[FALSE-NEGATIVE] Multiple regex-based templates triggering false positives on valid CSS

[kankburhan]

Template IDs or paths

- network/cves/2022/CVE-2022-0543.yaml
- network/cves/2011/CVE-2011-2523.yaml
- http/fuzzing/linux-lfi-fuzzing.yaml
- http/fuzzing/header-command-injection.yaml
- http/misconfiguration/d-link-arbitary-fileread.yaml
- http/misconfiguration/mapproxy-file-read.yaml
- http/misconfiguration/root-path-disclosure.yaml
- http/iot/targa-camera-lfi.yaml
- http/cnvd/2023/CNVD-2023-03903.yaml
- http/cnvd/2019/CNVD-2019-32204.yaml
- http/cnvd/2021/CNVD-2021-28277.yaml
- http/cnvd/2021/CNVD-2021-26422.yaml
- http/cnvd/2021/CNVD-2021-41972.yaml
- http/cnvd/2021/CNVD-2021-64035.yaml
- http/cnvd/2021/CNVD-2021-15822.yaml
- http/cnvd/2021/CNVD-2021-43984.yaml
- http/vulnerabilities/huawei/huawei-authhttp-lfi.yaml
- http/vulnerabilities/yonyou/yonyou-yonbip-lfi.yaml
- http/vulnerabilities/oscommerce/oscommerce-rce.yaml
- http/vulnerabilities/wordpress/wp-simple-fields-lfi.yaml
- http/vulnerabilities/wordpress/wp-tutor-lfi.yaml
- http/vulnerabilities/wordpress/wp-vault-lfi.yaml
- http/vulnerabilities/wordpress/wp-social-warfare-rce.yaml
- http/vulnerabilities/wordpress/wordpress-wordfence-lfi.yaml
- http/vulnerabilities/wordpress/health-check-lfi.yaml
- http/vulnerabilities/wordpress/wp-sym404.yaml
- http/vulnerabilities/backdoor/jexboss-backdoor.yaml
- http/vulnerabilities/oracle/oracle-ebs-bispgraph-file-access.yaml
- http/vulnerabilities/other/epp-server-lfi.yaml
- http/vulnerabilities/other/huijietong-cloud-fileread.yaml
- http/vulnerabilities/other/interlib-fileread.yaml
- http/vulnerabilities/other/seowon-router-rce.yaml
- http/vulnerabilities/other/webp-server-lfi.yaml
- http/vulnerabilities/other/acti-video-lfi.yaml
- http/vulnerabilities/other/mockoon-lfi.yaml
- http/vulnerabilities/other/bullwark-momentum-lfi.yaml
- http/vulnerabilities/other/yishaadmin-lfi.yaml
- http/vulnerabilities/other/elFinder-path-traversal.yaml
- http/vulnerabilities/other/carel-bacnet-gateway-traversal.yaml
- http/vulnerabilities/other/hasura-graphql-psql-exec.yaml
- http/vulnerabilities/other/hongfan-ioffice-rce.yaml
- http/vulnerabilities/other/dss-download-fileread.yaml
- http/vulnerabilities/other/avcon6-execl-lfi.yaml
- http/vulnerabilities/other/eyelock-nano-lfd.yaml
- http/vulnerabilities/other/inspur-clusterengine-rce.yaml
- http/vulnerabilities/other/laravel-filemanager-lfi.yaml
- http/vulnerabilities/other/lokomedia-cms-lfi.yaml
- http/vulnerabilities/other/yapi-rce.yaml
- http/vulnerabilities/other/panmicro-arbitrary-file-read.yaml
- http/vulnerabilities/other/cpas-managment-lfi.yaml
- http/vulnerabilities/other/array-vpn-lfi.yaml
- http/vulnerabilities/other/alibaba-anyproxy-lfi.yaml
- http/vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml
- http/vulnerabilities/other/wisegiga-nas-lfi.yaml
- http/vulnerabilities/other/hiboss-rce.yaml
- http/vulnerabilities/other/pdf-signer-ssti-to-rce.yaml
- http/vulnerabilities/other/pmb-directory-traversal.yaml
- http/vulnerabilities/other/crawlab-lfi.yaml
- http/vulnerabilities/other/ups-network-lfi.yaml
- http/vulnerabilities/other/ncast-lfi.yaml
- http/vulnerabilities/other/mpsec-lfi.yaml
- http/vulnerabilities/other/voyager-lfi.yaml
- http/vulnerabilities/other/bems-api-lfi.yaml
- http/vulnerabilities/other/sonicwall-sslvpn-shellshock.yaml
- http/vulnerabilities/other/sharp-printers-lfi.yaml
- http/vulnerabilities/other/tamronos-rce.yaml
- http/vulnerabilities/other/processmaker-lfi.yaml
- http/vulnerabilities/other/avcon6-lfi.yaml
- http/vulnerabilities/other/fastbee-arbitrary-file-read.yaml
- http/vulnerabilities/other/hjtcloud-arbitrary-file-read.yaml
- http/vulnerabilities/other/pmb-local-file-disclosure.yaml
- http/vulnerabilities/other/ns-asg-file-read.yaml
- http/vulnerabilities/other/cs-cart-unauthenticated-lfi.yaml
- http/vulnerabilities/other/goip-1-lfi.yaml
- http/vulnerabilities/other/beward-ipcamera-disclosure.yaml
- http/vulnerabilities/other/oracle-fatwire-lfi.yaml
- http/vulnerabilities/other/huawei-hg659-lfi.yaml
- http/vulnerabilities/other/flir-path-traversal.yaml
- http/vulnerabilities/other/kodak-network-lfi.yaml
- http/vulnerabilities/other/sanhui-smg-file-read.yaml
- http/vulnerabilities/other/xerox-efi-lfi.yaml
- http/vulnerabilities/other/sangfor-download-lfi.yaml
- http/vulnerabilities/other/kingsoft-vgm-lfi.yaml
- http/vulnerabilities/other/h3c-imc-rce.yaml
- http/vulnerabilities/other/ecsimagingpacs-rce.yaml
- http/vulnerabilities/other/myucms-lfr.yaml
- http/vulnerabilities/other/hanming-lfr.yaml
- http/vulnerabilities/other/netpower-npfw-lfi.yaml
- http/vulnerabilities/other/taiwanese-travel-lfi.yaml
- http/vulnerabilities/other/jeewms-lfi.yaml
- http/vulnerabilities/other/qi-anxin-netkang-next-generation-firewall-rce.yaml
- http/vulnerabilities/other/magicflow-lfi.yaml
- http/vulnerabilities/other/nsfocus-lfi.yaml
- http/vulnerabilities/samsung/samsung-wlan-ap-lfi.yaml
- http/vulnerabilities/samsung/samsung-wlan-ap-rce.yaml
- http/vulnerabilities/jolokia/jolokia-file-read-compilerdirectivesadd.yaml
- http/vulnerabilities/ibm/ibm-infoprint-lfi.yaml
- http/vulnerabilities/gradio/gradio-lfi.yaml
- http/vulnerabilities/weaver/weaver-ebridge-lfi.yaml
- http/vulnerabilities/gitea/gitea-rce.yaml
- http/vulnerabilities/ruijie/ruijie-eg-rce.yaml
- http/vulnerabilities/nuxt/nuxt-js-lfi.yaml
