Daily update of Nuclei Templates

Author: actions-user

README.md

@@ -18,41 +18,28 @@
 | CVE-2014 | 436 |
 | CVE-2015 | 535 |
 | CVE-2016 | 257 |
-| CVE-2017 | 413 |
+| CVE-2017 | 412 |
 | CVE-2018 | 535 |
-| CVE-2019 | 770 |
+| CVE-2019 | 771 |
 | CVE-2020 | 1129 |
 | CVE-2021 | 2235 |
 | CVE-2022 | 2985 |
-| CVE-2023 | 5165 |
-| CVE-2024 | 9046 |
-| CVE-2025 | 1115 |
-| Other | 65777 |
+| CVE-2023 | 5166 |
+| CVE-2024 | 9045 |
+| CVE-2025 | 1117 |
+| Other | 65600 |
 ## Quantity changes in recent days
-|2025-02-19 | 2025-02-20 | 2025-02-21 | 2025-02-22 | 2025-02-23 | 2025-02-24 | 2025-02-25|
+|2025-02-20 | 2025-02-21 | 2025-02-22 | 2025-02-23 | 2025-02-24 | 2025-02-25 | 2025-02-26|
 |--- | ------ | ------ | ------ | ------ | ------ | ---|
-|76919 | 89660 | 89590 | 89913 | 89699 | 91021 | 91211|
+|89660 | 89590 | 89913 | 89699 | 91021 | 91211 | 91036|
 ## Recently added files
 | templates name | 
 | --- |
-| CVE-2025-25062.yaml |
-| CVE-2024-13161.yaml |
-| CVE-2024-13159.yaml |
-| CVE-2024-12356.yaml |
-| CVE-2024-13160.yaml |
-| smarty-ssti.yaml |
-| codepen-oob.yaml |
-| pebble-oob.yaml |
-| python-code-injection.yaml |
-| razor-ssti.yaml |
-| ssh-unrestricted-nonwhitelist.yaml |
-| android-hijacking.yaml |
-| limit-max-auth-attempts.yaml |
-| jinjava-oob.yaml |
-| spring-expression-oob.yaml |
-| klog-server-default-login.yaml |
-| thymeleaf-oob.yaml |
-| ssh-key-auth-disabled.yaml |
-| twig-ssti.yaml |
-| freemarker-sandbox-bypass-ssti.yaml |
-| roundcube-detection.yaml |
+| CVE-2025-24893.yaml |
+| CVE-2025-0868.yaml |
+| CVE-2023-45826.yaml |
+| peoplesoft-xxe-1.yaml |
+| kerion-control-panel.yaml |
+| leantime-stored-xss.yaml |
+| shibboleth-detect.yaml |
+| squidex-panel.yaml |

data.json

@@ -336,5 +336,6 @@
     "2025-02-22": 89913,
     "2025-02-23": 89699,
     "2025-02-24": 91021,
-    "2025-02-25": 91211
+    "2025-02-25": 91211,
+    "2025-02-26": 91036
 }

data1.json

@@ -93051,5 +93051,13 @@
     "ssh-key-auth-disabled.yaml": "2025-02-25 02:16:47",
     "twig-ssti.yaml": "2025-02-25 02:16:47",
     "freemarker-sandbox-bypass-ssti.yaml": "2025-02-25 02:16:47",
-    "roundcube-detection.yaml": "2025-02-25 02:16:47"
+    "roundcube-detection.yaml": "2025-02-25 02:16:47",
+    "CVE-2025-24893.yaml": "2025-02-26 02:16:40",
+    "CVE-2025-0868.yaml": "2025-02-26 02:16:40",
+    "CVE-2023-45826.yaml": "2025-02-26 02:16:40",
+    "peoplesoft-xxe-1.yaml": "2025-02-26 02:16:40",
+    "kerion-control-panel.yaml": "2025-02-26 02:16:40",
+    "leantime-stored-xss.yaml": "2025-02-26 02:16:40",
+    "shibboleth-detect.yaml": "2025-02-26 02:16:40",
+    "squidex-panel.yaml": "2025-02-26 02:16:40"
 }

nuclei-templates/CVE-2004/CVE-2004-2687.yaml

@@ -40,4 +40,4 @@ tcp:
         part: raw
         regex:
           - "uid=[0-9]+.*gid=[0-9]+.*"
-# digest: 4a0a004730450220137c308c895a2d8531b28b053e1e480cceba792fc5d7000ce51b6f422417b8c5022100c996a9313234317f1e7c0e355b361163cbf09fcb9d7180260d59a98f0f36a195:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100b45186a7e92c5e3e180db442d003fe428573fe4630b6cf6391a20d7ccf17a93d022100f779f2f93c2389060483b2da27e867762fa80aa55615d1169ddab65ed40ff6c5:922c64590222798bb761d5b6d8e72950

