Skip to content

[Bounty] Add 6 Validated CVE Templates (Batch 7+8 - April 2026)#15960

Closed
eyangfeng88-arch wants to merge 1 commit intoprojectdiscovery:mainfrom
eyangfeng88-arch:bounty-batch-7-clean-april-2026
Closed

[Bounty] Add 6 Validated CVE Templates (Batch 7+8 - April 2026)#15960
eyangfeng88-arch wants to merge 1 commit intoprojectdiscovery:mainfrom
eyangfeng88-arch:bounty-batch-7-clean-april-2026

Conversation

@eyangfeng88-arch
Copy link
Copy Markdown

@eyangfeng88-arch eyangfeng88-arch commented Apr 17, 2026

Summary

This PR adds 6 validated Nuclei templates for critical/high severity vulnerabilities.

Templates Added

CVE Product CVSS Type Auth Required
CVE-2026-6116 Totolink A7100RU 9.8 OS Command Injection No
CVE-2026-6131 Totolink A7100RU 9.8 OS Command Injection No
CVE-2025-24801 GLPI 8.5 LFI to RCE Yes (PR:L)
CVE-2025-41002 Infoticketing 9.8 SQL Injection No
CVE-2025-47577 TI WooCommerce Wishlist 10.0 Arbitrary File Upload No
CVE-2026-22769 Dell RecoverPoint for VMs 10.0 Hardcoded Credentials No

Validation

  • ? All templates validated against official NVD/GHSA descriptions
  • ? CVE-2026-6116/6131: Interactsh OOB detection for reliable verification
  • ? CVE-2025-24801: CVSS corrected to 8.5, added authentication note
  • ? CVE-2025-41002: Time-based SQLi detection
  • ? CVE-2025-47577: File upload RCE detection
  • ? CVE-2026-22769: Hardcoded credentials (BRICKSTORM) - exploited by UNC6201

References

@github-actions github-actions Bot requested a review from ritikchaddha April 17, 2026 20:41
@theamanrawat
Copy link
Copy Markdown
Contributor

theamanrawat commented Apr 20, 2026

Hi @eyangfeng88-arch,

Thank you so much for sharing this template with the community and contributing to this project 🍻

We tried to reproduce the POC, but it didn't work on our end. If you believe the template is correct, please send step-by-step instructions or a vulnerable lab environment to templates@projectdiscovery.io.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ritikchaddha ritikchaddha Awaiting requested review from ritikchaddha

Assignees

@theamanrawat theamanrawat

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@eyangfeng88-arch @theamanrawat