- http/vulnerabilities/hcm/hcm-cloud-lfi.yaml
- http/vulnerabilities/generic/generic-linux-lfi.yaml
- http/vulnerabilities/zyxel/unauth-lfd-zhttpd.yaml
- http/vulnerabilities/totolink-boaform-rce.yaml
- http/vulnerabilities/sangfor/sangfor-edr-rce.yaml
- http/vulnerabilities/apache/apache-solr-file-read.yaml
- http/vulnerabilities/dahua/dahua-wpms-lfi.yaml
- http/vulnerabilities/vmware/vmware-vcenter-lfi-linux.yaml
- http/cves/2013/CVE-2013-5528.yaml
- http/cves/2013/CVE-2013-5979.yaml
- http/cves/2013/CVE-2013-7091.yaml
- http/cves/2013/CVE-2013-1965.yaml
- http/cves/2014/CVE-2014-5187.yaml
- http/cves/2014/CVE-2014-6271.yaml
- http/cves/2014/CVE-2014-3120.yaml
- http/cves/2014/CVE-2014-9609.yaml
- http/cves/2014/CVE-2014-1203.yaml
- http/cves/2014/CVE-2014-6308.yaml
- http/cves/2014/CVE-2014-5181.yaml
- http/cves/2014/CVE-2014-10037.yaml
- http/cves/2014/CVE-2014-2962.yaml
- http/cves/2014/CVE-2014-5111.yaml
- http/cves/2014/CVE-2014-4940.yaml
- http/cves/2014/CVE-2014-5258.yaml
- http/cves/2014/CVE-2014-2323.yaml
- http/cves/2014/CVE-2014-4577.yaml
- http/cves/2014/CVE-2014-4941.yaml
- http/cves/2014/CVE-2014-3744.yaml
- http/cves/2022/CVE-2022-31474.yaml
- http/cves/2022/CVE-2022-24816.yaml
- http/cves/2022/CVE-2022-4063.yaml
- http/cves/2022/CVE-2022-37190.yaml
- http/cves/2022/CVE-2022-33901.yaml
- http/cves/2022/CVE-2022-28117.yaml
- http/cves/2022/CVE-2022-31137.yaml
- http/cves/2022/CVE-2022-40881.yaml
- http/cves/2022/CVE-2022-4140.yaml
- http/cves/2022/CVE-2022-29014.yaml
- http/cves/2022/CVE-2022-36553.yaml
- http/cves/2022/CVE-2022-35914.yaml
- http/cves/2022/CVE-2022-47501.yaml
- http/cves/2022/CVE-2022-29298.yaml
- http/cves/2022/CVE-2022-24900.yaml
- http/cves/2022/CVE-2022-0679.yaml
- http/cves/2022/CVE-2022-41840.yaml
- http/cves/2022/CVE-2022-24716.yaml
- http/cves/2022/CVE-2022-2414.yaml
- http/cves/2022/CVE-2022-26960.yaml
- http/cves/2022/CVE-2022-2863.yaml
- http/cves/2022/CVE-2022-25497.yaml
- http/cves/2022/CVE-2022-27043.yaml
- http/cves/2022/CVE-2022-47615.yaml
- http/cves/2022/CVE-2022-4060.yaml
- http/cves/2025/CVE-2025-2539.yaml
- http/cves/2025/CVE-2025-31131.yaml
- http/cves/2025/CVE-2025-29306.yaml
- http/cves/2025/CVE-2025-2294.yaml
- http/cves/2025/CVE-2025-1743.yaml
- http/cves/2025/CVE-2025-30208.yaml
- http/cves/2025/CVE-2025-34031.yaml
- http/cves/2025/CVE-2025-3248.yaml
- http/cves/2025/CVE-2025-1035.yaml
- http/cves/2025/CVE-2025-46822.yaml
- http/cves/2025/CVE-2025-44177.yaml
- http/cves/2024/CVE-2024-45388.yaml
- http/cves/2024/CVE-2024-40348.yaml
- http/cves/2024/CVE-2024-2928.yaml
- http/cves/2024/CVE-2024-38816.yaml
- http/cves/2024/CVE-2024-4956.yaml
- http/cves/2024/CVE-2024-7340.yaml
- http/cves/2024/CVE-2024-10516.yaml
- http/cves/2024/CVE-2024-41667.yaml
- http/cves/2024/CVE-2024-9935.yaml
- http/cves/2024/CVE-2024-12209.yaml
- http/cves/2024/CVE-2024-1728.yaml
- http/cves/2024/CVE-2024-23334.yaml
- http/cves/2024/CVE-2024-0986.yaml
- http/cves/2024/CVE-2024-36527.yaml
- http/cves/2024/CVE-2024-1483.yaml
- http/cves/2024/CVE-2024-12849.yaml
- http/cves/2024/CVE-2024-9047.yaml
- http/cves/2024/CVE-2024-55550.yaml
- http/cves/2024/CVE-2024-55415.yaml
- http/cves/2024/CVE-2024-39903.yaml
- http/cves/2024/CVE-2024-6893.yaml
- http/cves/2024/CVE-2024-28995.yaml
- http/cves/2024/CVE-2024-27292.yaml
- http/cves/2024/CVE-2024-55457.yaml
- http/cves/2024/CVE-2024-48766.yaml
- http/cves/2024/CVE-2024-5334.yaml
- http/cves/2024/CVE-2024-50603.yaml
- http/cves/2024/CVE-2024-3848.yaml
- http/cves/2024/CVE-2024-3673.yaml
- http/cves/2024/CVE-2024-8859.yaml
- http/cves/2024/CVE-2024-40422.yaml
- http/cves/2024/CVE-2024-11303.yaml
- http/cves/2024/CVE-2024-6781.yaml
- http/cves/2024/CVE-2024-34470.yaml
- http/cves/2024/CVE-2024-30188.yaml
- http/cves/2024/CVE-2024-7954.yaml
- http/cves/2024/CVE-2024-27564.yaml
- http/cves/2024/CVE-2024-5827.yaml
- http/cves/2024/CVE-2024-5082.yaml
- http/cves/2024/CVE-2024-24565.yaml
- http/cves/2024/CVE-2024-2053.yaml
- http/cves/2024/CVE-2024-12987.yaml
- http/cves/2024/CVE-2024-45309.yaml
- http/cves/2024/CVE-2024-27954.yaml
- http/cves/2024/CVE-2024-41628.yaml
- http/cves/2024/CVE-2024-1561.yaml
- http/cves/2023/CVE-2023-6023.yaml
- http/cves/2023/CVE-2023-34960.yaml
- http/cves/2023/CVE-2023-6977.yaml
- http/cves/2023/CVE-2023-39108.yaml
- http/cves/2023/CVE-2023-42344.yaml
- http/cves/2023/CVE-2023-22047.yaml
- http/cves/2023/CVE-2023-6038.yaml
- http/cves/2023/CVE-2023-2780.yaml
- http/cves/2023/CVE-2023-39109.yaml
- http/cves/2023/CVE-2023-26360.yaml
- http/cves/2023/CVE-2023-36845.yaml
- http/cves/2023/CVE-2023-6623.yaml
- http/cves/2023/CVE-2023-52085.yaml
- http/cves/2023/CVE-2023-48777.yaml
- http/cves/2023/CVE-2023-41599.yaml
- http/cves/2023/CVE-2023-39141.yaml
- http/cves/2023/CVE-2023-38879.yaml
- http/cves/2023/CVE-2023-6909.yaml
- http/cves/2023/CVE-2023-51449.yaml
- http/cves/2023/CVE-2023-6021.yaml
- http/cves/2023/CVE-2023-39110.yaml
- http/cves/2023/CVE-2023-33510.yaml
- http/cves/2023/CVE-2023-5991.yaml
- http/cves/2023/CVE-2023-1177.yaml
- http/cves/2023/CVE-2023-6020.yaml
- http/cves/2015/CVE-2015-2166.yaml
- http/cves/2015/CVE-2015-1000012.yaml
- http/cves/2015/CVE-2015-3648.yaml
- http/cves/2015/CVE-2015-9480.yaml
- http/cves/2015/CVE-2015-3897.yaml
- http/cves/2015/CVE-2015-3337.yaml
- http/cves/2015/CVE-2015-5688.yaml
- http/cves/2015/CVE-2015-4632.yaml
- http/cves/2015/CVE-2015-1427.yaml
