ProjectDiscovery

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)

Cloudflare, Don't miss, framework, Hot stuff, News, Next.js, open source, PoC, ProjectDiscovery, vulnerability, web application security, web development /

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) 2025-03-24 at 15:17 By Zeljka Zorz A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web pages they should no have access to (e.g., the web app’s admin panel). […]

React to this headline:

Loading spinner

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) Read More »

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)

authentication, Don't miss, exploit, GitLab, Hot stuff, News, PoC, ProjectDiscovery, security update, Synactiv, vulnerability /

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) 2024-10-09 at 15:49 By Zeljka Zorz If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security researchers have published an analysis of CVE-2024-45409 and an exploit script that may help attackers gain

React to this headline:

Loading spinner

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) Read More »

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519)

CVE, Don't miss, exploit, Hot stuff, News, PoC, ProjectDiscovery, Proofpoint, Synacor, vulnerability /

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) 2024-10-02 at 14:16 By Zeljka Zorz Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations. Proofpoint’s threat researchers say that the attacks started on September 28 – several weeks after Zimbra developers released patches for CVE-2024-45519 and

React to this headline:

Loading spinner

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) Read More »

Scroll to Top