pdnuclei-bot
@pdnuclei_bot
Followers
664
Following
1
Media
0
Statuses
224
Tweeting fresh CVE templates from @pdnuclei's Nuclei Templates repository. Stay updated with the latest security vulnerabilities and CVEs π€
Joined March 2025
π¨ CVE-2017-18349 - critical π¨. Fastjson Insecure Deserialization - Remote Code Execution. > parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and . πΎ @pdnuclei #NucleiTemplates #cve.
cloud.projectdiscovery.io
parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a...
0
0
0
π¨ CVE-2025-6058 - critical π¨. WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload. > The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to miss. πΎ @pdnuclei #NucleiTemplates #cve.
cloud.projectdiscovery.io
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_booking_type' route in all...
0
1
3
π¨ CVE-2019-5544 - critical π¨. VMware ESXi SLP - Heap Overflow DoS. > OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. V. πΎ @pdnuclei #NucleiTemplates #cve.
cloud.projectdiscovery.io
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base...
0
1
5
π¨ CVE-2024-36675 - high π¨. LyLme spage v1.9.5 - Server-Side Request Forgery. > LyLme spage v1.9.5 is vulnerable to server-side request forgery (SSRF) via the url pa. πΎ @pdnuclei #NucleiTemplates #cve.
cloud.projectdiscovery.io
LyLme spage v1.9.5 is vulnerable to server-side request forgery (SSRF) via the url parameter in apply/index.php. An attacker can force the server to make arbitrary requests, potentially accessing...
0
2
14
π¨ CVE-2025-6970 - critical π¨. WordPress Events Manager <= 7.0.3 - SQL Injection. > The Events Manager - Calendar, Bookings, Tickets, and more! plugin for WordPress is v. πΎ @pdnuclei #NucleiTemplates #cve.
cloud.projectdiscovery.io
The Events Manager - Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 7.0.3 due...
1
1
7
π¨ CVE-2025-34300 - critical π¨. SawtoothSoftware Lighthouse Studio < 9.16.14 - Pre-Auth Remote Code Execution. > A pre-authentication remote code execution vulnerability exists in Sawtooth Softwareβ. πΎ @pdnuclei #Nucl. .
cloud.projectdiscovery.io
A pre-authentication remote code execution vulnerability exists in Sawtooth Softwareβs Lighthouse Studio versions prior to 9.16.14. The issue arises from the unsafe use of the `eval` function within...
0
0
8
π¨ CVE-2025-2712 - medium π¨. Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting. > Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting (XSS) via th. πΎ @pdnuclei #NucleiTemplates #cve.
cloud.projectdiscovery.io
Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting (XSS) via the langcode parameter in /help/systop.jsp and /help/top.jsp. Unsanitized user input is reflected in the response,...
0
1
1
π¨ CVE-2024-33832 - medium π¨. OneNav v0.9.35-20240318 - Server-Side Request Forgery (SSRF). > OneNav v0.9.35-20240318 is vulnerable to server-side request forgery (SSRF) via the u. πΎ @pdnuclei #NucleiTemplates #cve.
cloud.projectdiscovery.io
OneNav v0.9.35-20240318 is vulnerable to server-side request forgery (SSRF) via the url parameter in the get_link_info API. An attacker can force the server to make arbitrary requests, potentially...
0
0
0
π¨ CVE-2024-29198 - high π¨. GeoServer Demo Request Endpoint - Server Side Request Forgery. > It is possible to achieve Server Side Request Forgery (SSRF) via the Demo request end. πΎ @pdnuclei #NucleiTemplates #cve.
cloud.projectdiscovery.io
It is possible to achieve Server Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. An unauthenticated user can supply a request that will be issued by the...
0
0
2
π¨ CVE-2025-2709 - medium π¨. Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting. > Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting (XSS) via th. πΎ @pdnuclei #NucleiTemplates #cve.
cloud.projectdiscovery.io
Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting (XSS) via the key and redirect parameters in login.jsp. Unsanitized user input is reflected in the response, allowing arbitr...
0
0
1
π¨ CVE-2025-2711 - medium π¨. Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting. > Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting (XSS) via th. πΎ @pdnuclei #NucleiTemplates #cve.
cloud.projectdiscovery.io
Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting (XSS) via the langcode parameter in /help/systop.jsp and /help/top.jsp. Unsanitized user input is reflected in the response,...
0
1
2
π¨ CVE-2025-2710 - medium π¨. Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting. > Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting (XSS) via th. πΎ @pdnuclei #NucleiTemplates #cve.
cloud.projectdiscovery.io
Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting (XSS) via the flag parameter in menu.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript...
0
0
2
π¨ CVE-2024-9007 - medium π¨. 123Solar 1.8.4.5 - Cross-Site Scripting. > 123Solar 1.8.4.5 is vulnerable to reflected cross-site scripting (XSS) via the date1 . πΎ @pdnuclei #NucleiTemplates #cve.
cloud.projectdiscovery.io
123Solar 1.8.4.5 is vulnerable to reflected cross-site scripting (XSS) via the date1 parameter in detailed.php. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript...
0
0
1
π¨ CVE-2024-42852 - medium π¨. AcuToWeb server/10.5.0.7577c8b - Cross-Site Scripting. > AcuToWeb server/10.5.0.7577c8b is vulnerable to reflected cross-site scripting (XSS) . πΎ @pdnuclei #NucleiTemplates #cve.
cloud.projectdiscovery.io
AcuToWeb server/10.5.0.7577c8b is vulnerable to reflected cross-site scripting (XSS) via the portgw parameter. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript...
0
0
0
π¨ CVE-2024-11587 - medium π¨. idcCMS V1.60 - Cross-Site Scripting. > idcCMS V1.60 is vulnerable to reflected cross-site scripting (XSS) via the idName par. πΎ @pdnuclei #NucleiTemplates #cve.
cloud.projectdiscovery.io
idcCMS V1.60 is vulnerable to reflected cross-site scripting (XSS) via the idName parameter in read.php. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution.
0
0
1
π¨ CVE-2020-29390 - critical π¨. Zeroshell 3.9.3 - Command Injection. > Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet S. πΎ @pdnuclei #NucleiTemplates #cve.
cloud.projectdiscovery.io
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using...
0
0
1
π¨ CVE-2025-6851 - high π¨. WordPress Broken Link Notifier < 1.3.1 - Unauthenticated SSRF. > The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Fo. πΎ @pdnuclei #NucleiTemplates #cve.
cloud.projectdiscovery.io
The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajax_blinks() function which ultimately calls the...
0
1
3
π¨ CVE-2025-53833 - critical π¨. LaRecipe < 2.8.1 Remote Code Execution via SSTI. > LaRecipe is an application that allows users to create documentation with Markdown in. πΎ @pdnuclei #NucleiTemplates #cve.
cloud.projectdiscovery.io
LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could...
0
0
1
π¨ CVE-2025-6216 - critical π¨. Allegra - Authentication Bypass via Predictable Password Reset Token. > Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. πΎ @pdnuclei #NucleiTemplates. .
cloud.projectdiscovery.io
Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authen...
0
1
2
π¨ CVE-2022-23397 - medium π¨. Cedar Gate EZ-NET <= 6.8.0 - Cross-Site Scripting. > The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messag. πΎ @pdnuclei #NucleiTemplates #cve.
cloud.projectdiscovery.io
The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected...
0
0
0