Project Discovery

Hacktober 2025 - Nuclei Templates

2025-10-31 · Read original ↗

ATT&CK techniques detected

5 predictions

T1190Exploit Public-Facing Application

97%

"##merce < 5. 2. 0 - cross - site scripting - [ cve - 2019 - 17232 ] wordpress ultimate faqs < = 1. 8. 24 – unauth options import and export - [ cve - 2019 - 16072 ] enigma nms < 65. 0. 0 - authenticated os command injection - [ cve - 2019 - 12989 ] citrix sd - wan and netscaler s…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1190Exploit Public-Facing Application

91%

"cve - 2021 - 26072 ] atlassian confluence < 5. 8. 6 - server - side request forgery - [ cve - 2021 - 24220 ] multiple thrive themes < 2. 0. 0 - arbitrary file upload - [ cve - 2021 - 24295 ] spam protection, antispam, firewall by cleantalk < 5. 153. 4 - unauth blind sqli - [ cve …"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1190Exploit Public-Facing Application

88%

"##uth arbitrary file upload - [ cve - 2022 - 41352 ] zimbra collaboration - unrestricted file upload - [ cve - 2022 - 38627 ] nortek linear emerge e3 - series - sql injection - [ cve - 2022 - 3590 ] wordpress < = 6. 2 - server side request forgery - [ cve - 2022 - 3481 ] notifica…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1190Exploit Public-Facing Application

79%

"##e - auth bypass ), all targeting platforms widely deployed in enterprise networks. these cve templates help users identify and resolve critical issues before attackers can exploit them. highlighted cve templates templates marked with highlight high - risk vulnerabilities that a…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1190Exploit Public-Facing Application

73%

"- site scripting - [ cve - 2024 - 0593 ] wordpress simple job board - unauthorized data access - [ cve - 2023 - 40044 ] ws _ ftp server - insecure deserialization - [ cve - 2023 - 37582 ] apache rocketmq - remote command execution - [ cve - 2023 - 3519 ] citrix netscaler adc and …"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

Summary of Releases v10.3.0 & v10.3.1 This month, we had two major releases of Nuclei Templates, introducing numerous improvements and new templates for Nuclei users. 🚀 Hacktober Stats Release New Templates Added CVEs Added First-time Contributors Bounties Awarded v10.3.0 124 90 6 12 v10.3.1 119 88 10 12 Total 243 178 16 24 Introduction October was huge for Nuclei Templates, two releases (v10.3.0 & v10.3.1) dropped during Hacktoberfest, adding coverage for 44 actively expl