- EPSS 0.04%
- Veröffentlicht 20.04.2026 07:10:30
- Zuletzt bearbeitet 20.04.2026 19:05:30
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets (not the default configuration).
CVE-2024-43405
- EPSS 4.87%
- Veröffentlicht 04.09.2024 16:15:06
- Zuletzt bearbeitet 01.10.2024 15:37:37
Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and poss...
CVE-2024-40641
- EPSS 0.05%
- Veröffentlicht 17.07.2024 18:15:05
- Zuletzt bearbeitet 15.04.2026 00:35:42
Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allo...
CVE-2024-27920
- EPSS 0.47%
- Veröffentlicht 15.03.2024 20:15:09
- Zuletzt bearbeitet 05.12.2025 17:24:36
projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerab...
CVE-2023-37896
- EPSS 0.65%
- Veröffentlicht 04.08.2023 16:15:09
- Zuletzt bearbeitet 21.11.2024 08:12:25
Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code (SDK) running custom templates. This issue did not affect CLI users. The problem was related to sanitization ...