Nuclei POC 精选分析 - 2026-05-15
📊 智能筛选概况
- 发现变更: 114 个模板更新
- 精选分析: 30 个高价值 POC
- 智能跳过: 84 个低优先级模板
- 高风险漏洞: 8 个
- 主要类别: CVE漏洞(6), 其他(8), 技术识别(16)
💡 智能筛选说明: 系统自动优先分析 CVE 漏洞、高危漏洞和新增模板,跳过低价值的技术识别类模板,确保高效利用 API 资源。
严重程度分布
- 🔴 严重: 6 个
- 🟠 高危: 2 个
- ⚪ 信息: 22 个
🔍 重点漏洞分析
MagicMirror <= 2.35.0 - Server-Side Request Forgery
- 漏洞ID:
CVE-2026-42281 - CVE:
CVE-2026-42281(2026) - 严重程度: 🔴 CRITICAL
- 风险等级: 极高风险 (5/5)
- 影响资产: 未知
- 预估影响: 数千个
描述: An unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment variable placeholders (VAR_NAME), enabling exfiltration of server-side secrets.
攻击向量: 网络扫描
CVE编号: CVE-2026-42281
参考链接:
Rclone RC - Broken Access Control
- 漏洞ID:
CVE-2026-41176 - CVE:
CVE-2026-41176(2026) - 严重程度: 🔴 CRITICAL
- 风险等级: 极高风险 (5/5)
- 影响资产: 未知
- 预估影响: 数千个
- EPSS: 0.063 (percentile 0.91049) @ 2026-05-14
描述: Rclone >= 1.45.0 and < 1.73.5 contains a broken access control vulnerability caused by unauthenticated access to the RC endpoint options/set allowing mutation of global runtime configuration, letting unauthenticated attackers access sensitive administrative functions, exploit requires RC server started without global HTTP authentication.
攻击向量: 网络扫描
CVE编号: CVE-2026-41176
参考链接:
sar2html <=3.2.2 Plot Parameter - Remote Code Execution
- 漏洞ID:
CVE-2025-34030 - CVE:
CVE-2025-34030(2025) - 严重程度: 🔴 CRITICAL
- 风险等级: 极高风险 (5/5)
- 影响资产: 未知
- 预估影响: 数千个
- EPSS: 0.08843 (percentile 0.9262) @ 2026-05-14
描述: sar2html version 3.2.2 and prior contains an OS command injection vulnerability in the plot parameter of index.php. A remote, unauthenticated attacker can append shell metacharacters to the plot parameter and execute arbitrary operating system commands.
攻击向量: 网络扫描
CVE编号: CVE-2025-34030
参考链接:
Ninja Forms File Uploads <= 3.3.26 - Arbitrary File Upload
- 漏洞ID:
CVE-2026-0740 - CVE:
CVE-2026-0740(2026) - 严重程度: 🔴 CRITICAL
- 风险等级: 极高风险 (5/5)
- 影响资产: WordPress 站点
- 预估影响: 数千万个
- EPSS: 0.16426 (percentile 0.94943) @ 2026-05-14
描述: Ninja Forms File Uploads plugin for WordPress versions up to and including 3.3.26 is vulnerable to unauthenticated arbitrary file upload which could lead to remote code execution.
攻击向量: 网络扫描
CVE编号: CVE-2026-0740
参考链接:
Apache Tomcat Tribes EncryptInterceptor Bypass - Remote Code Execution
- 漏洞ID:
CVE-2026-34486 - CVE:
CVE-2026-34486(2026) - 严重程度: 🔴 CRITICAL
- 风险等级: 极高风险 (5/5)
- 影响资产: Apache 服务器
- 预估影响: 数百万台
- EPSS: 0.0001 (percentile 0.01211) @ 2026-05-14
描述: Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116.
攻击向量: 网络扫描
CVE编号: CVE-2026-34486
参考链接:
MagicMirror <= 2.35.0 - Server-Side Request Forgery
- 漏洞ID:
CVE-2026-42281 - CVE:
CVE-2026-42281(2026) - 严重程度: 🔴 CRITICAL
- 风险等级: 极高风险 (5/5)
- 影响资产: 未知
- 预估影响: 数千个
描述: An unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment variable placeholders (VAR_NAME), enabling exfiltration of server-side secrets.
攻击向量: 网络扫描
CVE编号: CVE-2026-42281
参考链接:
Infinispan - Default Admin Login
- 漏洞ID:
infinispan-default-login - CVE: -
- 严重程度: 🟠 HIGH
- 风险等级: 高风险 (4/5)
- 影响资产: 未知
- 预估影响: 数千个
描述: The Infinispan REST API was found exposed with the default administrator credentials admin:password. An unauthenticated network attacker can authenticate via HTTP Digest and gain full read/write access to all cache managers, caches, and server administration endpoints.
攻击向量: 网络扫描
参考链接:
Infinispan - Default Admin Login
- 漏洞ID:
infinispan-default-login - CVE: -
- 严重程度: 🟠 HIGH
- 风险等级: 高风险 (4/5)
- 影响资产: 未知
- 预估影响: 数千个
描述: The Infinispan REST API was found exposed with the default administrator credentials admin:password. An unauthenticated network attacker can authenticate via HTTP Digest and gain full read/write access to all cache managers, caches, and server administration endpoints.
