2 matches found
Next.js: Next.js: Authorization bypass via crafted query parameters
A flaw was found in Next.js. This vulnerability allows an attacker to bypass security checks in web applications that use Next.js middleware to protect specific web pages. By sending specially crafted web addresses, an attacker can access protected content without proper authorization. This could...
CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices
The U.S. Cybersecurity and Infrastructure Security Agency CISA has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform XP to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities are listed below -...