
🌷April showers haven’t got us down this month - in fact the PD team has been pouring time and hard work into another round of updates and features for our tools!
Read on for this month’s run down of community news, highlights from social, and a couple of exciting announcements.
🎉Our major highlight this month - we’ve just won Most Innovative Startup in RSAC’s Innovation Sandbox!
📢 We're also excited to announce the addition of templates for Google Cloud Platform (GCP) configurations to our Nuclei Templates roster, crafted with a whole host of GCP service checks in mind.
👀 Don't forget to explore the latest blog posts over on ProjectDiscovery’s website for even more insights and updates.
In the news
ProjectDiscovery wins Most Innovative Startup at RSAC Innovation Sandbox 2025!
🚀 Hot off the press, ProjectDiscovery scooped the award for Most Innovative Startup late this month, after presenting our pitch over at RSAC 2025.
💫 We couldn’t even dream of reaching these heights without the community by our side, helping us innovate and sharing in our belief that open-source has the power to change security. We’re sharing our joy and pride in this award with you all, and we can’t wait to see how we can keep pushing boundaries!
Events
👾 Recon Village is back for DEF CON 33 this year! The call for papers is now open, and you have until June 15th to submit!
Learn more
The call for papers for BSides Las Vegas has also reopened! If you’re interested, be sure to submit before May 9th to be considered.
Learn more
Community Videos
Check out our new video on the features of ProjectDiscovery v1.2, including our new Template Editor!
Watch the video
Missed our latest Tips and Tricks videos? You can find them right here in our playlist!
Watch the video
Highlights
The PDNuclei Bot is now active! You can find our account over on Twitter/X, where a new update is created every time a new CVE is added to the Nuclei Templates repository - making it even easier for you to stay updated with the latest security vulnerabilities and CVEs.
Check it out
IngressNightmare CVEs have been trending, and this month we’ve updated our own coverage. You can check out some of the newly-added vulnerabilities over on Twitter/X.
Read the post
Nuclei Templates
April stats
Two more Nuclei templates updates were released into the world this month, with both v10.1.7 and v10.2.0 bringing some exciting new highlights. To add the cherry on top, between both of these releases we’ve had a huge 332 new templates added, 10 first-time contributors, and 39 new CVEs!
Top of our list is our expansion in v10.2.0 to include templates for Google Cloud Platform (GCP) configurations. These templates are specifically crafted with a whole host of checks for GCP services, including Compute Engine, GKE clusters, Cloud Storage buckets, BigQuery datasets, and many more - allowing security teams to conduct thorough security audits of their GCP environments, uncovering critical misconfigurations and vulnerabilities.
Alongside this major upgrade are several critical new additions, including CVEs covering PHP Object Injection in UNA CMS 14.0.0-RC, Unauthorized Remote Code Execution in Langflow AI, and Authentication Bypass in Apache Pinot < 1.3.0.
Some false negatives and positives were addressed, including Improved detection in halo-tism-sqli.yaml
and reduced false positives in hashicorp-consul-unauth.yaml
, and we were able to fix a metadata resolution issue in ldap-metadata.yaml
.
Huge thanks to our contributors: @nvn1729, @s4e-io, @UNC1739, @martian, @v2htw, @popcorn94, @configtea, @righettod, @rxerium, @S0obi, @johnk3r, @zerochill, @icarot and @BUrso.
And, congratulations to our first-time contributors: @Th3l0newolf, @AyushXtha, @tuo4n8, @PareshParmar, @micktaiwan, @passkal4, @abhishekrautela, @darses, @matusso and @whattheslime.
Join our community
Our diverse community spans members from full-time bug bounty hunters to Fortune 500 security engineers. Let's go!
Thanks,
The ProjectDiscovery Team
If you have any feedback or ideas for our Community Newsletter, please share them by filling out this form. You can provide links or suggestions for content that you would like to see in the newsletter.