- http/cves/2015/CVE-2015-2067.yaml
- http/cves/2015/CVE-2015-7245.yaml
- http/cves/2015/CVE-2015-4414.yaml
- http/cves/2012/CVE-2012-0392.yaml
- http/cves/2012/CVE-2012-0896.yaml
- http/cves/2012/CVE-2012-4253.yaml
- http/cves/2012/CVE-2012-1226.yaml
- http/cves/2012/CVE-2012-4878.yaml
- http/cves/2012/CVE-2012-0991.yaml
- http/cves/2012/CVE-2012-0996.yaml
- http/cves/2012/CVE-2012-0981.yaml
- http/cves/2008/CVE-2008-4668.yaml
- http/cves/2008/CVE-2008-6080.yaml
- http/cves/2008/CVE-2008-6668.yaml
- http/cves/2008/CVE-2008-2650.yaml
- http/cves/2008/CVE-2008-6222.yaml
- http/cves/2008/CVE-2008-4764.yaml
- http/cves/2008/CVE-2008-6172.yaml
- http/cves/2007/CVE-2007-4504.yaml
- http/cves/2007/CVE-2007-4556.yaml
- http/cves/2009/CVE-2009-0932.yaml
- http/cves/2009/CVE-2009-0545.yaml
- http/cves/2009/CVE-2009-4679.yaml
- http/cves/2009/CVE-2009-4202.yaml
- http/cves/2009/CVE-2009-3318.yaml
- http/cves/2009/CVE-2009-1558.yaml
- http/cves/2009/CVE-2009-1151.yaml
- http/cves/2009/CVE-2009-2100.yaml
- http/cves/2009/CVE-2009-3053.yaml
- http/cves/2009/CVE-2009-5114.yaml
- http/cves/2009/CVE-2009-1496.yaml
- http/cves/2009/CVE-2009-2015.yaml
- http/cves/2017/CVE-2017-12611.yaml
- http/cves/2017/CVE-2017-14537.yaml
- http/cves/2017/CVE-2017-14849.yaml
- http/cves/2017/CVE-2017-5638.yaml
- http/cves/2017/CVE-2017-9416.yaml
- http/cves/2017/CVE-2017-12615.yaml
- http/cves/2017/CVE-2017-16877.yaml
- http/cves/2017/CVE-2017-14535.yaml
- http/cves/2017/CVE-2017-15647.yaml
- http/cves/2017/CVE-2017-1000028.yaml
- http/cves/2017/CVE-2017-16806.yaml
- http/cves/2017/CVE-2017-1000029.yaml
- http/cves/2010/CVE-2010-1495.yaml
- http/cves/2010/CVE-2010-1354.yaml
- http/cves/2010/CVE-2010-2128.yaml
- http/cves/2010/CVE-2010-5028.yaml
- http/cves/2010/CVE-2010-1657.yaml
- http/cves/2010/CVE-2010-1315.yaml
- http/cves/2010/CVE-2010-1952.yaml
- http/cves/2010/CVE-2010-2036.yaml
- http/cves/2010/CVE-2010-1476.yaml
- http/cves/2010/CVE-2010-1533.yaml
- http/cves/2010/CVE-2010-3426.yaml
- http/cves/2010/CVE-2010-0972.yaml
- http/cves/2010/CVE-2010-2918.yaml
- http/cves/2010/CVE-2010-1461.yaml
- http/cves/2010/CVE-2010-1532.yaml
- http/cves/2010/CVE-2010-2037.yaml
- http/cves/2010/CVE-2010-1953.yaml
- http/cves/2010/CVE-2010-5286.yaml
- http/cves/2010/CVE-2010-1601.yaml
- http/cves/2010/CVE-2010-1314.yaml
- http/cves/2010/CVE-2010-0944.yaml
- http/cves/2010/CVE-2010-1302.yaml
- http/cves/2010/CVE-2010-1494.yaml
- http/cves/2010/CVE-2010-1470.yaml
- http/cves/2010/CVE-2010-1535.yaml
- http/cves/2010/CVE-2010-2122.yaml
- http/cves/2010/CVE-2010-1718.yaml
- http/cves/2010/CVE-2010-0467.yaml
- http/cves/2010/CVE-2010-4977.yaml
- http/cves/2010/CVE-2010-1722.yaml
- http/cves/2010/CVE-2010-1305.yaml
- http/cves/2010/CVE-2010-1217.yaml
- http/cves/2010/CVE-2010-1352.yaml
- http/cves/2010/CVE-2010-1981.yaml
- http/cves/2010/CVE-2010-0943.yaml
- http/cves/2010/CVE-2010-1714.yaml
- http/cves/2010/CVE-2010-1313.yaml
- http/cves/2010/CVE-2010-2682.yaml
- http/cves/2010/CVE-2010-1954.yaml
- http/cves/2010/CVE-2010-1056.yaml
- http/cves/2010/CVE-2010-1955.yaml
- http/cves/2010/CVE-2010-2857.yaml
- http/cves/2010/CVE-2010-2050.yaml
- http/cves/2010/CVE-2010-1607.yaml
- http/cves/2010/CVE-2010-1312.yaml
- http/cves/2010/CVE-2010-0942.yaml
- http/cves/2010/CVE-2010-1345.yaml
- http/cves/2010/CVE-2010-1715.yaml
- http/cves/2010/CVE-2010-1980.yaml
- http/cves/2010/CVE-2010-1353.yaml
- http/cves/2010/CVE-2010-1979.yaml
- http/cves/2010/CVE-2010-1304.yaml
- http/cves/2010/CVE-2010-1723.yaml
- http/cves/2010/CVE-2010-0759.yaml
- http/cves/2010/CVE-2010-1719.yaml
- http/cves/2010/CVE-2010-1471.yaml
- http/cves/2010/CVE-2010-1534.yaml
- http/cves/2010/CVE-2010-1308.yaml
- http/cves/2010/CVE-2010-4719.yaml
- http/cves/2010/CVE-2010-1219.yaml
- http/cves/2010/CVE-2010-1472.yaml
- http/cves/2010/CVE-2010-2045.yaml
- http/cves/2010/CVE-2010-1956.yaml
- http/cves/2010/CVE-2010-1540.yaml
- http/cves/2010/CVE-2010-2507.yaml
- http/cves/2010/CVE-2010-0982.yaml
- http/cves/2010/CVE-2010-2680.yaml
- http/cves/2010/CVE-2010-1653.yaml
- http/cves/2010/CVE-2010-4282.yaml
- http/cves/2010/CVE-2010-1983.yaml
- http/cves/2010/CVE-2010-1307.yaml
- http/cves/2010/CVE-2010-1491.yaml
- http/cves/2010/CVE-2010-1306.yaml
- http/cves/2010/CVE-2010-1081.yaml
- http/cves/2010/CVE-2010-1982.yaml
- http/cves/2010/CVE-2010-1717.yaml
- http/cves/2010/CVE-2010-1469.yaml
- http/cves/2010/CVE-2010-1957.yaml
- http/cves/2010/CVE-2010-2033.yaml
- http/cves/2010/CVE-2010-1473.yaml
- http/cves/2010/CVE-2010-1977.yaml
- http/cves/2010/CVE-2010-4617.yaml
- http/cves/2010/CVE-2010-1602.yaml
- http/cves/2010/CVE-2010-1878.yaml
- http/cves/2010/CVE-2010-2307.yaml
- http/cves/2010/CVE-2010-1340.yaml
- http/cves/2010/CVE-2010-1478.yaml
- http/cves/2010/CVE-2010-1858.yaml
- http/cves/2010/CVE-2010-1659.yaml
- http/cves/2010/CVE-2010-1531.yaml
- http/cves/2010/CVE-2010-1474.yaml
- http/cves/2010/CVE-2010-2034.yaml
- http/cves/2010/CVE-2010-2035.yaml
- http/cves/2010/CVE-2010-2259.yaml
- http/cves/2010/CVE-2010-1475.yaml
- http/cves/2010/CVE-2010-1658.yaml
- http/cves/2010/CVE-2010-2920.yaml
- http/cves/2010/CVE-2010-1875.yaml
- http/cves/2010/CVE-2010-4231.yaml
- http/cves/2010/CVE-2010-4769.yaml
- http/cves/2010/CVE-2010-0696.yaml
- http/cves/2010/CVE-2010-0157.yaml
- http/cves/2010/CVE-2010-1603.yaml
- http/cves/2010/CVE-2010-0985.yaml