nuclei-templates/CVE-2005/CVE-2005-10002.yaml

@@ -1,58 +1,58 @@
-id: CVE-2005-10002
-
-info:
-  name: >
-    secure-files <= 1.1 - Directory Traversal
-  author: topscoder
-  severity: medium
-  description: >
-    The secure-files plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1 via the downloadfile variable. This makes it possible for attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
-  reference:
-    - https://www.wordfence.com/threat-intel/vulnerabilities/id/2fd7d6af-a938-4106-aed2-12b9a5454da9?source=api-prod
-  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
-    cvss-score: 5.3
-    cve-id: CVE-2005-10002
-  metadata:
-    fofa-query: "wp-content/plugins/secure-files/"
-    google-query: inurl:"/wp-content/plugins/secure-files/"
-    shodan-query: 'vuln:CVE-2005-10002'
-  tags: cve,wordpress,wp-plugin,secure-files,medium
-
-http:
-  - method: GET
-    redirects: true
-    max-redirects: 3
-    path:
-      - "{{BaseURL}}/wp-content/plugins/secure-files/readme.txt"
-
-    extractors:
-      - type: regex
-        name: version
-        part: body
-        group: 1
-        internal: true
-        regex:
-          - "(?mi)Stable tag: ([0-9.]+)"
-
-      - type: regex
-        name: version
-        part: body
-        group: 1
-        regex:
-          - "(?mi)Stable tag: ([0-9.]+)"
-
-    matchers-condition: and
-    matchers:
-      - type: status
-        status:
-          - 200
-
-      - type: word
-        words:
-          - "secure-files"
-        part: body
-
-      - type: dsl
-        dsl:
+id: CVE-2005-10002
+
+info:
+  name: >
+    secure-files <= 1.1 - Directory Traversal
+  author: topscoder
+  severity: medium
+  description: >
+    The secure-files plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1 via the downloadfile variable. This makes it possible for attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
+  reference:
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/2fd7d6af-a938-4106-aed2-12b9a5454da9?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 5.3
+    cve-id: CVE-2005-10002
+  metadata:
+    fofa-query: "wp-content/plugins/secure-files/"
+    google-query: inurl:"/wp-content/plugins/secure-files/"
+    shodan-query: 'vuln:CVE-2005-10002'
+  tags: cve,wordpress,wp-plugin,secure-files,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/secure-files/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "secure-files"
+        part: body
+
+      - type: dsl
+        dsl:
           - compare_versions(version, '< 1.1')

nuclei-templates/CVE-2006/CVE-2006-10001.yaml

@@ -1,58 +1,58 @@
-id: CVE-2006-10001
-
-info:
-  name: >
-    Subscribe to Comments <= 2.0.7 - Reflected Cross-Site Scripting
-  author: topscoder
-  severity: medium
-  description: >
-    The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via REQUEST_URI in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
-  reference:
-    - https://www.wordfence.com/threat-intel/vulnerabilities/id/81b76824-8099-433d-88e3-c05df9434fd6?source=api-prod
-  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 6.1
-    cve-id: CVE-2006-10001
-  metadata:
-    fofa-query: "wp-content/plugins/subscribe-to-comments/"
-    google-query: inurl:"/wp-content/plugins/subscribe-to-comments/"
-    shodan-query: 'vuln:CVE-2006-10001'
-  tags: cve,wordpress,wp-plugin,subscribe-to-comments,medium
-
-http:
-  - method: GET
-    redirects: true
-    max-redirects: 3
-    path:
-      - "{{BaseURL}}/wp-content/plugins/subscribe-to-comments/readme.txt"
-
-    extractors:
-      - type: regex
-        name: version
-        part: body
-        group: 1
-        internal: true
-        regex:
-          - "(?mi)Stable tag: ([0-9.]+)"
-
-      - type: regex
-        name: version
-        part: body
-        group: 1
-        regex:
-          - "(?mi)Stable tag: ([0-9.]+)"
-
-    matchers-condition: and
-    matchers:
-      - type: status
-        status:
-          - 200
-
-      - type: word
-        words:
-          - "subscribe-to-comments"
-        part: body
-
-      - type: dsl
-        dsl:
+id: CVE-2006-10001
+
+info:
+  name: >
+    Subscribe to Comments <= 2.0.7 - Reflected Cross-Site Scripting
+  author: topscoder
+  severity: medium
+  description: >
+    The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via REQUEST_URI in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+  reference:
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/81b76824-8099-433d-88e3-c05df9434fd6?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2006-10001
+  metadata:
+    fofa-query: "wp-content/plugins/subscribe-to-comments/"
+    google-query: inurl:"/wp-content/plugins/subscribe-to-comments/"
+    shodan-query: 'vuln:CVE-2006-10001'
+  tags: cve,wordpress,wp-plugin,subscribe-to-comments,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/subscribe-to-comments/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "subscribe-to-comments"
+        part: body
+
+      - type: dsl
+        dsl:
           - compare_versions(version, '< 2.0.7')