{"url":"https://api.github.com/repos/projectdiscovery/nuclei-templates/releases/309378709","assets_url":"https://api.github.com/repos/projectdiscovery/nuclei-templates/releases/309378709/assets","upload_url":"https://uploads.github.com/repos/projectdiscovery/nuclei-templates/releases/309378709/assets{?name,label}","html_url":"https://github.com/projectdiscovery/nuclei-templates/releases/tag/v10.4.2","id":309378709,"author":{"login":"princechaddha","id":16654365,"node_id":"MDQ6VXNlcjE2NjU0MzY1","avatar_url":"https://avatars.githubusercontent.com/u/16654365?v=4","gravatar_id":"","url":"https://api.github.com/users/princechaddha","html_url":"https://github.com/princechaddha","followers_url":"https://api.github.com/users/princechaddha/followers","following_url":"https://api.github.com/users/princechaddha/following{/other_user}","gists_url":"https://api.github.com/users/princechaddha/gists{/gist_id}","starred_url":"https://api.github.com/users/princechaddha/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/princechaddha/subscriptions","organizations_url":"https://api.github.com/users/princechaddha/orgs","repos_url":"https://api.github.com/users/princechaddha/repos","events_url":"https://api.github.com/users/princechaddha/events{/privacy}","received_events_url":"https://api.github.com/users/princechaddha/received_events","type":"User","user_view_type":"public","site_admin":false},"node_id":"RE_kwDODxUmBM4ScL6V","tag_name":"v10.4.2","target_commitish":"main","name":"Nuclei Templates v10.4.2 – Release Notes ","draft":false,"immutable":false,"prerelease":false,"created_at":"2026-04-15T13:08:06Z","updated_at":"2026-04-15T13:58:32Z","published_at":"2026-04-15T13:56:52Z","assets":[{"url":"https://api.github.com/repos/projectdiscovery/nuclei-templates/releases/assets/397038208","id":397038208,"node_id":"RA_kwDODxUmBM4XqlKA","name":"nuclei-templates-10.4.2_checksums.txt","label":null,"uploader":{"login":"princechaddha","id":16654365,"node_id":"MDQ6VXNlcjE2NjU0MzY1","avatar_url":"https://avatars.githubusercontent.com/u/16654365?v=4","gravatar_id":"","url":"https://api.github.com/users/princechaddha","html_url":"https://github.com/princechaddha","followers_url":"https://api.github.com/users/princechaddha/followers","following_url":"https://api.github.com/users/princechaddha/following{/other_user}","gists_url":"https://api.github.com/users/princechaddha/gists{/gist_id}","starred_url":"https://api.github.com/users/princechaddha/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/princechaddha/subscriptions","organizations_url":"https://api.github.com/users/princechaddha/orgs","repos_url":"https://api.github.com/users/princechaddha/repos","events_url":"https://api.github.com/users/princechaddha/events{/privacy}","received_events_url":"https://api.github.com/users/princechaddha/received_events","type":"User","user_view_type":"public","site_admin":false},"content_type":"text/plain","state":"uploaded","size":189,"digest":"sha256:4d8cb4bc16df0ae9554f1f38fb116bbe60d6bc686f43be187a5c5b32f5e90c48","download_count":125,"created_at":"2026-04-15T13:58:31Z","updated_at":"2026-04-15T13:58:32Z","browser_download_url":"https://github.com/projectdiscovery/nuclei-templates/releases/download/v10.4.2/nuclei-templates-10.4.2_checksums.txt"}],"tarball_url":"https://api.github.com/repos/projectdiscovery/nuclei-templates/tarball/v10.4.2","zipball_url":"https://api.github.com/repos/projectdiscovery/nuclei-templates/zipball/v10.4.2","body":"### New Templates Added: `121` | CVEs Added: `61` | First-time contributions: `15`\r\n\r\n### 🔥 Release Highlights 🔥\r\n- [CVE-2026-21643] Fortinet FortiClientEMS 7.4.4 - SQL Injection (@ritikchaddha) [critical] 🔥 (kev) (vKEV)\r\n- [CVE-2026-35616] FortiClient EMS - Authentication Bypass (@ritikchaddha) [high] 🔥 (kev) (vKEV)\r\n- [CVE-2026-39987] Marimo <= 0.20.4 - Pre-Auth Terminal WebSocket RCE (@ritikchaddha) [critical] 🔥 (vKEV)\r\n- [CVE-2025-59528] Flowise - Remote Code Execution (@xtr0nix) [critical] 🔥 (vKEV)\r\n- [CVE-2026-3584] WordPress Kali Forms <= 2.4.9 - Remote Code Execution (@pussycat0x) [critical] 🔥 (vKEV)\r\n- [CVE-2026-4020] Gravity SMTP WordPress Plugin - Sensitive Information Exposure (@theamanrawat) [high] 🔥 (vKEV)\r\n- [CVE-2026-34197] Apache ActiveMQ - Remote Code Execution (@DhiyaneshDk, @horizon3) [critical] 🔥\r\n- [CVE-2026-34156] NocoBase - VM Sandbox Escape to Remote Code Execution (@theamanrawat) [critical] 🔥\r\n- [CVE-2026-20079] Cisco Secure Firewall Management Center - Authentication Bypass (@theamanrawat) [critical] 🔥\r\n- [CVE-2026-26980] Ghost CMS Content API - SQL Injection (@domwhewell-sage) [critical] 🔥\r\n- [CVE-2026-4257] WordPress Contact Form by Supsystic - Server-Side Template Injection (@theamanrawat) [critical] 🔥\r\n- [CVE-2026-2699] Progress ShareFile Storage Zones Controller - Authentication Bypass (@DhiyaneshDk) [critical] 🔥\r\n- [CVE-2026-33340] LoLLMs WEBUI - Server-Side Request Forgery (@theamanrawat) [critical] 🔥\r\n- [CVE-2025-67303] ComfyUI-Manager < 3.38 - Configuration Overwrite (@maciejklimek) [critical] 🔥\r\n- [CVE-2024-38819] Spring Framework Path Traversal in Functional Web Frameworks (@DhiyaneshDk) [high] 🔥\r\n\r\n## What's Changed\r\n\r\n**Bug Fixes**\r\n  * Moved CVE-2026-23829 template from incorrect http folder to the network folder (Issue #15633, PR #15738).\r\n  * Fixed CVE-ID mismatches in template metadata (PR #15850).                                                                                                      \r\n  * Fixed invalid CPE formats across multiple HTTP templates (PR #15751).                                                                                          \r\n  * Fixed tag formatting in CVE-2023-38875, CVE-2025-11307, CVE-2023-24322, and CVE-2025-4210 templates (PRs #15897, #15898, #15899, #15900).\r\n  * Updated CVE-2023-6825 template to correct detection logic (PR #15877).                                                                                         \r\n  * Corrected template author attribution from PentesterTN to 0xBassia (PR #15827).  \r\n \r\n**False Negatives**\r\n  * Fixed false negatives in CVE-2024-8529 (LearnPress SQLi): body matchers were unreliable for blind SQLi responses and a randstr bypass was added to defeat DB query cache (Issue #15768, PR #15844). \r\n  \r\n**False Positives**\r\n  * Reduced extremely high false positives in credentials-disclosure template caused by over-permissive `[\\w-]+` value regex with no minimum length enforcement, flagging short UI strings like `\"ClientSecret\":\"Client\"` as credential leaks (Issue #15563, PR #15845).                                                       \r\n  * Reduced false positives in the Apache ActiveMQ Artemis Console Default Login template; tightened matcher to require a valid JSON login response with expected`artemis` username (Issue #15762, PR #15861).                                                                                                                  \r\n  * Resolved false positives in molgenis-default-login template triggered by JSESSIONID cookies on custom 404 pages (Issue #12603).                                \r\n  * Removed false positive subdomain takeover detection templates for Netlify, Shopify, Azure Azurewebsites, Cloudapp, and Trafficmanager - these services are no longer vulnerable due to enforced TXT verification, deprecation, or claimed namespace blocking (PR #15724).                                                      \r\n  * Fixed false positive webpack-config detection triggered by SPA catch-all routing (PR #15869).                                                                  \r\n  * Improved CVE-2022-3254 matchers to reduce false positives on HTML error responses (PR #15840).                                                                 \r\n  * Fixed false positives in CVE-2024-52762 (PR #15833).                                                                                                           \r\n  * Fixed false positives in CVE-2025-49113 (PR #15777).\r\n\r\n**Enhancements**\r\n  * Refactored matchers in CVE-2024-42009 for improved detection accuracy (PR #15835).\r\n  * Added and normalized CWE metadata across HTTP templates (PR #15804).              \r\n  * Added additional EOL version entries to end-of-life detection templates (PR #15891).                                                                           \r\n  * Updated CVE-2025-30208 detection coverage (PR #15784).                                                                                                                              \r\n\r\n## Templates Added\r\n- [CVE-2026-39987] Marimo <= 0.20.4 - Pre-Auth Terminal WebSocket RCE (@ritikchaddha) [critical] 🔥 (vKEV)\r\n- [CVE-2026-39365] Vite Dev Server - Path Traversal in Optimized Deps .map Handling (@theamanrawat) [medium] 🔥\r\n- [CVE-2026-39364] Vite Dev Server - Directory Traversal (@ritikchaddha) [high] 🔥\r\n- [CVE-2026-35616] FortiClient EMS - Authentication Bypass (@ritikchaddha) [high] 🔥 (kev) (vKEV)\r\n- [CVE-2026-34885] WordPress Media Library Assistant <= 3.34 - SQL Injection (@theamanrawat) [high] 🔥\r\n- [CVE-2026-34605] SiYuan Note - Cross-Site Scripting (@ritikchaddha) [medium]\r\n- [CVE-2026-34453] SiYuan <= v3.6.1 - Bookmark Data Disclosure (@0x_Akoko) [high]\r\n- [CVE-2026-34197] Apache ActiveMQ - Remote Code Execution (@DhiyaneshDk, @horizon3) [critical] 🔥\r\n- [CVE-2026-34156] NocoBase - VM Sandbox Escape to Remote Code Execution (@theamanrawat) [critical] 🔥\r\n- [CVE-2026-33478] AVideo <= 26.0 - WWBN AVideo - Remote Code Execution (@pussycat0x) [critical]\r\n- [CVE-2026-33340] LoLLMs WEBUI - Server-Side Request Forgery (@theamanrawat) [critical] 🔥\r\n- [CVE-2026-31809] SiYuan <= v3.5.9 - Cross Site Scripting (@0x_Akoko) [medium]\r\n- [CVE-2026-31807] SiYuan <= v3.5.9 - SVG Animate Element XSS (@0x_Akoko) [medium]\r\n- [CVE-2026-30824] Flowise - NVIDIA NIM Endpoints Missing Authentication (@DhiyaneshDk) [high] 🔥\r\n- [CVE-2026-29183] SiYuan Note - Cross-Site Scripting (@ritikchaddha) [medium]\r\n- [CVE-2026-29066] TinaCMS - Path Traversal (@theamanrawat) [medium]\r\n- [CVE-2026-29014] MetInfo CMS <= 8.1 - Remote Code Execution (@0x_Akoko) [critical]\r\n- [CVE-2026-28414] Gradio - Absolute Path Traversal (@0x_Akoko) [high] 🔥\r\n- [CVE-2026-28358] NocoDB - User Enumeration (@DhiyaneshDk) [medium] 🔥\r\n- [CVE-2026-26980] Ghost CMS Content API - SQL Injection (@domwhewell-sage) [critical] 🔥\r\n- [CVE-2026-25616] Blesta <= 5.13.1 - Cross-Site Scripting (@0x_Akoko) [medium]\r\n- [CVE-2026-21643] Fortinet FortiClientEMS 7.4.4 - SQL Injection (@ritikchaddha) [critical] 🔥 (kev) (vKEV)\r\n- [CVE-2026-20079] Cisco Secure Firewall Management Center - Authentication Bypass (@theamanrawat) [critical] 🔥\r\n- [CVE-2026-6203] User Registration & Membership WordPress plugin - Open Redirect (@theamanrawat) [medium] 🔥\r\n- [CVE-2026-6118] AstrBot <= 4.22.1 - Command Injection (@jyoti369) [high]\r\n- [CVE-2026-5615] VvvebJs <= 2.0.5 - Cross-Site Scripting (@theamanrawat) [medium]\r\n- [CVE-2026-4257] WordPress Contact Form by Supsystic - Server-Side Template Injection (@theamanrawat) [critical] 🔥\r\n- [CVE-2026-4106] HT Mega < 3.0.7 - Sensitive Information Disclosure (@EFETR) [high] 🔥\r\n- [CVE-2026-4020] Gravity SMTP WordPress Plugin - Sensitive Information Exposure (@theamanrawat) [high] 🔥 (vKEV)\r\n- [CVE-2026-3584] WordPress Kali Forms <= 2.4.9 - Remote Code Execution (@pussycat0x) [critical] 🔥 (vKEV)\r\n- [CVE-2026-3396] WCAPF WooCommerce Ajax Product Filter - SQL Injection (@theamanrawat) [high] 🔥\r\n- [CVE-2026-2699] Progress ShareFile Storage Zones Controller - Authentication Bypass (@DhiyaneshDk) [critical] 🔥\r\n- [CVE-2026-2416] Geo Mashup <= 1.13.17 - SQL Injection (@Shivam Kamboj) [high]\r\n- [CVE-2025-67303] ComfyUI-Manager < 3.38 - Configuration Overwrite (@maciejklimek) [critical] 🔥\r\n- [CVE-2025-64500] Symfony HttpFoundation - Access Control Bypass via PATH_INFO (@DhiyaneshDk) [high] 🔥\r\n- [CVE-2025-59528] Flowise - Remote Code Execution (@xtr0nix) [critical] 🔥 (vKEV)\r\n- [CVE-2025-55150] Stirling-PDF < 1.1.0 - Server-Side Request Forgery (@WeQi) [high] 🔥\r\n- [CVE-2025-54597] Heimdall Application Dashboard < 2.7.3 - Reflected XSS (@0x_Akoko) [medium]\r\n- [CVE-2025-53533] Pi-hole Reflected XSS in 404-Error Page (@DhiyaneshDk) [medium] 🔥\r\n- [CVE-2025-50578] Heimdall - Host Header Injection & Open Redirect (@DhiyaneshDk) [medium]\r\n- [CVE-2025-32614] EventON Lite <= 2.4 - Authenticated Local File Inclusion (@pussycat0x) [high] 🔥\r\n- [CVE-2025-14340] Payara Server - Cross-Site Scripting (@0x_Akoko, @0xr2r) [high] 🔥\r\n- [CVE-2025-14124] Team WordPress Plugin (TLP Team) <= 5.0.9 - SQL Injection (@neosmith1, @0x_Akoko) [high] 🔥\r\n- [CVE-2025-13652] WordPress CBX Bookmark & Favorite Plugin <= 2.0.4 - SQL Injection (@neosmith1) [critical] 🔥\r\n- [CVE-2025-12536] SureForms <= 1.13.1 - Sensitive Information Exposure (@pussycat0x) [medium] 🔥\r\n- [CVE-2025-5350] WSO2 - Server Side Request Forgery (@Sourabh Grover) [medium] 🔥\r\n- [CVE-2025-2558] WordPress The Wound Theme <= 0.0.1 - Local File Inclusion (@pussycat0x) [high]\r\n- [CVE-2025-2221] WordPress WPCOM Member <= 1.7.6 - SQL Injection (@neosmith1, @0x_Akoko) [high] 🔥\r\n- [CVE-2024-49357] ZimaOS <= v1.2.4 - Sensitive Information Disclosure (@DhiyaneshDk) [high]\r\n- [CVE-2024-38819] Spring Framework Path Traversal in Functional Web Frameworks (@DhiyaneshDk) [high] 🔥\r\n- [CVE-2024-28752] Apache CXF < 4.0.4 - Aegis DataBinding SSRF / Local File Read (@maciejklimek) [high] 🔥\r\n- [CVE-2024-8252] WordPress Clean Login <= 1.14.5 Authenticated (Contributor+) - Local File Inclusion (@pussycat0x) [high] 🔥\r\n- [CVE-2023-49293] Vite dev server - Cross-Site Scripting (@ritikchaddha) [medium] 🔥\r\n- [CVE-2023-40924] SolarView Compact < 6.00 - Directory Traversal (@DhiyaneshDk) [high]\r\n- [CVE-2023-7165] JetBackup <= 2.0.9.7 - Sensitive Information Exposure via Directory Listing (@pussycat0x) [high] 