The fastest exploits feed on the Internet

Nuclei uses a vast templating library to scan applications, cloud infrastructure, and networks to find and remediate vulnerabilities.

;

30K+

Stars on GitHub

900+

Nuclei contributors

10K+

Templates created

50M+

Monthly scans

Faster detection. Faster protection.

ProjectDiscovery responds to critical vulnerabilities faster than legacy scanners.

IngressNightmare

CVE-2025-1974

Next.js

CVE-2025-29927

CrushFTP

CVE-2025-2825

CVE-2025-1974

IngressNightmare

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Time to detection

5 hrs

ProjectDiscovery

2-5 days

Legacy scanners

  1. Public advisory & patch release

    Kubernetes and Wiz Research publicly disclosed CVE-2025-1974 and released patched Ingress NGINX versions 1.12.1 and 1.11.5.

  2. ProjectDiscovery publishes internal detection template

    A Nuclei template for internal network scanning of CVE-2025-1974 was released, enabling detection within private infrastructures.

    • Realtime automated scans triggered

    • Remediation workflows initiated

  3. Qualys publishes upgrade advisory

    Qualys released a blog post recommending users upgrade their Ingress NGINX controller to the patched versions to mitigate CVE-2025-1974.

  4. ProjectDiscovery publishes external detection template

    A Nuclei template for external scanning was released, allowing detection of CVE-2025-1974 from outside target networks.

    • External scanning available

  5. Rapid7 releases Cluster Scanner plugin

    Rapid7 launched the Kubernetes Cluster Scanner plugin with checks for CVE-2025-1974, enabling customers to validate patch status across their clusters.

  6. Tenable releases Nessus plugin #233656

    Tenable published a direct remote check plugin for Nessus, allowing automated scanning for CVE-2025-1974 on target systems.

  7. Scan for CVE-2025-1974

Trending vulnerabilities

View templates

Write your own detection templates using AI powered by our Nuclei open source library

Leverage the global security community to streamline your vulnerability management. With a template library full of contributions from pentest, bug bounty, and security teams to automate the most complex vulnerability detection.

Learn more

Broken Authentication

Weak password

Out of band

SQL Injection

Secrets

IDOR

1
id: CVE-2024-27199
2
3
info:
4
name: TeamCity < 2023.11.4 - Authentication Bypass
5
author: DhiyaneshDk
6
severity: high
7
description: |
8
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
9
reference:
10
- https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/
11
- https://nvd.nist.gov/vuln/detail/CVE-2024-27199
12
classification:
13
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
14
cvss-score: 7.3
15
cwe-id: CWE-23
16
metadata:
17
verified: true
18
max-request: 3
19
shodan-query: http.component:"TeamCity"
20
tags: cve,cve2024,teamcity,jetbrains,auth-bypass
21
22
http:
23
- method: GET
24
path:
25
- "{{BaseURL}}/res/../admin/diagnostic.jsp"
26
- "{{BaseURL}}/.well-known/acme-challenge/../../admin/diagnostic.jsp"
27
- "{{BaseURL}}/update/../admin/diagnostic.jsp"
28
29
stop-at-first-match: true
30
matchers:
31
- type: dsl
32
dsl:
33
- 'status_code == 200'
34
- 'contains(header, "text/html")'
35
- 'contains_all(body, "Debug Logging", "CPU & Memory Usage")'
36
condition: and
37
# digest: 490a0046304402207d46ec6991f8498ff8c74ec6ebfe0f59f19210620cab88c23c7761c7701b640102201246e4baea4f5b436b45be21c4f66bbe35e8a5f3769b78de38ee94253f331fa7:922c64590222798bb761d5b6d8e72950
Real world simulation

Run the vulnerability tests as an attacker would to exploit a given vulnerability. Capture full logs behind a given test to triage faster for the team.

AI-powered editor

Use our AI-powered vulnerability automation editor to convert your internal vulnerability data into an automated detection pipeline.

Supports 6 protocols

Nuclei, built by our team, supports over 6 protocols as well as code protocols, so you can basically stitch almost any kind of vulnerability.

Contributor leaderboard

Recognizing members who are making an impact on internet security.

    #

    Username

    Category

    Templates

    Points

    Put Nuclei to work

    Find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

    Web Application

    Identify common web vulnerabilities with an active library of community-powered templates.

    Cloud

    Examine cloud environments and infrastructure for misconfigurations and vulnerabilities.

    Network Security

    Scan non web services like SSH, FTP, SMB, and more.

    API

    Test APIs with an active library of known vulnerabilities and misconfigurations.

    Infrastructure

    Audit server configurations, open ports, and services for security issues.

    CI/CD

    Integrate into your existing pipelines to minimize issues resurfacing into production.

    Latest Nuclei stories

    Read about the latest news and updates from the Nuclei team.