🌷Spring has sprung, clocks have jumped forward, and the ProjectDiscovery team hasn't missed a beat! This March, we've packed our latest release(s) with exciting updates to our tools and templates.

📅 Heading to SF for BSides SF or RSA Conference and like arcade games and a fun meal? We have a fun event to invite you to!

🎉Our highlight this month? A massive addition of 359 brand-new Nuclei templates—all thanks to our incredible community contributors. Dive into the details of this impressive milestone in our dedicated newsletter and find out exactly what's new!

📢 We're also celebrating our first-ever community PR to the Nuclei templates labs repository—another fantastic achievement for our growing community.

👀 Don't forget to explore the latest blog posts over on ProjectDiscovery’s website for even more insights and updates.

As always, catch up with us on GitHub or join us on Discord. See you there!

In the news

Events

👾 Headed to Pre-Bsides SF or RSA Conference in April? Join us at as we take over Emporium SF for a fun night of casual games, food and more. We’re partnering with Semgrep, Prophet Security and Cloud Red Partners for a fun night of games and hanging out.

Check out our latest community video, which we also compile in a dedicated channel over on the ProjectDiscovery Discord!

From BSides Zagreb, Domagoj Vratarić uses the Nuclei framework for vulnerability regression testing.
Watch the video

What’s the best way to scan vulnerabilities with Nuclei, using Linux? InfoVerse Tech takes us through their process.
Watch the video

Highlights

Our CTO and co-founder Sandeep recently recorded a podcast for Coffee and Pizza.
Watch the recording

Looking for an easy-to-follow guide on installing and using Nuclei? Andrew Pratt over at bugcrowd shared a great beginners guide.
Read the article

Late this month, our first ever community pull request for the Nuclei templates labs repository was submitted!
Check out the PR

Nuclei Templates

March stats

This March, we’ve had two Nuclei templates releases packed with features, in the form of v10.1.5, and v10.1.6. Across both of these, we’ve had a huge 359 new templates added, the input of 12 brand new first-time contributors, and included 68 new CVEs!

In v10.1.5, our major announcement is the addition of new CSP Bypass (DAST) Nuclei Templates, which help security teams and bug hunters efficiently identify Content Security Policy (CSP) misconfigurations. These templates automate the detection of CSP bypass techniques, allowing testers to analyze real-world attack scenarios where CSP restrictions can be circumvented in the presence of existing XSS vulnerabilities.

Other highlights include CVEs addressing insecure deserialization of the Sitecore Experience Manager (XM)/Experience Platform, remote code execution in the XWiki Platform, and cross-site scripting specifically targeting Essential Addons for Elementor < 6.0.15.

In v10.1.6, SAML authentication bypass was addressed for GitLab, remote code execution in ngress-Nginx Controller, and command injection for CyberPanel.

A workflow issue with Dell iDRAC was also fixed, along with GET request handling in CVE-2025-24813.

Our diverse community spans members from full-time bug bounty hunters to Fortune 500 security engineers. Let's go!

Thanks,
The ProjectDiscovery Team

If you have any feedback or ideas for our Community Newsletter, please share them by filling out this form. You can provide links or suggestions for content that you would like to see in the newsletter.