cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-43405,https://securityvulnerability.io/vulnerability/CVE-2024-43405,Vulnerability in Nuclei Vulnerability Scanner Affecting Signature Verification,"A vulnerability in the Nuclei vulnerability scanner affects the signature verification system of YAML based templates. This issue is present in the `signer` package from version 3.0.0 to 3.3.1. The vulnerability allows an attacker to bypass signature checks and potentially execute malicious code by exploiting the handling of newline characters and the processing of multiple signatures. This poses a significant risk to CLI users who execute custom code templates from unverified sources, as well as SDK users integrating Nuclei into their platforms. It is crucial for users to upgrade to Nuclei v3.3.2, which addresses this vulnerability, or otherwise avoid using untrusted custom templates.",Projectdiscovery,Nuclei,7.8,HIGH,0.0005300000193528831,false,,false,false,false,,,true,true,2025-01-09T05:52:01.802Z,2024-09-04T16:15:00.000Z,8829
CVE-2024-40641,https://securityvulnerability.io/vulnerability/CVE-2024-40641,Arbitrary Code Execution Vulnerability in Nuclei Vulnerability Scanner,"The Nuclei vulnerability scanner, developed by Project Discovery, is affected by a significant flaw that allows the execution of arbitrary commands due to improper handling of code templates. Specifically, users may exploit this vulnerability within web applications that inherit from Nuclei and facilitate user-edited workflow files without enforcing necessary restrictions via the -code option. This vulnerability poses a risk as it enables users to execute potentially malicious commands, affecting system integrity. The issue has been rectified in version 3.3.0, and users are strongly encouraged to upgrade their installations to mitigate risks, as there are no viable workarounds available to address this issue.",Projectdiscovery,Nuclei,7.4,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-17T17:34:10.792Z,0
CVE-2024-27920,https://securityvulnerability.io/vulnerability/CVE-2024-27920,Fast and Customizable Vulnerability Scanner Affected by Security Oversight,"A significant security issue has been identified in Nuclei, a fast and customizable vulnerability scanner developed by ProjectDiscovery. This problem involves the execution of unsigned code templates through workflows, particularly affecting users who are utilizing custom workflows. The flaw may allow attackers to execute malicious code on the affected systems, posing substantial risks to the integrity and security of user environments. Affected users are encouraged to apply the security patch provided in Nuclei v3.2.0. In the interim, users should avoid executing any unverified custom workflows and only use templates from trusted sources to minimize the risk of exploitation.",Projectdiscovery,Nuclei,7.4,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-03-15T19:25:00.748Z,0
CVE-2023-37896,https://securityvulnerability.io/vulnerability/CVE-2023-37896,Nuclei Path Traversal vulnerability,"A sandbox bypass vulnerability affected Nuclei users who utilized the tool as a Go code SDK prior to version 2.9.9. The issue, which did not impact CLI users, stemmed from improper sanitization during payload loading in sandbox mode. Specifically, relative paths could evade security checks, posing a risk of unauthorized file access from the filesystem. This significant flaw has been rectified in version 2.9.9, where maintainers have made sandbox mode the default setting for filesystem loading. Users are now presented with new options to manage local file access and network restrictions effectively, enhancing security for those employing custom templates.",Projectdiscovery,Nuclei,7.5,HIGH,0.0012799999676644802,false,,false,false,false,,,false,false,,2023-08-04T16:15:00.000Z,0