Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

Veracode
Veracodeadded 2026/05/15 7:39 p.m.14 views

Incorrect Authorization

Clerk is vulnerable to Incorrect Authorization. The vulnerability is due to improper request matching in createRouteMatcher, which allows an attacker to craft requests that bypass middleware protection and access downstream handlers...

9.1CVSS5.8AI score0.00096EPSS
Exploits0References2Affected Software4
Snyk
Snykadded 2026/04/16 9:28 p.m.2 views

Incorrect Authorization

Overview @clerk/shared is an Internal package utils used by the Clerk SDKs Affected versions of this package are vulnerable to Incorrect Authorization via the createPathMatcher function in @clerk/shared used by downstream createRouteMatcher. An attacker can gain unauthorized access to protected...

9.1CVSS5.5AI score0.00096EPSS
Exploits0References2
Veracode
Veracodeadded 2026/03/27 7:33 a.m.3 views

Interpretation Conflict

github.com/traefik/traefik is vulnerable to Interpretation Conflict. The vulnerability is due to improper path normalization when handling Path, PathPrefix, or PathRegex matchers, which allows an attacker to use URL-encoded characters to bypass middleware and access unintended backend services...

6.9CVSS7.1AI score0.00018EPSS
Exploits1References4Affected Software1
SUSE CVE
SUSE CVEadded 2025/05/31 1:26 a.m.1 views

SUSE CVE-2025-47952

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a...

9.1CVSS6.5AI score0.00399EPSS
Exploits0References4
Snyk
Snykadded 2025/05/28 2:25 p.m.1 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal when using the PathPrefix, Path, or PathRegex route matchers. An attacker can target a backend exposed using another router, by-passing the middleware chain by crafting a request with a manipulated path using...

6.3CVSS7.6AI score0.00399EPSS
Exploits0References2
GithubExploit
GithubExploitadded 2025/03/25 5:59 p.m.532 views

Exploit for Server-Side Request Forgery in Microsoft

CVE-2025-29927 - Critical Security Vulnerability in Next.js...

9.9CVSS7.8AI score0.92118EPSS
Exploits56
Veracode
Veracodeadded 2025/03/24 2:12 p.m.15 views

Authorization Bypass

Next.js is vulnerable to Authorization Bypass. The vulnerability is due to improper handling of the x-middleware-subrequest header, allowing attackers to bypass authorization checks in middleware...

9.1CVSS7AI score0.92118EPSS
Exploits56References9Affected Software1
Veracode
Veracodeadded 2025/01/02 7:48 a.m.20 views

Authorization Bypass

Next is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization in middleware based on pathname, allowing it to be bypassed for pages directly under the root directory of a Next.js application...

7.5CVSS7AI score0.78509EPSS
Exploits0References3Affected Software1
0day.today
0day.todayadded 2020/05/29 12:0 a.m.70 views

Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass Vulnerability

Exploit for multiple platform in category web applications Exploit Title : Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass Exploit Author : Halis Duraki @0xduraki Product : http-protection Crystal Shard Product URI : https://github.com/rogeriozambon/http-protection Version :...

7.1AI score
Exploits0
Rows per page
Query Builder