🔥\r\n- [CVE-2023-6825] WordPress File Manager <= 7.2.1 - Directory Traversal (@pussycat0x) [critical] 🔥\r\n- [CVE-2023-6750] WordPress WP Clone <= 2.4.2 - Database Backup Exposure (@pussycat0x) [critical] 🔥\r\n- [CVE-2023-6592] WordPress FastDup <= 2.1.9  Sensitive Information Exposure - Directory Listing (@pussycat0x) [medium] 🔥\r\n- [CVE-2022-41678] Apache ActiveMQ < 5.16.5/5.17.3 - Remote Code Execution (@maciejklimek) [high] 🔥\r\n- [CVE-2021-46371] AntD Admin - Sensitive Information Disclosure (@ritikchaddha) [high]\r\n- [CVE-2021-23337] Lodash Template - Server-Side Template Injection (RCE) (@DhiyaneshDk) [high] 🔥\r\n- [apache-sling-default-login] Apache Sling - Default Login (@icarot) [high]\r\n- [astrbot-default-login] AstrBot - Default Login (@theamanrawat) [high]\r\n- [checkmk-default-login] Checkmk - Default Login (@0xBassia) [high]\r\n- [freepbx-default-login] FreePBX - Default Admin Credentials (@0x_Akoko) [high]\r\n- [graylog-default-login] Graylog - Default Login (@0x_Akoko, @0xBassia) [high]\r\n- [grocy-default-login] Grocy - Default Admin Credentials (@0x_Akoko) [high]\r\n- [mirth-connect-default-login] Mirth Connect - Default Admin Credentials (@0x_Akoko) [high]\r\n- [netbox-default-login] NetBox - Default Admin Credentials (@0x_Akoko) [high]\r\n- [owncast-default-login] Owncast - Default Credentials (@0x_Akoko) [high]\r\n- [superset-default-login] Apache Superset - Default Login (@theamanrawat) [high]\r\n- [activepieces-panel] Activepieces Panel - Detect (@rxerium) [info]\r\n- [agentgpt-panel] AgentGPT Panel - Detect (@rxerium) [info]\r\n- [anythingllm-panel] AnythingLLM Panel - Detect (@rxerium) [info]\r\n- [astrbot-panel-detect] AstrBot WebUI Login Panel - Detect (@theamanrawat) [info]\r\n- [clearml-panel] ClearML Panel - Detect (@rxerium) [info]\r\n- [cvat-panel] CVAT Computer Vision Annotation Tool - Detect (@rxerium) [info]\r\n- [devtron-panel] Devtron Panel Login Panel - Detect (@johnk3r) [info]\r\n- [easydiffusion-panel] Easy Diffusion Panel - Detect (@rxerium) [info]\r\n- [flowise-panel] Flowise Panel - Detect (@rxerium) [info]\r\n- [h2o-wave-panel] H2O Wave ML Application Server - Detect (@rxerium) [info]\r\n- [koboldai-panel] KoboldAI Panel - Detect (@rxerium) [info]\r\n- [openclaw-control-detect] OpenClaw Control - Detect (@pbuff07) [info]\r\n- [openhands-panel] OpenHands Panel - Detect (@rxerium) [info]\r\n- [showdoc-panel] ShowDoc Panel Detection (@rxerium) [info]\r\n- [sillytavern-panel] SillyTavern Panel - Detect (@rxerium) [info]\r\n- [superagi-panel] SuperAGI Panel - Detect (@rxerium) [info]\r\n- [devtron-env-config-js] Devtron JavaScript Environment Configuration - Exposure (@johnk3r) [low]\r\n- [argo-workflows-unauth] Argo Workflows - Unauthenticated Dashboard (@0xBassia) [high]\r\n- [baget-exposure] BaGet - Exposure (@DhiyaneshDk) [medium]\r\n- [blockchain-rpc-debug-exposure] Blockchain RPC Debug Trace Methods - Exposure (@0xBassia) [medium]\r\n- [blockchain-rpc-txpool-exposed] Blockchain RPC - txpool_content Exposed (@0xBassia) [high]\r\n- [dbgate-anonymous-access] DbGate Anonymous Access - Detection (@benharvey-sage) [high]\r\n- [glitchtip-public-signup] Gitea Public Registration Enabled (@DhiyaneshDk) [medium]\r\n- [heimdall-dashboard-exposure] Heimdall Application Dashboard - Unauthenticated Access (@0x_Akoko) [medium]\r\n- [3cx-installer] 3CX Phone System - Installer Page Exposure (@DhiyaneshDk) [high]\r\n- [azuracast-installer] AzuraCast - Unfinished Installation (@DhiyaneshDk) [high]\r\n- [freescout-installer] FreeScout