
The Gladinet Triofox solution before 12.91.1126.65588 and CentreStack before 12.10.595.65696 allow unauthenticated access to the /management/admindatabase.aspx endpoint, exposing sensitive database...
0
0
1
🚨 CVE-2024-50857 - medium 🚨 GestioIP - Reflected Cross-Site Scripting > GestioIP v3.5.7 contains a reflected cross-site scripting caused by unsanitized input... 👾 https://t.co/gCpwWwFVVJ
@pdnuclei #NucleiTemplates #cve
cloud.projectdiscovery.io
GestioIP v3.5.7 contains a reflected cross-site scripting caused by unsanitized input in the ip_do_job request, letting attackers execute scripts in the victim's browser, exploit requires specific...
0
0
0
🚨 CVE-2025-8943 - critical 🚨 Flowise < 3.0.1 - Remote Command Execution > The Custom MCPs feature is designed to execute OS commands, for instance, using tools... 👾 https://t.co/WyoQRcsHJ8
@pdnuclei #NucleiTemplates #cve
cloud.projectdiscovery.io
The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is...
0
1
0
🚨 CVE-2025-4302 - medium 🚨 Stop User Enumeration WordPress plugin - Authentication Bypass > Stop User Enumeration WordPress plugin < 1.7.3 contains an authentication bypass caus... 👾 https://t.co/l4J8B5lpxs
@pdnuclei #NucleiTemplates #cve
cloud.projectdiscovery.io
Stop User Enumeration WordPress plugin < 1.7.3 contains an authentication bypass caused by URL-encoding the REST API path /wp-json/wp/v2/users/, letting attackers bypass user enumeration restrictio...
0
0
1
🚨 CVE-2024-53900 - critical 🚨 Mongoose < 8.8.3 - Remote Code Execution > Mongoose before 8.8.3 can improperly use $where in match, leading to search injection... 👾 https://t.co/jAjA2VnRDE
@pdnuclei #NucleiTemplates #cve
cloud.projectdiscovery.io
Mongoose before 8.8.3 can improperly use $where in match, leading to search injection.
0
0
2
🚨 CVE-2025-1550 - critical 🚨 Keras Model.load_model - Arbitrary Code Execution > The Keras Model.load_model function permits arbitrary code execution, even with safe_... 👾 https://t.co/49tdSwF91g
@pdnuclei #NucleiTemplates #cve
cloud.projectdiscovery.io
The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the...
0
2
3
🚨 CVE-2025-31486 - medium 🚨 Vite server.fs.deny Bypass - Local File Inclusion > Vite is a frontend tooling framework for javascript. The contents of arbitrary files ... 👾 https://t.co/YkgcLQdHN2
@pdnuclei #NucleiTemplates #cve
cloud.projectdiscovery.io
Create, edit, generate, and scan templates using AI in one seamless experience with Nuclei.
0
0
0
🚨 CVE-2025-44137 - high 🚨 MapTiler Tileserver-php v2.0 - Unauthenticated File Read > MapTiler Tileserver-php v2.0 contains a directory traversal caused by improper saniti... 👾 https://t.co/gdp8inkDIx
@pdnuclei #NucleiTemplates #cve
cloud.projectdiscovery.io
MapTiler Tileserver-php v2.0 contains a directory traversal caused by improper sanitization of GET parameters in renderTile function, letting attackers read arbitrary files on the server, exploit...
0
0
0
🚨 CVE-2025-44136 - medium 🚨 MapTiler Tileserver-php v2.0 - Unauthenticated XSS > MapTiler Tileserver-php v2.0 contains a reflected XSS caused by unencoded reflection ... 👾 https://t.co/jU0tA979tz
@pdnuclei #NucleiTemplates #cve
cloud.projectdiscovery.io
MapTiler Tileserver-php v2.0 contains a reflected XSS caused by unencoded reflection of the GET parameter \"layer\" in an error message, letting unauthenticated attackers execute arbitrary script on...
0
0
1
🚨 CVE-2020-14644 - critical 🚨 Oracle WebLogic Server - Remote Code Execution (Insecure Deserialization) > Oracle WebLogic Server 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 contain a remote code e... 👾 https://t.co/X4LyZfICzv
@pdnuclei #NucleiTe...
cloud.projectdiscovery.io
Oracle WebLogic Server 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 contain a remote code execution caused by unauthenticated network access via IIOP and T3, letting attackers take over the server, exploit...
0
0
0
🚨 CVE-2025-9985 - medium 🚨 Featured Image from URL (FIFU) <= 5.2.7 - Unauthenticated Information Exposure via Log File > The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive In... 👾 https://t.co/v04956pQYU
@pdnu...
cloud.projectdiscovery.io
The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through publicly exposed log files. This makes it...
0
0
0
🚨 CVE-2024-0799 - critical 🚨 Arcserve Unified Data Protection - Authentication Bypass > An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2... 👾 https://t.co/vlejfgDTLr
@pdnuclei #NucleiTemplates #cve
cloud.projectdiscovery.io
An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin()...
0
0
0