Lucene search
+L

9 matches found

metasploit
metasploit
added 2026/06/24 7:4 p.m.185 views

Next.js Middleware Authorization Bypass Scanner

This module detects self-hosted Next.js applications affected by CVE-2025-29927, an authorization bypass in the middleware layer. Next.js tags its own internal subrequests with the x-middleware-subrequest header and skips middleware when it sees it. The header is trusted without verifying it...

9.1CVSS6.9AI score0.99301EPSS
Exploits58
githubexploit
githubexploit
added 2026/03/17 3:25 p.m.118 views

Exploit for Incorrect Authorization in Vercel Next.Js

CVE-2025-29927 — Next.js Middleware Authentication Bypass...

9.1CVSS6AI score0.99301EPSS
Exploits58
packetstormnews
packetstormnews
added 2026/02/10 12:0 a.m.10 views

Next.js 15.2.3 Middleware Bypass Scanner

A vulnerability exists in the Next.js middleware handling mechanism, where requests containing the "x-middleware-subrequest" header are processed differently compared to normal requests, potentially allowing attackers to bypass authentication. This is a scanner to test version 15.2.3...

9.1CVSS5.5AI score0.99301EPSS
Exploits58
packetstorm
packetstorm
added 2026/01/30 12:0 a.m.181 views

📄 Next.js 13.5.9 Middleware Bypass Scanner

This is an authorization bypass scanner for Next.js versions 13.5.9 and below. A vulnerability exists in the Next.js middleware handling mechanism, where requests containing the "x-middleware-subrequest" header are processed differently compared to normal requests...

9.1CVSS7.3AI score0.99301EPSS
Exploits58
githubexploit
githubexploit
added 2025/09/20 8:12 a.m.280 views

Exploit for Improper Authorization in Vercel Next.Js

CVE-2025-29927 — Next.js middleware authorization bypass...

9.1CVSS7.1AI score0.99301EPSS
Exploits58
githubexploit
githubexploit
added 2025/07/23 5:35 p.m.115 views

Exploit for CVE-2025-29927

CVE‑2025‑29927 – Next.js Middleware Authorization Bypass O...

9.1CVSS7.6AI score0.99301EPSS
Exploits58
githubexploit
githubexploit
added 2025/04/23 8:19 a.m.106 views

Exploit for CVE-2025-29927

CVE-2025-29927 CVE-2025-29927: Next.js Middleware Bypass Vulne...

9.1CVSS6.6AI score0.99301EPSS
Exploits58
githubexploit
githubexploit
added 2025/03/24 11:42 a.m.89 views

Exploit for CVE-2025-29927

CVE-2025-29927: Next.js Middleware Bypass PoC Overview This...

9.1CVSS7AI score0.99301EPSS
Exploits58
attackerkb
attackerkb
added 2025/03/21 3:15 p.m.6 views

CVE-2025-29927

Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to ...

9.1CVSS6.9AI score0.99301EPSS
Exploits58References9Affected Software1
Rows per page
Query Builder