- http/cves/2010/CVE-2010-3203.yaml
- http/cves/2019/CVE-2019-8982.yaml
- http/cves/2019/CVE-2019-9757.yaml
- http/cves/2019/CVE-2019-17538.yaml
- http/cves/2019/CVE-2019-14251.yaml
- http/cves/2019/CVE-2019-7315.yaml
- http/cves/2019/CVE-2019-11510.yaml
- http/cves/2019/CVE-2019-9726.yaml
- http/cves/2019/CVE-2019-14312.yaml
- http/cves/2019/CVE-2019-7256.yaml
- http/cves/2019/CVE-2019-9618.yaml
- http/cves/2019/CVE-2019-3799.yaml
- http/cves/2019/CVE-2019-17270.yaml
- http/cves/2019/CVE-2019-18371.yaml
- http/cves/2019/CVE-2019-7254.yaml
- http/cves/2019/CVE-2019-13396.yaml
- http/cves/2019/CVE-2019-5418.yaml
- http/cves/2019/CVE-2019-19411.yaml
- http/cves/2019/CVE-2019-16662.yaml
- http/cves/2019/CVE-2019-12725.yaml
- http/cves/2019/CVE-2019-7238.yaml
- http/cves/2019/CVE-2019-12314.yaml
- http/cves/2019/CVE-2019-15107.yaml
- http/cves/2019/CVE-2019-12276.yaml
- http/cves/2019/CVE-2019-16278.yaml
- http/cves/2019/CVE-2019-9670.yaml
- http/cves/2019/CVE-2019-16920.yaml
- http/cves/2021/CVE-2021-45043.yaml
- http/cves/2021/CVE-2021-42071.yaml
- http/cves/2021/CVE-2021-29006.yaml
- http/cves/2021/CVE-2021-20123.yaml
- http/cves/2021/CVE-2021-43495.yaml
- http/cves/2021/CVE-2021-40651.yaml
- http/cves/2021/CVE-2021-40978.yaml
- http/cves/2021/CVE-2021-23241.yaml
- http/cves/2021/CVE-2021-20124.yaml
- http/cves/2021/CVE-2021-33564.yaml
- http/cves/2021/CVE-2021-41749.yaml
- http/cves/2021/CVE-2021-41773.yaml
- http/cves/2021/CVE-2021-32820.yaml
- http/cves/2021/CVE-2021-3223.yaml
- http/cves/2021/CVE-2021-43778.yaml
- http/cves/2021/CVE-2021-28918.yaml
- http/cves/2021/CVE-2021-41293.yaml
- http/cves/2021/CVE-2021-46107.yaml
- http/cves/2021/CVE-2021-28149.yaml
- http/cves/2021/CVE-2021-25864.yaml
- http/cves/2021/CVE-2021-43831.yaml
- http/cves/2021/CVE-2021-43734.yaml
- http/cves/2021/CVE-2021-21234.yaml
- http/cves/2021/CVE-2021-25646.yaml
- http/cves/2021/CVE-2021-41291.yaml
- http/cves/2021/CVE-2021-39433.yaml
- http/cves/2021/CVE-2021-31805.yaml
- http/cves/2021/CVE-2021-36749.yaml
- http/cves/2021/CVE-2021-43496.yaml
- http/cves/2021/CVE-2021-46381.yaml
- http/cves/2021/CVE-2021-46417.yaml
- http/cves/2021/CVE-2021-28377.yaml
- http/cves/2021/CVE-2021-39316.yaml
- http/cves/2021/CVE-2021-40960.yaml
- http/cves/2021/CVE-2021-43287.yaml
- http/cves/2021/CVE-2021-42013.yaml
- http/cves/2020/CVE-2020-24579.yaml
- http/cves/2020/CVE-2020-11991.yaml
- http/cves/2020/CVE-2020-13851.yaml
- http/cves/2020/CVE-2020-8209.yaml
- http/cves/2020/CVE-2020-35580.yaml
- http/cves/2020/CVE-2020-5410.yaml
- http/cves/2020/CVE-2020-5902.yaml
- http/cves/2020/CVE-2020-27191.yaml
- http/cves/2020/CVE-2020-14864.yaml
- http/cves/2020/CVE-2020-15920.yaml
- http/cves/2020/CVE-2020-8193.yaml
- http/cves/2020/CVE-2020-9054.yaml
- http/cves/2020/CVE-2020-24285.yaml
- http/cves/2020/CVE-2020-17530.yaml
- http/cves/2020/CVE-2020-11738.yaml
- http/cves/2020/CVE-2020-21224.yaml
- http/cves/2020/CVE-2020-17496.yaml
- http/cves/2020/CVE-2020-23575.yaml
- http/cves/2020/CVE-2020-7209.yaml
- http/cves/2020/CVE-2020-11798.yaml
- http/cves/2020/CVE-2020-8515.yaml
- http/cves/2020/CVE-2020-29227.yaml
- http/cves/2020/CVE-2020-5405.yaml
- http/cves/2020/CVE-2020-17519.yaml
- http/cves/2020/CVE-2020-25540.yaml
- http/cves/2020/CVE-2020-26073.yaml
- http/cves/2020/CVE-2020-29390.yaml
- http/cves/2020/CVE-2020-11455.yaml
- http/cves/2020/CVE-2020-35736.yaml
- http/cves/2020/CVE-2020-13886.yaml
- http/cves/2020/CVE-2020-8163.yaml
- http/cves/2020/CVE-2020-15568.yaml
- http/cves/2020/CVE-2020-35598.yaml
- http/cves/2020/CVE-2020-8641.yaml
- http/cves/2018/CVE-2018-12031.yaml
- http/cves/2018/CVE-2018-8033.yaml
- http/cves/2018/CVE-2018-18778.yaml
- http/cves/2018/CVE-2018-9205.yaml
- http/cves/2018/CVE-2018-1273.yaml
- http/cves/2018/CVE-2018-3760.yaml
- http/cves/2018/CVE-2018-19365.yaml
- http/cves/2018/CVE-2018-12909.yaml
- http/cves/2018/CVE-2018-7600.yaml
- http/cves/2018/CVE-2018-16059.yaml
- http/cves/2018/CVE-2018-13980.yaml
- http/cves/2018/CVE-2018-12054.yaml
- http/cves/2018/CVE-2018-19458.yaml
- http/cves/2018/CVE-2018-12613.yaml
- http/cves/2018/CVE-2018-14728.yaml
- http/cves/2018/CVE-2018-10823.yaml
- http/cves/2018/CVE-2018-16299.yaml
- http/cves/2018/CVE-2018-16763.yaml
- http/cves/2018/CVE-2018-10822.yaml
- http/cves/2018/CVE-2018-6008.yaml
- http/cves/2018/CVE-2018-7422.yaml
- http/cves/2018/CVE-2018-16283.yaml
- http/cves/2018/CVE-2018-11776.yaml
- http/cves/2018/CVE-2018-16288.yaml
- http/cves/2018/CVE-2018-3714.yaml
- http/cves/2018/CVE-2018-16836.yaml
- http/cves/2018/CVE-2018-10956.yaml
- http/cves/2018/CVE-2018-19326.yaml
- http/cves/2018/CVE-2018-18777.yaml
- http/cves/2018/CVE-2018-14918.yaml
- http/cves/2018/CVE-2018-6184.yaml
- http/cves/2018/CVE-2018-15535.yaml
- http/cves/2018/CVE-2018-7490.yaml
- http/cves/2011/CVE-2011-4804.yaml
- http/cves/2011/CVE-2011-3315.yaml
- http/cves/2011/CVE-2011-2744.yaml
- http/cves/2011/CVE-2011-2780.yaml
- http/cves/2011/CVE-2011-4640.yaml
- http/cves/2011/CVE-2011-0049.yaml
- http/cves/2011/CVE-2011-1669.yaml
- http/cves/2016/CVE-2016-10956.yaml
- http/cves/2016/CVE-2016-6277.yaml
- http/cves/2016/CVE-2016-3081.yaml
- http/cves/2016/CVE-2016-2389.yaml
- dast/vulnerabilities/cmdi/python-code-injection.yaml
- dast/vulnerabilities/lfi/linux-lfi-fuzz.yaml
- javascript/backdoor/proftpd-backdoor.yaml
- javascript/misconfiguration/pgsql/pgsql-extensions-rce.yaml


