Skip to content

Add 5 CVE templates (Batch 7 - 2026-04-18 15:14)#15965

Closed
eyangfeng88-arch wants to merge 2 commits intoprojectdiscovery:mainfrom
eyangfeng88-arch:batch7-cves-20260418-1514
Closed

Add 5 CVE templates (Batch 7 - 2026-04-18 15:14)#15965
eyangfeng88-arch wants to merge 2 commits intoprojectdiscovery:mainfrom
eyangfeng88-arch:batch7-cves-20260418-1514

Conversation

@eyangfeng88-arch
Copy link
Copy Markdown

@eyangfeng88-arch eyangfeng88-arch commented Apr 18, 2026

Templates Added

CVE Product Severity Vulnerability Type
CVE-2026-34612 Kestra Critical (9.9) SQL Injection to Remote Code Execution
CVE-2026-35053 OneUptime Critical (9.8) Missing Authentication for Workflow Execution
CVE-2026-37347 SourceCodester Payroll Critical (9.1) Unauthenticated SQL Injection
CVE-2026-6204 LibreNMS High (7.2) Authenticated Remote Code Execution
CVE-2026-37346 SourceCodester Payroll Medium (4.9) Authenticated SQL Injection

References

Checklist

  • Template ID is unique
  • References added
  • CVSS score and CWE ID included
  • Matchers tested
  • 5-agent review passed

@eyangfeng88-arch
Add 5 CVE templates (Batch 7 - 2026-04-18 15:14)
902d01c 
- CVE-2026-34612: Kestra < 1.3.7 - SQLi to RCE
- CVE-2026-35053: OneUptime < 10.0.42 - Missing Auth for Workflow Execution
- CVE-2026-37347: SourceCodester Payroll - SQLi (view_employee)
- CVE-2026-6204: LibreNMS < 26.3.0 - Authenticated RCE
- CVE-2026-37346: SourceCodester Payroll - SQLi (view_account)
@github-actions github-actions Bot requested a review from Akokonunes April 18, 2026 07:25
@eyangfeng88-arch
fix: improve template matchers for accurate vulnerability detection
82819eb 
- CVE-2026-34612: Add time-based SQLi detection with PG_SLEEP(5)
- CVE-2026-35053: Improve matcher precision, exclude auth errors
- CVE-2026-37347: Use regex for MySQL-specific error patterns
- CVE-2026-6204: Add multi-request detection with version extraction
- CVE-2026-37346: Use regex for MySQL-specific error patterns
@neo-by-projectdiscovery-dev
Copy link
Copy Markdown
Contributor

neo-by-projectdiscovery-dev Bot commented Apr 18, 2026
edited
Loading

Neo - Nuclei Template Review

No security issues found

Comment @pdneo help for available commands. · Open in Neo

@theamanrawat
Copy link
Copy Markdown
Contributor

theamanrawat commented Apr 20, 2026

Hi @eyangfeng88-arch,

Thank you so much for sharing this template with the community and contributing to this project 🍻

In this repository, we aim to add templates with a complete POC. However, these templates lacks a complete POC and cannot guarantee a successful exploit. As a result, we have decided to close this pull request for now. But please feel free to submit another pull request whenever you have a complete POC.

We're looking forward to your continued contributions!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Akokonunes Akokonunes Awaiting requested review from Akokonunes

Assignees

@theamanrawat theamanrawat

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@eyangfeng88-arch @theamanrawat