cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-43405,https://securityvulnerability.io/vulnerability/CVE-2024-43405,Vulnerability in Nuclei Vulnerability Scanner Affecting Signature Verification,"A vulnerability in the Nuclei vulnerability scanner affects the signature verification system of YAML based templates. This issue is present in the `signer` package from version 3.0.0 to 3.3.1. The vulnerability allows an attacker to bypass signature checks and potentially execute malicious code by exploiting the handling of newline characters and the processing of multiple signatures. This poses a significant risk to CLI users who execute custom code templates from unverified sources, as well as SDK users integrating Nuclei into their platforms. It is crucial for users to upgrade to Nuclei v3.3.2, which addresses this vulnerability, or otherwise avoid using untrusted custom templates.",Projectdiscovery,Nuclei,7.8,HIGH,0.0005300000193528831,false,,false,false,false,,,true,true,2025-01-09T05:52:01.802Z,2024-09-04T16:15:00.000Z,8829
CVE-2024-40641,https://securityvulnerability.io/vulnerability/CVE-2024-40641,Arbitrary Code Execution Vulnerability in Nuclei Vulnerability Scanner,"The Nuclei vulnerability scanner, developed by Project Discovery, is affected by a significant flaw that allows the execution of arbitrary commands due to improper handling of code templates. Specifically, users may exploit this vulnerability within web applications that inherit from Nuclei and facilitate user-edited workflow files without enforcing necessary restrictions via the -code option. This vulnerability poses a risk as it enables users to execute potentially malicious commands, affecting system integrity. The issue has been rectified in version 3.3.0, and users are strongly encouraged to upgrade their installations to mitigate risks, as there are no viable workarounds available to address this issue.",Projectdiscovery,Nuclei,7.4,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-17T17:34:10.792Z,0
CVE-2024-5262,https://securityvulnerability.io/vulnerability/CVE-2024-5262,Remote Access to Files and Directories through Anonymous Login Vulnerability in ProjectDiscovery Interactsh,"A vulnerability has been identified in the SMB server of ProjectDiscovery's Interactsh, which allows remote attackers to gain unauthorized read and write access to files and directories. This issue arises from the exposure of files within the directory and its subdirectories, enabling potential manipulation without proper authentication via anonymous login. Administrators using Interactsh should immediately review their configurations and apply necessary security measures to mitigate these risks.",Projectdiscovery,Interactsh,9.8,CRITICAL,0.0008399999933317304,false,,false,false,false,,,false,false,,2024-06-05T04:00:31.273Z,0
CVE-2024-27920,https://securityvulnerability.io/vulnerability/CVE-2024-27920,Fast and Customizable Vulnerability Scanner Affected by Security Oversight,"A significant security issue has been identified in Nuclei, a fast and customizable vulnerability scanner developed by ProjectDiscovery. This problem involves the execution of unsigned code templates through workflows, particularly affecting users who are utilizing custom workflows. The flaw may allow attackers to execute malicious code on the affected systems, posing substantial risks to the integrity and security of user environments. Affected users are encouraged to apply the security patch provided in Nuclei v3.2.0. In the interim, users should avoid executing any unverified custom workflows and only use templates from trusted sources to minimize the risk of exploitation.",Projectdiscovery,Nuclei,7.4,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-03-15T19:25:00.748Z,0
CVE-2023-37896,https://securityvulnerability.io/vulnerability/CVE-2023-37896,Nuclei Path Traversal vulnerability,"A sandbox bypass vulnerability affected Nuclei users who utilized the tool as a Go code SDK prior to version 2.9.9. The issue, which did not impact CLI users, stemmed from improper sanitization during payload loading in sandbox mode. Specifically, relative paths could evade security checks, posing a risk of unauthorized file access from the filesystem. This significant flaw has been rectified in version 2.9.9, where maintainers have made sandbox mode the default setting for filesystem loading. Users are now presented with new options to manage local file access and network restrictions effectively, enhancing security for those employing custom templates.",Projectdiscovery,Nuclei,7.5,HIGH,0.0012799999676644802,false,,false,false,false,,,false,false,,2023-08-04T16:15:00.000Z,0
CVE-2023-36474,https://securityvulnerability.io/vulnerability/CVE-2023-36474,Interactsh server settings make users vulnerable to Subdomain Takeover,"Interactsh, an open-source tool for detecting out-of-band interactions, has a vulnerability that allows subdomain takeover for the specific subdomain 'app.' Prior to version 1.0.0, Interactsh servers utilized default CNAME entries pointing to GitHub pages, which could lead to arbitrary client-side code execution through cross-site scripting when users visit the vulnerable subdomain. This risk occurs if users fail to configure a web client while having a CNAME entry set up. The issue has been resolved in version 1.0.0, which makes CNAME configurations optional.",Projectdiscovery,Interactsh,8.2,HIGH,0.0009500000160187483,false,,false,false,false,,,false,false,,2023-06-28T22:15:00.000Z,0