### Current matcher:

regex:
  - "root:.*:0:0:"


Issue:
This regex incorrectly matches CSS selectors like:

.root::before {
  content: "";
}


...due to .* being overly greedy and matching through pseudo-element ::.

Suggested Fix:
Replace with a stricter line-anchored pattern:


regex:
  - "^root:[^:]*:0:0:"

or

regex:
  - "^root:[^:]*:0:0:[^:]*:[^:]*:[^:]*$"

Environment

- OS: MacOS Sequoia
- Nuclei: v3.4.10
- Go: go1.24.1 darwin/arm64

Steps To Reproduce

1. create css like this and serve using python or anything

.root::before {
  content: "";
  position: absolute;
}

2. nuclei -t {anything with type RCE}.yaml -target http://127.0.0.1/test.css
3. Observe that a match is triggered on the CSS file even though this is not an exposed /etc/passwd.

Relevant dumped responses

HTTP/1.1 200 OK
Content-Type: text/css

.root::before {
  content:"";
  position:absolute;
  top:-2px;
  bottom:-2px;
  right:-4px;
  left:-4px;
}

Anything else?

No response

[kankburhan]

real case:

[princechaddha]

Hi @kankburhan, thank you for taking the time to create this issue and contribute to this project.

The above templates don’t look for that pattern in CSS files as you mentioned (nuclei -t {anything with type RCE}.yaml -target http://127.0.0.1/test.css). Also, http://127.0.0.1/test.css is not an expected input unless you are only running -dast templates.

[kankburhan]

hi @princechaddha .css just sample, you can try this

echo "https://developer.porsche.com" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-41291.yaml

inpect developer.porsche.com you will see css inline with css like above on that page result.

[princechaddha]

Yes, that makes sense. We’ve been actively adding flow to the templates with weak matchers to confirm the product or CMS before matchering. However, given the number of CVEs, fixing this edge case is quite difficult. Do you have any suggestions for reducing false positives? Otherwise, we’ll continue tracking them and add additional matchers to each template. We will prioritize fixing the ones matched below immediately

