Lucene search
K

52 matches found

Metasploit
Metasploit
added 2026/06/24 7:4 p.m.108 views

Next.js Middleware Authorization Bypass Scanner

This module detects self-hosted Next.js applications affected by CVE-2025-29927, an authorization bypass in the middleware layer. Next.js tags its own internal subrequests with the x-middleware-subrequest header and skips middleware when it sees it. The header is trusted without verifying it...

9.1CVSS6.9AI score0.99621EPSS
Exploits58
GithubExploit
GithubExploit
added 2026/06/10 6:50 a.m.53 views

Exploit for Incorrect Authorization in Vercel Next.Js

CVE-2025-29927 Lab Minimal reproduction lab for CVE-2025-2992...

9.1CVSS5.5AI score0.99621EPSS
Exploits58
GithubExploit
GithubExploit
added 2026/05/20 2:23 a.m.84 views

Exploit for Incorrect Authorization in Vercel Next.Js

Himalaya Tech Admin Panel — CVE-2025-29927 Demo WARNING:...

9.1CVSS6.9AI score0.99621EPSS
Exploits58
GithubExploit
GithubExploit
added 2026/04/24 4:7 a.m.122 views

Exploit for Incorrect Authorization in Vercel Next.Js

ALPR Dashboard runtime patches Two drop-in patches for the a...

9.1CVSS5.9AI score0.99621EPSS
Exploits58
Packet Storm
Packet Storm
added 2026/02/09 12:0 a.m.172 views

📄 Next.js 15.2.3 Middleware Authorization Bypass

This Python script checks whether a website built with Next.js is vulnerable to CVE‑2025‑29927, a middleware authorization bypass flaw triggered by the request header:x-middleware-subrequest...

9.1CVSS5.5AI score0.99621EPSS
Exploits58
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/19 9:13 p.m.9 views

Security Bulletin: IBM Security QRadar Network Threat Analytics app for IBM QRadar SIEM includes components with known vulnerabilities

Summary Components with known vulnerabilities were addressed in a IBM Security QRadar Network Threat Analytics app release Vulnerability Details CVEID:CVE-2025-29927 DESCRIPTION: Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to version...

9.1CVSS6.7AI score0.99621EPSS
Exploits58Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 1:11 p.m.11 views

Security Bulletin: IBM Security QRadar Network Threat Analytics app for IBM QRadar SIEM includes a component with known vulnerabilities (CVE-2025-29927 & CVE-2025-48068)

Summary The product includes a vulnerable component e.g., framework library that may be identified and exploited with automated tools. IBM Security QRadar Network Threat Analytics app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-29927 DESCRIPTION:...

9.1CVSS7.4AI score0.99621EPSS
Exploits58Affected Software1
GithubExploit
GithubExploit
added 2025/10/04 3:40 a.m.265 views

Exploit for Improper Authorization in Vercel Next.Js

MiddleForce 🔍 Overview MiddleForce is a speci...

9.1CVSS8AI score0.99621EPSS
Exploits58
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-9629

Malicious code in bioql PyPI...

6.3CVSS5.4AI score0.00371EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/09/20 8:12 a.m.271 views

Exploit for Improper Authorization in Vercel Next.Js

CVE-2025-29927 — Next.js middleware authorization bypass...

9.1CVSS7.1AI score0.99621EPSS
Exploits58
GithubExploit
GithubExploit
added 2025/09/11 7:30 p.m.275 views

Exploit for Incorrect Authorization in Vercel Next.Js

CVE-2025-29927 Research and Safe Testing Framework This repos...

9.1CVSS6.7AI score0.99621EPSS
Exploits58
GithubExploit
GithubExploit
added 2025/08/28 6:55 a.m.240 views

Exploit for CVE-2025-29927

CVE-2025-29927 - Next.js Middleware 15.2.2 - Authorization Byp...

9.1CVSS7.7AI score0.99621EPSS
Exploits58
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/16 8:45 a.m.12 views

Security Bulletin: IBM Event Processing is vulnerable to an Authorization Bypass (CVE-2025-29927)

Summary IBM Event Processing is vulnerable to an Authorization Bypass due to the use of a Next.js component. Since Next.js can be used in the UI layer or API routing, unauthorized users may gain access to protected resources or functionalities, potentially compromising the system's integrity...

9.1CVSS7.1AI score0.99621EPSS
Exploits58Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/16 8:16 a.m.11 views

Security Bulletin: IBM Edge Data Collector is vulnerable to next-15.1.7.tgz CVE-2025-29927

Summary IBM Edge Data Collector is vulnerable to next-15.1.7.tgz CVE-2025-29927. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-29927 DESCRIPTION: Next.js is a React framework for building full-stack web applications. Starting in...

9.1CVSS7AI score0.99621EPSS
Exploits58Affected Software1
GithubExploit
GithubExploit
added 2025/06/09 6:46 a.m.344 views

Exploit for Server-Side Request Forgery in Microsoft

CVE-2025-29927 - Critical Security Vulnerability in Next.js...

9.9CVSS9.8AI score0.99621EPSS
Exploits58
GithubExploit
GithubExploit
added 2025/06/07 7:4 p.m.308 views

Exploit for CVE-2025-29927

CVE-2025-29927 - Critical Security Vulnerability in Next.js...

9.1CVSS7.7AI score0.99621EPSS
Exploits58
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/22 9:56 a.m.21 views

Security Bulletin: MANTA Automated Data Lineage is vulnerable to an authorization check bypass

Summary Next.js is used by MANTA Automated Data Lineage as part of the UI. CVE-2025-29927. Vulnerability Details CVEID:CVE-2025-29927 DESCRIPTION: Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and...

9.1CVSS6.6AI score0.99621EPSS
Exploits58Affected Software1
GithubExploit
GithubExploit
added 2025/05/06 9:47 p.m.241 views

Exploit for CVE-2025-29927

CVE-2025-29927 - Next.js Auth Bypass PoC Este es un Proof o...

9.1CVSS9.7AI score0.99621EPSS
Exploits58
GithubExploit
GithubExploit
added 2025/05/03 2:0 p.m.242 views

Exploit for CVE-2025-29927

CVE-2025-29927 Scanner ===================== This Python script...

9.1CVSS7.7AI score0.99621EPSS
Exploits58
GithubExploit
GithubExploit
added 2025/04/29 10:44 a.m.165 views

Exploit for CVE-2025-29927

CVE-2025-29927 – Next.js Middleware Authorization Bypass This...

9.1CVSS7.7AI score0.99621EPSS
Exploits58
Rows per page
Query Builder