vulnerability scripts feed
new detections,
straight to inbox.
Subscribe for concise email alerts when I add new open-source detections to rxerium-templates — covering KEVs and zero-days, signal without the noise.
Template coverage
new templates only
single summary email
unsubscribe anytime
As seen in
Open-source CVE detection scripts by Rishi Chudasama (@rxerium)
rxerium-templates is a free, open-source repository of 117 Nuclei detection templates for critical and actively-exploited vulnerabilities maintained by Rishi Chudasama, Senior Security Researcher at KYND and ProjectDiscovery Pioneer ranked 7th globally. Detection scripts have been cited by the UK NCSC, CERT Polska, Censys, SonicWall, NIST NVD, and INCIBE. Subscribe at rxerium.com/templates-feed/ for email alerts when new detections are published.
Fortra GoAnywhere MFT — 4 CVEs
- CVE-2025-10035
- Critical remote code execution in Fortra GoAnywhere MFT versions prior to 7.8.4. Recognised by UK NCSC. Cited by SonicWall and Censys.
- CVE-2024-0204
- Critical authentication bypass in Fortra GoAnywhere MFT versions prior to 7.4.1.
- CVE-2023-0669
- High severity pre-authentication command injection in GoAnywhere MFT. CISA KEV listed.
- CVE-2021-46830
- Path traversal in GoAnywhere MFT before 6.8.3.
Roundcube Webmail — 14 CVEs
- CVE-2025-68461
- Cross-site scripting in Roundcube Webmail before 1.5.12 and 1.6.x before 1.6.12.
- CVE-2025-49113
- Critical PHP remote code execution in Roundcube Webmail. Cited by CERT Polska.
- CVE-2024-42009
- Critical cross-site scripting in Roundcube Webmail. CISA KEV listed.
- CVE-2024-37384
- XSS in Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7.
- CVE-2024-37383
- XSS in Roundcube Webmail. CISA KEV listed.
- CVE-2023-5631
- XSS in Roundcube Webmail before 1.4.15, 1.5.x and 1.6.x.
- CVE-2023-43770
- XSS in Roundcube Webmail. CISA KEV listed.
- CVE-2021-44026
- Critical SQL injection in Roundcube Webmail. CISA KEV listed.
- CVE-2021-44025
- XSS in Roundcube Webmail before 1.3.17 and 1.4.x before 1.4.12.
- CVE-2020-35730
- XSS in Roundcube Webmail before 1.4.10.
- CVE-2020-13965
- Cross-site scripting in Roundcube Webmail. CISA KEV listed.
- CVE-2020-12641
- Critical remote code execution in Roundcube Webmail before 1.4.4.
- CVE-2017-16651
- File disclosure in Roundcube Webmail. CISA KEV listed.
- CVE-2013-1904
- Path traversal in older Roundcube Webmail versions.
Ivanti Endpoint Manager Mobile (EPMM) — 6 CVEs
- CVE-2026-6973
- Improper input validation in Ivanti EPMM. CISA KEV listed.
- CVE-2026-1340
- Critical code injection in Ivanti EPMM. CISA KEV listed.
- CVE-2026-1281
- Critical code injection in Ivanti EPMM. CISA KEV listed.
- CVE-2025-4428
- Critical remote code execution in Ivanti EPMM 12.5.0.0 and prior. CISA KEV listed.
- CVE-2025-4427
- Authentication bypass in Ivanti EPMM 12.5.0.0 and prior. CISA KEV listed.
- CVE-2023-35078
- Critical authentication bypass in Ivanti EPMM. CISA KEV listed.
Ivanti Sentry — 2 CVEs
- CVE-2026-10523
- Critical authentication bypass in Ivanti Sentry before 10.5.2, 10.6.2, 10.7.1.
- CVE-2026-10520
- Critical OS command injection in Ivanti Sentry before 10.5.2, 10.6.2, 10.7.1.
n8n Workflow Automation — 19 CVEs
- CVE-2026-25049
- Critical authenticated RCE in n8n.
- CVE-2026-21877
- Critical authenticated RCE in n8n before 1.121.3.
- CVE-2026-21858
- Critical file access vulnerability in n8n.