pwnmachine@PD nuclei-templates % echo "https://developer.porsche.com" | nuclei -id CVE-2022-0543,CVE-2011-2523,linux-lfi-fuzzing,header-command-injection,d-link-arbitary-fileread,mapproxy-file-read,root-path-disclosure,targa-camera-lfi,CNVD-2023-03903,CNVD-2019-32204,CNVD-2021-28277,CNVD-2021-26422,CNVD-2021-41972,CNVD-2021-64035,CNVD-2021-15822,CNVD-2021-43984,huawei-authhttp-lfi,yonyou-yonbip-lfi,oscommerce-rce,wp-simple-fields-lfi,wp-tutor-lfi,wp-vault-lfi,wp-social-warfare-rce,wordpress-wordfence-lfi,health-check-lfi,wp-sym404,jexboss-backdoor,oracle-ebs-bispgraph-file-access,epp-server-lfi,huijietong-cloud-fileread,interlib-fileread,seowon-router-rce,webp-server-lfi,acti-video-lfi,mockoon-lfi,bullwark-momentum-lfi,yishaadmin-lfi,elFinder-path-traversal,carel-bacnet-gateway-traversal,hasura-graphql-psql-exec,hongfan-ioffice-rce,dss-download-fileread,avcon6-execl-lfi,eyelock-nano-lfd,inspur-clusterengine-rce,laravel-filemanager-lfi,lokomedia-cms-lfi,yapi-rce,panmicro-arbitrary-file-read,cpas-managment-lfi,array-vpn-lfi,alibaba-anyproxy-lfi,nginx-merge-slashes-path-traversal,wisegiga-nas-lfi,hiboss-rce,pdf-signer-ssti-to-rce,pmb-directory-traversal,crawlab-lfi,ups-network-lfi,ncast-lfi,mpsec-lfi,voyager-lfi,bems-api-lfi,sonicwall-sslvpn-shellshock,sharp-printers-lfi,tamronos-rce,processmaker-lfi,avcon6-lfi,fastbee-arbitrary-file-read,hjtcloud-arbitrary-file-read,pmb-local-file-disclosure,ns-asg-file-read,cs-cart-unauthenticated-lfi,goip-1-lfi,beward-ipcamera-disclosure,oracle-fatwire-lfi,huawei-hg659-lfi,flir-path-traversal,kodak-network-lfi,sanhui-smg-file-read,xerox-efi-lfi,sangfor-download-lfi,kingsoft-vgm-lfi,h3c-imc-rce,ecsimagingpacs-rce,myucms-lfr,hanming-lfr,netpower-npfw-lfi,taiwanese-travel-lfi,jeewms-lfi,qi-anxin-netkang-next-generation-firewall-rce,magicflow-lfi,nsfocus-lfi,samsung-wlan-ap-lfi,samsung-wlan-ap-rce,jolokia-file-read-compilerdirectivesadd,ibm-infoprint-lfi,gradio-lfi,weaver-ebridge-lfi,gitea-rce,ruijie-eg-rce,nuxt-js-lfi,hcm-cloud-lfi,generic-linux-lfi,unauth-lfd-zhttpd,totolink-boaform-rce,sangfor-edr-rce,apache-solr-file-read,dahua-wpms-lfi,vmware-vcenter-lfi-linux,CVE-2013-5528,CVE-2013-5979,CVE-2013-7091,CVE-2013-1965,CVE-2014-5187,CVE-2014-6271,CVE-2014-3120,CVE-2014-9609,CVE-2014-1203,CVE-2014-6308,CVE-2014-5181,CVE-2014-10037,CVE-2014-2962,CVE-2014-5111,CVE-2014-4940,CVE-2014-5258,CVE-2014-2323,CVE-2014-4577,CVE-2014-4941,CVE-2014-3744,CVE-2022-31474,CVE-2022-24816,CVE-2022-4063,CVE-2022-37190,CVE-2022-33901,CVE-2022-28117,CVE-2022-31137,CVE-2022-40881,CVE-2022-4140,CVE-2022-29014,CVE-2022-36553,CVE-2022-35914,CVE-2022-47501,CVE-2022-29298,CVE-2022-24900,CVE-2022-0679,CVE-2022-41840,CVE-2022-24716,CVE-2022-2414,CVE-2022-26960,CVE-2022-2863,CVE-2022-25497,CVE-2022-27043,CVE-2022-47615,CVE-2022-4060,CVE-2025-2539,CVE-2025-31131,CVE-2025-29306,CVE-2025-2294,CVE-2025-1743,CVE-2025-30208,CVE-2025-34031,CVE-2025-3248,CVE-2025-1035,CVE-2025-46822,CVE-2025-44177,CVE-2024-45388,CVE-2024-40348,CVE-2024-2928,CVE-2024-38816,CVE-2024-4956,CVE-2024-7340,CVE-2024-10516,CVE-2024-41667,CVE-2024-9935,CVE-2024-12209,CVE-2024-1728,CVE-2024-23334,CVE-2024-0986,CVE-2024-36527,CVE-2024-1483,CVE-2024-12849,CVE-2024-9047,CVE-2024-55550,CVE-2024-55415,CVE-2024-39903,CVE-2024-6893,CVE-2024-28995,CVE-2024-27292,CVE-2024-55457,CVE-2024-48766,CVE-2024-5334,CVE-2024-50603,CVE-2024-3848,CVE-2024-3673,CVE-2024-8859,CVE-2024-40422,CVE-2024-11303,CVE-2024-6781,CVE-2024-34470,CVE-2024-30188,CVE-2024-7954,CVE-2024-27564,CVE-2024-5827,CVE-2024-5082,CVE-2024-24565,CVE-2024-2053,CVE-2024-12987,CVE-2024-45309,CVE-2024-27954,CVE-2024-41628,CVE-2024-1561,CVE-2023-6023,CVE-2023-34960,CVE-2023-6977,CVE-2023-39108,CVE-2023-42344,CVE-2023-22047,CVE-2023-6038,CVE-2023-2780,CVE-2023-39109,CVE-2023-26360,CVE-2023-36845,CVE-2023-6623,CVE-2023-52085,CVE-2023-48777,CVE-2023-41599,CVE-2023-39141,CVE-2023-38879,CVE-2023-6909,CVE-2023-51449,CVE-2023-6021,CVE-2023-39110,CVE-2023-33510,CVE-2023-5991,CVE-2023-1177,CVE-2023-6020,CVE-2015-2166,CVE-2015-1000012,CVE-2015-3648,CVE-2015-9480,CVE-2015-3897,CVE-2015-3337,CVE-2015-5688,CVE-2015-4632,CVE-2015-1427,CVE-2015-2067,CVE-2015-7245,CVE-2015-4414,CVE-2012-0392,CVE-2012