Found 2 bookmarks
Custom sorting
CVE-2025-29927: Next.js Middleware Authorization Bypass
CVE-2025-29927: Next.js Middleware Authorization Bypass
Next.js is an open-source web framework built by Vercel that powers React-based apps with features like server-side and static rendering. Recently, a critical vulnerability (CVE) was disclosed that lets attackers bypass middleware-based authorization checks. The issue was originally discovered and analyzed by Rachid Allam (zhero). In this blog, we’ll break down the vulnerability and walk through their research and will create a Nuclei template to help you detect it across your assets.
#projectdiscovery#EN#2025#next.js#vulnerabilty#CVE-2025-29927#analysis
·projectdiscovery.io·
CVE-2025-29927: Next.js Middleware Authorization Bypass
Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024
Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024
It affected (before patching) all currently-maintained branches, and recently was highlighted by CISA as being exploited-in-the-wild. This must be the first time real-world attackers have reversed a patch, and reproduced a vulnerability, before some dastardly researchers released a detection artefact generator tool of their own. /s At watchTowr's core, we're all about identifying and validating ways into organisations - sometimes through vulnerabilities in network border appliances - without requiring such luxuries as credentials or asset lists.
#watchtowr#EN#2024#Fortinet#FortiGate#CVE-2024-23113#PoC#vulnerabilty#analysis
·labs.watchtowr.com·
Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024