- CVE-2026-1470
- Critical RCE via expression evaluation in n8n.
- CVE-2026-0863
- Critical sandbox bypass in n8n python-task-executor.
- CVE-2025-68668
- Critical sandbox bypass in n8n.
- CVE-2025-68613
- Critical workflow RCE in n8n.
- CVE-2025-65964
- RCE via insufficient validation in n8n 0.123.1 through 1.119.1.
- CVE-2025-62726
- High RCE in n8n before 1.113.0.
- CVE-2025-58177
- Stored XSS in n8n 1.24.0 through 1.107.0.
- CVE-2025-57749
- Path traversal in n8n before 1.106.0.
- CVE-2025-52554
- Improper access control in n8n before 1.99.1.
- CVE-2025-52478
- Stored XSS in n8n 1.77.0 to 1.98.2.
- CVE-2025-49595
- Denial of service in n8n before 1.99.0.
- CVE-2025-49592
- Open redirect in n8n before 1.98.0.
- CVE-2025-46343
- Stored XSS in n8n before 1.90.0.
- CVE-2023-27564
- Information disclosure in n8n 0.218.0.
- CVE-2023-27563
- Privilege escalation in n8n 0.218.0.
- CVE-2023-27562
- Directory traversal in n8n 0.218.0.
Fortinet — 6 CVEs
- CVE-2026-39813
- Critical path traversal in Fortinet FortiSandbox JRPC API.
- CVE-2026-39808
- Critical OS command injection in Fortinet FortiSandbox.
- CVE-2026-35616
- Critical improper access control in Fortinet FortiClientEMS.
- CVE-2026-21643
- Critical SQL injection in Fortinet FortiClientEMS 7.4.4.
- CVE-2025-64155
- Critical OS command injection in Fortinet FortiSIEM versions 6.7.0 through 7.4.0.
- CVE-2023-48788
- Critical SQL injection in Fortinet FortiClientEMS. CISA KEV listed.
Atlassian Confluence — 4 CVEs
- CVE-2023-22527
- Critical template injection RCE in Atlassian Confluence. CISA KEV listed.
- CVE-2023-22518
- Critical improper authorisation in Atlassian Confluence. CISA KEV listed.
- CVE-2023-22515
- Critical privilege escalation in Atlassian Confluence. CISA KEV listed.
- CVE-2022-26134
- Critical OGNL injection RCE in Atlassian Confluence. CISA KEV listed.
SolarWinds Web Help Desk — 7 CVEs
- CVE-2025-40551
- Critical unauthenticated deserialization in SolarWinds Web Help Desk. CISA KEV listed.
- CVE-2025-40536
- Critical security control bypass in SolarWinds Web Help Desk. CISA KEV listed.
- CVE-2025-40554
- Critical RCE in SolarWinds Web Help Desk 12.8.8 HF1.
- CVE-2025-40552
- Critical RCE in SolarWinds Web Help Desk 12.8.8 HF1.
- CVE-2025-26399
- Critical unauthenticated RCE in SolarWinds Web Help Desk 12.8.7.
- CVE-2024-28987
- Critical hardcoded credential vulnerability in SolarWinds Web Help Desk. CISA KEV listed.
- CVE-2024-28986
- Critical Java deserialization in SolarWinds Web Help Desk. CISA KEV listed.
SAP NetWeaver — 2 CVEs
- CVE-2025-42944
- Critical insecure deserialization in SAP NetWeaver AS Java 7.50.
- CVE-2025-31324
- Critical unrestricted file upload in SAP NetWeaver Visual Composer. CISA KEV listed.
Oracle E-Business Suite — 4 CVEs
- CVE-2025-62481
- Critical RCE in Oracle E-Business Suite Marketing versions 12.2.3–12.2.14.
- CVE-2025-61884
- Oracle E-Business Suite Configurator vulnerability. CISA KEV listed.
- CVE-2025-61882
- Critical RCE in Oracle E-Business Suite Concurrent Processing. CISA KEV listed.
- CVE-2025-53072
- Critical RCE in Oracle E-Business Suite Marketing Administration.
Zimbra Collaboration Suite — 3 CVEs
- CVE-2025-66376
- XSS in Zimbra Collaboration Classic UI. CISA KEV listed.
