Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

Packet Storm News
Packet Storm Newsadded 2026/02/10 12:0 a.m.8 views

Next.js 15.2.3 Middleware Bypass Scanner

A vulnerability exists in the Next.js middleware handling mechanism, where requests containing the "x-middleware-subrequest" header are processed differently compared to normal requests, potentially allowing attackers to bypass authentication. This is a scanner to test version 15.2.3...

9.1CVSS5.5AI score0.99621EPSS
Exploits58
Packet Storm
Packet Stormadded 2026/02/09 12:0 a.m.160 views

📄 Next.js 15.2.3 Middleware Authorization Bypass

This Python script checks whether a website built with Next.js is vulnerable to CVE‑2025‑29927, a middleware authorization bypass flaw triggered by the request header:x-middleware-subrequest...

9.1CVSS5.5AI score0.99621EPSS
Exploits58
GithubExploit
GithubExploitadded 2026/01/26 6:53 p.m.305 views

Exploit for Improper Authorization in Vercel Next.Js

PoC: CVE-2025-29927 - Next.js Middleware Bypass This reposito...

9.1CVSS6AI score0.99621EPSS
Exploits58
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2025-9629

Malicious code in bioql PyPI...

6.3CVSS5.4AI score0.00371EPSS
Exploits0References3
GithubExploit
GithubExploitadded 2025/04/23 8:19 a.m.101 views

Exploit for CVE-2025-29927

CVE-2025-29927 CVE-2025-29927: Next.js Middleware Bypass Vulne...

9.1CVSS6.6AI score0.99621EPSS
Exploits58
Github Security Blog
Github Security Blogadded 2025/04/02 10:35 p.m.35 views

Next.js may leak x-middleware-subrequest-id to external hosts

Summary In the process of remediating CVE-2025-29927, we looked at other possible exploits of Middleware. We independently verified this low severity vulnerability in parallel with two reports from independent researchers. Learn more here. Credit Thank you to Jinseo Kim kjsman and RyotaK GMO Flat...

6.3CVSS6.9AI score0.00371EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2025/04/02 9:23 p.m.35 views

CVE-2025-30218 Next.js may leak x-middleware-subrequest-id to external hosts

Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host ...

6.3CVSS0.00371EPSS
Exploits0References2
NCSC
NCSCadded 2025/03/25 8:38 a.m.7 views

Vulnerability fixed in Next.js

Vercel has fixed a vulnerability in Next.js Specific to versions 14.2.25 and 15.2.3 Next.js is a popular framework for developing Web applications. The vulnerability is in the way Next.js handles authentication checks in its own middleware. This allows malicious actors to bypass these controls,...

9.1CVSS8.7AI score0.99621EPSS
Exploits58References1
GithubExploit
GithubExploitadded 2025/03/22 6:42 p.m.116 views

Exploit for CVE-2025-29927

CVE-2025-29927 Next.js Middleware Authorization Bypass T...

9.1CVSS7.1AI score0.99621EPSS
Exploits58
OSV
OSVadded 2025/03/21 3:20 p.m.2 views

GHSA-F82V-JWR5-MFFW Authorization Bypass in Next.js Middleware

Impact It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. Patches For Next.js 15.x, this issue is fixed in 15.2.3 For Next.js 14.x, this issue is fixed in 14.2.25 For Next.js 13.x, this issue is fixed in 13.5.9 For Next.js...

9.1CVSS7AI score0.99621EPSS
Exploits58References11
Rows per page
Query Builder