Installer Exposure (@DhiyaneshDk) [high]\r\n- [icinga-installer] Icinga Web 2 Installer Exposure (@pussycat0x) [high]\r\n- [leantime-install-page-exposed] Leantime - Unfinished Installation (@0x_Akoko) [high]\r\n- [modx-installer] ModX CMS - Unfinished Installation (@DhiyaneshDk) [high]\r\n- [revive-adserver-installer] Revive Adserver - Exposed Installer (@DhiyaneshDk) [high]\r\n- [node-red-unauth] Node-RED - Unauthenticated Access (@0xBassia) [high]\r\n- [opentext-filr-guest-access] OpenText Filr - Guest Access Enabled (@pussycat0x) [medium]\r\n- [photoprism-unauth-exposure] PhotoPrism - Unauthenticated Exposure (@pussycat0x) [high]\r\n- [piwik-unauthenticated-access] Piwik/Matomo - Unauthenticated Access (@0x_Akoko) [high]\r\n- [sabnzbd-unauth-access] SABnzbd - Unauthenticated Web Interface Access (@0x_Akoko) [high]\r\n- [weak-hsts-detect] Weak HTTP Strict-Transport-Security - Detect (@saint_orion) [info]\r\n- [apache-sling-detect] Apache Sling - Detect (@icarot) [info]\r\n- [chromadb-detect] ChromaDB Vector Database - Detect (@rxerium) [info]\r\n- [langflow-detect] Langflow - Detect (@rxerium) [info]\r\n- [llamacpp-detect] llama.cpp - Detect (@rxerium) [info]\r\n- [marqo-detect] Marqo Vector Search Engine - Detect (@rxerium) [info]\r\n- [nicegui-detect] NiceGUI Detection (@theamanrawat) [info]\r\n- [sdwebui-detect] Stable Diffusion WebUI - Detect (@rxerium) [info]\r\n- [weights-biases-detect] Weights & Biases - Detect (@rxerium) [info]\r\n- [xinference-detect] Xinference - Detect (@rxerium) [info]\r\n- [chanjet-crm-sqli] Chanjet CRM - SQL Injection (@luckying1314@139.com) [high]\r\n- [magento-polyshell-rce] Magento PolyShell – Unauthenticated File Upload to RCE (@slcyber, @DhiyaneshDk) [critical]\r\n- [marimo-proxy-abuse] Marimo > 0.9.20 - Proxy Abuse (@ritikchaddha) [medium]\r\n- [zqnb-educationcloud-exposure] ZhongQing Education Cloud Platform - Information Exposure (@ritikchaddha) [high]\r\n\r\n## New Contributors\r\n* @maciejklimek made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/15752\r\n* @yaaras made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/14654\r\n* @Vijay-Kishore-A made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/15778\r\n* @0xBassia made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/15613\r\n* @Outs1d3r-Net made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/15784\r\n* @iacker made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/15845\r\n* @w3nq14 made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/15723\r\n* @9r0v3r made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/15372\r\n* @neosmith1 made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/15874\r\n* @ef3tr made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/15883\r\n* @0xb120 made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/15840\r\n* @mrperfectkarak-svg made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/15891\r\n* @hothersj made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/15804\r\n* @jyoti369 made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/15884\r\n* @benharvey-sage made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/15892\r\n\r\n**Full Changelog**: https://github.com/projectdiscovery/nuclei-templates/compare/v10.4.1...v10.4.2","reactions":{"url":"https://api.github.com/repos/projectdiscovery/nuclei-templates/releases/309378709/reactions","total_count":1,"+1":1,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"mentions_count":31}