Skip to main content

Nuclei

4 CVEs product

Monthly

CVE-2026-41282 Go MEDIUM PATCH This Month

DSL expression injection in ProjectDiscovery Nuclei before 3.8.0 allows remote code execution when using the -env-vars flag with multi-step templates against untrusted targets. An attacker can inject malicious expressions into environment variables that are evaluated as Nuclei DSL code, achieving arbitrary code execution with the privileges of the Nuclei process. This vulnerability requires non-default configuration (explicit -env-vars usage) and high attack complexity, limiting real-world impact despite the RCE tag.

Code Injection RCE Nuclei
NVD GitHub VulDB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-43405 Go HIGH PATCH This Week

Nuclei is a vulnerability scanner powered by YAML based templates. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Nuclei
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-27920 Go HIGH PATCH This Week

projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Command Injection Nuclei
NVD GitHub
CVSS 3.1
7.4
EPSS
0.4%
CVE-2023-37896 Go HIGH PATCH This Week

Nuclei is a vulnerability scanner. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Nuclei
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

DSL expression injection in ProjectDiscovery Nuclei before 3.8.0 allows remote code execution when using the -env-vars flag with multi-step templates against untrusted targets. An attacker can inject malicious expressions into environment variables that are evaluated as Nuclei DSL code, achieving arbitrary code execution with the privileges of the Nuclei process. This vulnerability requires non-default configuration (explicit -env-vars usage) and high attack complexity, limiting real-world impact despite the RCE tag.

Code Injection RCE Nuclei
NVD GitHub VulDB
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Nuclei is a vulnerability scanner powered by YAML based templates. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Nuclei
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Command Injection Nuclei
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Nuclei is a vulnerability scanner. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Nuclei
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy