Security News > 2025 > January > Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution
2025-01-04 14:29
A high-severity security flaw has been disclosed in ProjectDiscovery's Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405, it carries a CVSS score of 7.4 out of a maximum of 10.0. It impacts all versions of Nuclei later than 3.0.0. "The
News URL
https://thehackernews.com/2025/01/researchers-uncover-nuclei.html
Related news
- Apache fixes remote code execution bypass in Tomcat web server (source)
- Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques (source)
- New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) (source)
- Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-04 | CVE-2024-43405 | OS Command Injection vulnerability in Projectdiscovery Nuclei Nuclei is a vulnerability scanner powered by YAML based templates. | 7.8 |