Nuclei Templates Added for CVE-2021-42392 and PhotoPrism Unauthenticated Exposure
ProjectDiscovery contributors submitted new Nuclei detection content to expand coverage for two separate security issues: CVE-2021-42392 and an unauthenticated exposure condition affecting PhotoPrism. Pull request #15734, opened by maciejklimek, proposes adding a template for CVE-2021-42392, while pull request #15766, opened by pussycat0x, adds photoprism-unauth-exposure.yaml to identify publicly accessible PhotoPrism instances without authentication.
Both submissions were presented as defensive scanning updates in the projectdiscovery/nuclei-templates repository and included standard validation notes stating they were tested against vulnerable and patched targets. Repository automation requested reviewer attention, and the PhotoPrism template was marked ready to merge, while the CVE-2021-42392 template remained open pending review; neither reference indicated an active intrusion campaign or confirmed breach tied to the detections.
Timeline
Apr 1, 2026
Nuclei template PR opened for PhotoPrism unauthenticated exposure
A pull request was opened in the projectdiscovery/nuclei-templates repository to add photoprism-unauth-exposure.yaml for detecting unauthenticated exposure in PhotoPrism. The change was presented as defensive detection content and marked ready for review.
Mar 30, 2026
Nuclei template PR opened for CVE-2021-42392
A pull request was opened in the projectdiscovery/nuclei-templates repository to add a Nuclei detection template for CVE-2021-42392. The submission stated it was validated against vulnerable and patched hosts and awaited review.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Organizations
Sources
Related Stories
Nuclei Templates Added for OpenText Filr Exposure and CVE-2024-8252 Detection
ProjectDiscovery's `nuclei-templates` repository received two new detection-template pull requests from contributor **pussycat0x**: one for **OpenText Filr guest access exposure** and another for **`CVE-2024-8252`**. The OpenText Filr submission proposes a template named `opentext-filr-guest-access.yaml` aimed at identifying instances where guest access is exposed, indicating a configuration or exposure check rather than a clearly documented CVE-based issue. A second pull request adds `CVE-2024-8252.yaml`, expanding Nuclei coverage for a separate vulnerability identified by CVE. In both submissions, the contributor stated the templates were validated against vulnerable and patched targets to improve detection accuracy and reduce false positives, while repository automation assigned reviewers and labels; the CVE template remained open, and automated review tooling was unable to complete analysis on at least one of the submissions during the captured review cycle.
4 weeks ago
Nuclei Templates Added for MITRE Caldera RCE and GitLab SAML Auth Bypass
ProjectDiscovery contributors submitted new Nuclei detection templates for two newly tracked vulnerabilities: **`CVE-2025-27364`**, described as an **unauthenticated remote code execution** flaw in **MITRE Caldera**, and **`CVE-2025-25291`**, an **authentication bypass** issue in **`ruby-saml`** affecting **GitLab SAML SSO** deployments. The references indicate both issues were significant enough to prompt rapid addition of scanning coverage in the public `nuclei-templates` repository. Available details remain limited because the source material is drawn from GitHub pull request metadata rather than full advisories, but the vulnerability labels point to potentially high-impact exposure in identity and adversary-emulation infrastructure. Security teams using **GitLab SAML single sign-on** or **MITRE Caldera** should track vendor guidance, validate exposure to **`CVE-2025-25291`** and **`CVE-2025-27364`**, and prepare to use updated detection content as part of vulnerability assessment workflows.
1 months ago
Nuclei Templates Added for WordPress SSTI and Nginx UI Access Control Flaws
ProjectDiscovery contributors opened and advanced Nuclei template pull requests for two newly tracked vulnerabilities: **`CVE-2026-4257`**, a **server-side template injection** issue in the **WordPress Contact Form by Supsystic** plugin, and **`CVE-2026-33032`**, a **broken access control** flaw in **Nginx UI**. The GitHub activity shows template development intended to support detection of both issues, with one pull request referencing a new `CVE-2026-4257.yaml` file and another marked ready to merge for the Nginx UI vulnerability. The available records are limited to repository metadata and do not include technical write-ups, affected version ranges, exploitation details, or vendor remediation guidance. Even so, the publication of detection content for these CVEs indicates that security researchers are operationalizing checks for exposed systems, and defenders using Nuclei should watch for template releases covering both the WordPress plugin SSTI and the Nginx UI authorization weakness.
3 weeks ago