Ritik Chaddha(pwn_box)

We built three full-stack apps using Claude Code, Codex, and Cursor - a healthcare portal, a banking platform, and an insurance claims system. The prompts were casual, exactly how people actually vibe code. No mention of security, nothing intentionally broken. Then we threw four security scanners at them Neo, Claude, Invicti and Snyk and manually verified every single finding. The results genuinely surprised us. 70 exploitable vulnerabilities across three apps. Unlimited money creation in the banking app. Any user could create admin accounts in the insurance platform. Patient records accessible to anyone in the healthcare portal. All Critical and High severity. All shipped out of the box. But what really got me was the scanner gap. Neo found 62 of 70 vulnerabilities with only 5 false positives. Snyk found literally zero valid issues. The difference between these tools isn't incremental it's the difference between finding the bugs that matter and walking away with a false sense of security. Full blog with the stats is live. The detailed research paper with exact prompts, methodology, all the findings, and the apps themselves is coming soon.

Every AI coding tool we tested shipped apps with critical vulnerabilities out of the box. We have the data to prove it. Exciting report dropping in a few days..

New #Nuclei Templates drop! v10.3.0 & v10.3.1 during #Hacktoberfest: 243 new templates + 178 CVEs including 44 KEVs (CISA). Check out the full recap: projectdiscovery.io/blog/hacktober…

Just dropped a massive @pdnuclei templates release 🔥 Added 7 KEVs + a dozen trending CVEs like following: • CrushFTP auth bypass (CVE-2025-54309) - already being hammered in the wild • XWiki getting lit up with 6 new vulns • Microweber CMS XSS party • Maltrail RCE because why not • Parse Server leaking schemas .... Shoutout to 14 new contributors. We also rewarded bounties to 6 contributors and have 28 new bounty issues up for grabs Just run nuclei and go hunting

Nuclei Templates Monthly - May 2025 🚨 🎉 106 new Templates added 🔥 57 new CVEs covered 🛡️ 10 actively exploited KEVs Added 🚀 11 first-time contributions 💰 Template Reward program launched Catch up on everything through the blog: projectdiscovery.io/blog/nuclei-te… @pdnuclei #NucleiTemplates #cve #Nuclei #KEV

🚨 CVE-2025-4427 - critical 🚨 Ivanti Endpoint Manager Mobile - Unauthenticated Remote Code Execution > An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to acce... 👾 cloud.projectdiscovery.io/library/CVE-20… @pdnuclei #NucleiTemplat...

I’m excited to announce a major release of Nuclei Templates focused on GCP Cloud Configuration Review Templates 🎉 This latest version introduces a series of security checks for the comprehensive components of Google Cloud Platform (GCP) services, including Compute Engine instances, GKE clusters, Cloud Storage buckets, BigQuery datasets, and more. These new templates are crafted to find common misconfigurations, ensure compliance with regulatory standards, and maintain adherence to industry best practices. In this update, we have also added 11 templates including some trending CVEs such as SAP NetWeaver Visual Composer Metadata Uploader - Deserialization, Gladinet CentreStack - Unauthenticated RCE, FoxCMS v.1.2.5 - Remote Code Execution, NetScaler Console - Sensitive Information Disclosure, Erlang/OTP SSH - Remote Code Execution. Check it out and share your thoughts! 🔥 Read more about it here: projectdiscovery.io/blog/gcp-cloud… Release notes: github.com/projectdiscove…

Here’s a breakdown of CVE-2025-29927: Next.js Middleware Authorization Bypass. We’ve also added a Nuclei template for detecting this vulnerability, along with a lab where you can try it out for yourself. Check it out here: projectdiscovery.io/blog/nextjs-mi… @pdnuclei

Five years ago, four of us started collaborating on @github to automate security workflows. Since then, we’ve built 20+ open-source projects, now running 20M+ times daily—helping everyone scan & secure their attack surface for free. This week, we hit 100K GitHub 🌟 across all projects! Huge thanks to the amazing open-source & security community! Explore @pdiscoveryio at github.com/projectdiscove…