-0896,CVE-2012-4253,CVE-2012-1226,CVE-2012-4878,CVE-2012-0991,CVE-2012-0996,CVE-2012-0981,CVE-2008-4668,CVE-2008-6080,CVE-2008-6668,CVE-2008-2650,CVE-2008-6222,CVE-2008-4764,CVE-2008-6172,CVE-2007-4504,CVE-2007-4556,CVE-2009-0932,CVE-2009-0545,CVE-2009-4679,CVE-2009-4202,CVE-2009-3318,CVE-2009-1558,CVE-2009-1151,CVE-2009-2100,CVE-2009-3053,CVE-2009-5114,CVE-2009-1496,CVE-2009-2015,CVE-2017-12611,CVE-2017-14537,CVE-2017-14849,CVE-2017-5638,CVE-2017-9416,CVE-2017-12615,CVE-2017-16877,CVE-2017-14535,CVE-2017-15647,CVE-2017-1000028,CVE-2017-16806,CVE-2017-1000029,CVE-2010-1495,CVE-2010-1354,CVE-2010-2128,CVE-2010-5028,CVE-2010-1657,CVE-2010-1315,CVE-2010-1952,CVE-2010-2036,CVE-2010-1476,CVE-2010-1533,CVE-2010-3426,CVE-2010-0972,CVE-2010-2918,CVE-2010-1461,CVE-2010-1532,CVE-2010-2037,CVE-2010-1953,CVE-2010-5286,CVE-2010-1601,CVE-2010-1314,CVE-2010-0944,CVE-2010-1302,CVE-2010-1494,CVE-2010-1470,CVE-2010-1535,CVE-2010-2122,CVE-2010-1718,CVE-2010-0467,CVE-2010-4977,CVE-2010-1722,CVE-2010-1305,CVE-2010-1217,CVE-2010-1352,CVE-2010-1981,CVE-2010-0943,CVE-2010-1714,CVE-2010-1313,CVE-2010-2682,CVE-2010-1954,CVE-2010-1056,CVE-2010-1955,CVE-2010-2857,CVE-2010-2050,CVE-2010-1607,CVE-2010-1312,CVE-2010-0942,CVE-2010-1345,CVE-2010-1715,CVE-2010-1980,CVE-2010-1353,CVE-2010-1979,CVE-2010-1304,CVE-2010-1723,CVE-2010-0759,CVE-2010-1719,CVE-2010-1471,CVE-2010-1534,CVE-2010-1308,CVE-2010-4719,CVE-2010-1219,CVE-2010-1472,CVE-2010-2045,CVE-2010-1956,CVE-2010-1540,CVE-2010-2507,CVE-2010-0982,CVE-2010-2680,CVE-2010-1653,CVE-2010-4282,CVE-2010-1983,CVE-2010-1307,CVE-2010-1491,CVE-2010-1306,CVE-2010-1081,CVE-2010-1982,CVE-2010-1717,CVE-2010-1469,CVE-2010-1957,CVE-2010-2033,CVE-2010-1473,CVE-2010-1977,CVE-2010-4617,CVE-2010-1602,CVE-2010-1878,CVE-2010-2307,CVE-2010-1340,CVE-2010-1478,CVE-2010-1858,CVE-2010-1659,CVE-2010-1531,CVE-2010-1474,CVE-2010-2034,CVE-2010-2035,CVE-2010-2259,CVE-2010-1475,CVE-2010-1658,CVE-2010-2920,CVE-2010-1875,CVE-2010-4231,CVE-2010-4769,CVE-2010-0696,CVE-2010-0157,CVE-2010-1603,CVE-2010-0985,CVE-2010-3203,CVE-2019-8982,CVE-2019-9757,CVE-2019-17538,CVE-2019-14251,CVE-2019-7315,CVE-2019-11510,CVE-2019-9726,CVE-2019-14312,CVE-2019-7256,CVE-2019-9618,CVE-2019-3799,CVE-2019-17270,CVE-2019-18371,CVE-2019-7254,CVE-2019-13396,CVE-2019-5418,CVE-2019-19411,CVE-2019-16662,CVE-2019-12725,CVE-2019-7238,CVE-2019-12314,CVE-2019-15107,CVE-2019-12276,CVE-2019-16278,CVE-2019-9670,CVE-2019-16920,CVE-2021-45043,CVE-2021-42071,CVE-2021-29006,CVE-2021-20123,CVE-2021-43495,CVE-2021-40651,CVE-2021-40978,CVE-2021-23241,CVE-2021-20124,CVE-2021-33564,CVE-2021-41749,CVE-2021-41773,CVE-2021-32820,CVE-2021-3223,CVE-2021-43778,CVE-2021-28918,CVE-2021-41293,CVE-2021-46107,CVE-2021-28149,CVE-2021-25864,CVE-2021-43831,CVE-2021-43734,CVE-2021-21234,CVE-2021-25646,CVE-2021-41291,CVE-2021-39433,CVE-2021-31805,CVE-2021-36749,CVE-2021-43496,CVE-2021-46381,CVE-2021-46417,CVE-2021-28377,CVE-2021-39316,CVE-2021-40960,CVE-2021-43287,CVE-2021-42013,CVE-2020-24579,CVE-2020-11991,CVE-2020-13851,CVE-2020-8209,CVE-2020-35580,CVE-2020-5410,CVE-2020-5902,CVE-2020-27191,CVE-2020-14864,CVE-2020-15920,CVE-2020-8193,CVE-2020-9054,CVE-2020-24285,CVE-2020-17530,CVE-2020-11738,CVE-2020-21224,CVE-2020-17496,CVE-2020-23575,CVE-2020-7209,CVE-2020-11798,CVE-2020-8515,CVE-2020-29227,CVE-2020-5405,CVE-2020-17519,CVE-2020-25540,CVE-2020-26073,CVE-2020-29390,CVE-2020-11455,CVE-2020-35736,CVE-2020-13886,CVE-2020-8163,CVE-2020-15568,CVE-2020-35598,CVE-2020-8641,CVE-2018-12031,CVE-2018-8033,CVE-2018-18778,CVE-2018-9205,CVE-2018-1273,CVE-2018-3760,CVE-2018-19365,CVE-2018-12909,CVE-2018-7600,CVE-2018-16059,CVE-2018-13980,CVE-2018-12054,CVE-2018-19458,CVE-2018-12613,CVE-2018-14728,CVE-2018-10823,CVE-2018-16299,CVE-2018-16763,CVE-2018-10822,CVE-2018-6008,CVE-2018-7422,CVE-2018-16283,CVE-2018-11776,CVE-2018-16288,CVE-2018-3714,CVE-2018-16836,CVE-2018-10956,CVE-2018-19326,CVE-2018-18777,CVE-2018-14918,CVE-2018-6184,CVE-2018-15535,CVE-2018-7490,CVE-2011-4804,CVE-2011-3315,CVE-2011-2744,CVE-2011-2780,CVE-2011-4640,CVE-2011-0049,CVE-2011-1669,CVE-2016-10956,CVE-2016-6277,CVE-2016-3081,CVE-2016-2389,python-code-injection,linux-lfi-fuzz,proftpd-backdoor,pgsql-extensions-rce