攻击向量: 网络扫描
参考链接:
📋 完整模板列表
| 模板名称 | 严重程度 | 类别 | 影响资产 | EPSS | 风险评分 |
|---|---|---|---|---|---|
| MagicMirror <= 2.35.0 - Server-Side Reques | 🔴 critical | CVE漏洞 | 通用 | - | 5/5 |
| Rclone RC - Broken Access Control | 🔴 critical | CVE漏洞 | 通用 | 0.0630 | 5/5 |
| sar2html <=3.2.2 Plot Parameter - Remote C | 🔴 critical | CVE漏洞 | 通用 | 0.0884 | 5/5 |
| Ninja Forms File Uploads <= 3.3.26 - Arbit | 🔴 critical | CVE漏洞 | WordPress 站点 | 0.1643 | 5/5 |
| Apache Tomcat Tribes EncryptInterceptor Bypass - R | 🔴 critical | CVE漏洞 | Apache 服务器 | 0.0001 | 5/5 |
| MagicMirror <= 2.35.0 - Server-Side Reques | 🔴 critical | CVE漏洞 | 通用 | - | 5/5 |
| Infinispan - Default Admin Login | 🟠 high | 其他 | 通用 | - | 4/5 |
| Infinispan - Default Admin Login | 🟠 high | 其他 | 通用 | - | 4/5 |
| Mage AI Panel - Detect | ⚪ info | 其他 | 管理面板 | - | 1/5 |
| Sonar Poller Login - Panel Detect | ⚪ info | 其他 | 管理面板 | - | 1/5 |
| Sonar Poller Login - Panel Detect | ⚪ info | 其他 | 管理面板 | - | 1/5 |
| Infinispan Console - Detection | ⚪ info | 技术识别 | 通用 | - | 1/5 |
| Mage AI Panel - Detect | ⚪ info | 其他 | 管理面板 | - | 1/5 |
| Wix Detection | ⚪ info | 技术识别 | 通用 | - | 1/5 |
| BigCommerce Detection | ⚪ info | 技术识别 | 通用 | - | 1/5 |
| Bitrix Detection | ⚪ info | 技术识别 | 通用 | - | 1/5 |
| Blogger Detection | ⚪ info | 技术识别 | 通用 | - | 1/5 |
| Concrete5 Detection | ⚪ info | 技术识别 | 通用 | - | 1/5 |
| Django Detection | ⚪ info | 技术识别 | 通用 | - | 1/5 |
| ExpressionEngine Detection | ⚪ info | 技术识别 | 通用 | - | 1/5 |
| Flask Detection | ⚪ info | 技术识别 | 通用 | - | 1/5 |
| Mezzanine CMS - Detect | ⚪ info | 技术识别 | 通用 | - | 1/5 |
| OpenCart Detection | ⚪ info | 技术识别 | 通用 | - | 1/5 |
| osCommerce Detection | ⚪ info | 技术识别 | 通用 | - | 1/5 |
| Shopify Detection | ⚪ info | 技术识别 | 通用 | - | 1/5 |
| SilverStripe Detection | ⚪ info | 技术识别 | 通用 | - | 1/5 |
| Squarespace Detection | ⚪ info | 技术识别 | 通用 | - | 1/5 |
| Weebly Detection | ⚪ info | 技术识别 | 通用 | - | 1/5 |
| Sonar Poller Login - Panel Detect | ⚪ info | 其他 | 管理面板 | - | 1/5 |
| Sonar Poller Login - Panel Detect | ⚪ info | 其他 | 管理面板 | - | 1/5 |
🛡️ 安全建议
🚨 发现高风险漏洞,建议立即扫描相关资产 🔍 关注新发布的 CVE 漏洞,及时更新补丁 ⚡ 检测到远程代码执行漏洞,优先处理
🔧 扫描建议
建议使用以下 Nuclei 命令进行扫描:
# 扫描高危漏洞
nuclei -t http/cves/2026/CVE-2026-42281.yaml -t http/cves/2026/CVE-2026-41176.yaml -t http/cves/2025/CVE-2025-34030.yaml -t http/cves/2026/CVE-2026-0740.yaml -t http/cves/2026/CVE-2026-34486.yaml -t http/cves/2026/CVE-2026-42281.yaml -t http/default-logins/infinispan/infinispan-default-login.yaml -t http/default-logins/infinispan/infinispan-default-login.yaml -u target-url
# 扫描所有今日新增模板
nuclei -t http/cves/2026/CVE-2026-42281.yaml -t http/cves/2026/CVE-2026-41176.yaml -t http/cves/2025/CVE-2025-34030.yaml -t http/cves/2026/CVE-2026-0740.yaml -t http/cves/2026/CVE-2026-34486.yaml -t http/cves/2026/CVE-2026-42281.yaml -t http/default-logins/infinispan/infinispan-default-login.yaml -t http/default-logins/infinispan/infinispan-default-login.yaml -t http/exposed-panels/mageai-panel.yaml -t http/exposed-panels/sonar-poller-login.yaml -t http/exposed-panels/sonar-poller-login.yaml -t http/technologies/infinispan-detect.yaml -t http/exposed-panels/mageai-panel.yaml -t http/technologies/Wix-detect.yaml -t http/technologies/bigcommerce-detect.yaml -t http/technologies/bitrix-detect.yaml -t http/technologies/blogger-detect.yaml -t http/technologies/concrete5-detect.yaml -t http/technologies/django-detect.yaml -t http/technologies/expressionengine-detect.yaml -t http/technologies/flask-detect.yaml -t http/technologies/mezzanine-cms-detect.yaml -t http/technologies/opencart-detect.yaml -t http/technologies/oscommerce-detect.yaml -t http/technologies/shopify-detect.yaml -t http/technologies/silverstripe-detect.yaml -t http/technologies/squarespace-detect.yaml -t http/technologies/weebly-detect.yaml -t http/exposed-panels/sonar-poller-login.yaml -t http/exposed-panels/sonar-poller-login.yaml -u target-url
本报告基于 Nuclei 模板库自动生成,数据来源:ProjectDiscovery/nuclei-templates
扫描建议仅供参考,请在授权环境下进行安全测试