Day 1 of launch week! We've completely rebuilt exposure discovery and asset management for the modern web. Here's what's new in v1 👇 (1/6)

2024 was an incredible year for the ProjectDiscovery community. Here’s a quick snapshot of what we accomplished together: 👉 3,000+ Pull Requests merged across 35 repositories. 👉 That’s roughly 8 PR merges per day! 👉 2,000+ Issues created, with over 1,500 closed We’re immensely grateful to everyone who contributed code, reported bugs, shared feedback, and educated others. Your passion and expertise make this community thrive! Looking ahead to 2025, we have exciting new tools and features in the roadmap, and we can't wait to collaborate with all of you once again. From the bottom of our hearts—thank you for making 2024 a year to remember.

2024 was quite a year for us building @pdiscoveryio cloud platform! 🚀 Here are the key features we released for all platform users: 👉AI-Powered @pdnuclei Template editor to quickly convert vulnerabilities into automated test templates 👉Automated Asset Discovery workflow with change alerts 👉Vulnerability scan with @pdnuclei across all assets of verified domains 👉Vulnerability management for locally scanned/uploaded nuclei results

@nullenc0de Hey @nullenc0de, Thanks for sharing!! We have raised the PR for it github.com/projectdiscove….

I had an idea in the school pickup line. I wonder how many company's have their internal PKI exposed... If anyone wants to play before I have time to: gist.github.com/nullenc0de/b31…

Detect Sitecore RCE (CVE-2024-46938) with Nuclei 🚀 🔹 Nuclei Template: cloud.projectdiscovery.io/?template=CVE-… by @DhiyaneshDK 🔹 Research: assetnote.io/resources/rese… by @assetnote #hackwithautomation #Cybersecurity #AppSec #BugBounty

🚨 New Vulnerability Research Alert! 🚨 Our latest discovery reveals a critical GitHub Enterprise SAML Authentication Bypass (CVE-2024-9487) 🔓 ✅ Full technical analysis and impact breakdown ⚛️ Nuclei templates for rapid detection Read the full write-up: projectdiscovery.io/blog/github-en… #CyberSecurity #Infosec #Vulnerability #GitHub

Excited to connect with the cybersecurity community at #BSidesAhmedabad! Join our team members for an in-depth workshop on - Vulnerability Scanning And Enumeration with Nuclei (@pdnuclei) : Deep Dive Let's meet, learn, and network! 🙌 #hackwithautomation #CybersecurityWorkshop #bugbounty

🚨 CVE-2024-45409: SAML Auth Bypass in GitLab We just reversed a critical Ruby-SAML vuln affecting GitLab! 🔓 ✅ Detailed analysis of the SAML bypass ⚛️ Nuclei detection template Check out the full write-up: blog.projectdiscovery.io/ruby-saml-gitl… #CyberSecurity #GitLab #RubySAML #Infosec

Scan for CVE-2024-47176 (CUPS - Remote Code Execution) with Nuclei Vulnerability discovery and analysis by @evilsocket: evilsocket.net/2024/09/26/Att… Nuclei Template: cloud.projectdiscovery.io/?template=CVE-… #hackwithautomation #cybersecurity #bugbounty

Created a template for the trending CVE-2024-47176 (CUPS Remote Code Execution). Head over to the template on PDCP, and click ‘scan’ to ensure your assets are not vulnerable to this CVE: cloud.projectdiscovery.io/?template=CVE-…

I’m excited to announce a major release of Nuclei Templates v10.0.0 - Azure Config Review 🎉 This latest version features 192 🚀 templates for conducting comprehensive security audits of Azure environments, including VMs, App Services, SQL Databases, and more. The introduction of these Azure-specific templates enables security teams to perform detailed security audits on their Azure environments, uncovering critical misconfigurations and vulnerabilities. In this release, we have also added 35 templates for trending CVEs, including Apache OFBiz - Remote Code Execution, Apache HTTPd Windows UNC - Server-Side Request Forgery, SolarWinds Web Help Desk - Hardcoded Credential, and many more. Check it out and share your thoughts! 🔥 Read more about it here: blog.projectdiscovery.io/azure-config-r… Release notes: github.com/projectdiscove…