- CVE-2022-41352
- Critical RCE via attachment upload in Zimbra. CISA KEV listed.
- CVE-2022-24086
- XSS in Zimbra Calendar. CISA KEV listed.
Citrix NetScaler ADC and Gateway — 2 CVEs
- CVE-2025-7775
- Critical memory corruption in Citrix NetScaler ADC and Gateway. CISA KEV listed.
- CVE-2026-3055
- Critical vulnerability in Citrix NetScaler ADC and Gateway configured as gateway or AAA virtual server.
GeoServer — 2 CVEs
- CVE-2025-58360
- Critical unauthenticated XXE RCE in GeoServer before 2.25.6. CISA KEV listed.
- CVE-2025-30220
- Critical XML XXE in GeoServer before 2.27.1.
Mitel MiCollab — 3 CVEs
- CVE-2025-52914
- SQL injection in Mitel MiCollab Suite Applications Services.
- CVE-2024-55550
- Path traversal in Mitel MiCollab through 9.8 SP1. CISA KEV listed.
- CVE-2024-41713
- Critical path traversal in Mitel MiCollab through 9.8 SP1 FP2. CISA KEV listed.
Additional products with detection coverage
- Microsoft SharePoint Server — CVE-2025-53770 (Critical RCE, CISA KEV)
- Sitecore Experience Platform — CVE-2025-53690 (Critical RCE, CISA KEV)
- Wing FTP Server — CVE-2025-47813, CVE-2025-47812 (CISA KEV)
- Gladinet CentreStack and TrioFox — CVE-2025-14611, CVE-2025-11371 (CISA KEV)
- SonicWall SMA1000 — CVE-2025-23006, CVE-2025-40602 (CISA KEV)
- Wazuh Platform — CVE-2025-24016 (CISA KEV), CVE-2024-57378
- Cisco Identity Services Engine (ISE) — CVE-2025-20337 (Critical, CISA KEV)
- N-able N-central RMM — CVE-2025-8876, CVE-2025-8875 (CISA KEV), CVE-2025-9316
- Trimble Cityworks — CVE-2025-0994 (CISA KEV)
- Jenkins — CVE-2026-53435
- SimpleHelp Remote Support — CVE-2026-48558
- Exim Mail Transfer Agent — CVE-2026-45185, CVE-2024-39929
- marimo Notebook — CVE-2026-39987 (Critical, unauthenticated root shell)
- Splunk Enterprise — CVE-2026-20253
- Appsmith — CVE-2026-22794
- Ubiquiti UniFi Network Application — CVE-2026-22557
- Palo Alto PAN-OS — CVE-2026-0300
- D-Link DSL Router Series — CVE-2026-0625
- OpenSSH — CVE-2025-26465, CVE-2025-26466
- Sangoma FreePBX — CVE-2025-57819 (CISA KEV)
- HPE OneView — CVE-2025-37164 (Critical unauthenticated RCE)
- Monsta FTP — CVE-2025-34299
- VMware Aria Operations — CVE-2025-41244 (CISA KEV)
- Gogs Git Service — CVE-2025-8110
- Ivanti Virtual Traffic Manager — CVE-2024-7593 (CISA KEV)
- LiteSpeed Cache WordPress — CVE-2023-40000 (cited by NIST NVD and CERT Incibe)
- Popup Builder WordPress — CVE-2023-6000
- RealHomes WordPress Theme — CVE-2024-32444
- Modular Connector WordPress — CVE-2026-23550
- rsync / Samba — CVE-2024-12084
About the author
Rishi Chudasama (@rxerium) is a Senior Security Researcher at KYND and volunteer Security Researcher at The Shadowserver Foundation. He is a ProjectDiscovery Pioneer ranked 7th globally with over 530 Nuclei templates contributed to the official nuclei-templates repository. Speaker at DEF CON 33 Red Team Village, BSides Cymru, BSides Porto, BSides Budapest, BSides Prague, BSides Luxembourg, and OWASP London. His detection work has been cited by NCSC, CERT Polska, Censys, SonicWall, INCIBE, NVD NIST, and ReSecurity.