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.4.10

		projectdiscovery.io

[INF] Current nuclei version: v3.4.10 (latest)
[INF] Current nuclei-templates version: v10.2.8 (latest)
[INF] New templates added in latest release: 114
[INF] Templates loaded for current scan: 530
[INF] Executing 529 signed templates from projectdiscovery/nuclei-templates
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1

[CVE-2021-41291] [http] [high] https://developer.porsche.com/fmangersub?cpath=../../../../../../../etc/passwd
[CVE-2020-8193] [http] [medium] https://developer.porsche.com/menu/ss?sid=nsroot&username=nsroot&force_setup=1
[INF] Using Interactsh Server: oast.live
[CVE-2020-8193] [http] [medium] https://developer.porsche.com/menu/neo
[apache-solr-file-read] [http] [high] https://developer.porsche.com/solr/admin/cores?wt=json
[CVE-2020-8193] [http] [medium] https://developer.porsche.com/menu/stc
[generic-linux-lfi] [http] [high] https://developer.porsche.com/..%5cetc/passwd [paths="/..%5cetc/passwd"]
[nuxt-js-lfi] [http] [high] https://developer.porsche.com/_nuxt/@fs/etc/passwd

[kankburhan]

That’s not really a solution — the suggestion means replacing all regex. Even if you add flow to the template, if the matcher is wrong the result will still be false in that case.

[princechaddha]

Adding the flow works like an additional condition and in our experience it significantly reduces the likelihood of false positives.

If there’s a better approach to solve this for all templates without false negatives, we’re open to ideas and encourage the community to share solutions, as addressing false positives is our top priority for templates

[DhiyaneshGeek]

Hi @kankburhan

Due to the inactivity we are closing this issue , feel free to re-open once you have more info

Thanks