Lucene search
+L

7 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/12/30 12:59 p.m.16 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Processing

Summary Multiple vulnerabilities were addressed in IBM Event Processing version 1.4.5 Vulnerability Details CVEID:CVE-2025-30218 DESCRIPTION: Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which...

8.2CVSS6.3AI score0.02164EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/03 4:25 a.m.12 views

CVE-2025-30218

A flaw was found in the Next.js package. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id, which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host as the Next.js application...

3.7CVSS6.9AI score0.99301EPSS
Exploits58References5
NVD
NVD
added 2025/04/02 10:15 p.m.26 views

CVE-2025-30218

Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host ...

6.3CVSS0.00398EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/02 9:23 p.m.20 views

CVE-2025-30218 Next.js may leak x-middleware-subrequest-id to external hosts

Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host ...

6.3CVSS7AI score0.00398EPSS
Exploits0References2
CVE
CVE
added 2025/04/02 9:23 p.m.75 views

CVE-2025-30218

Next.js (React framework) contains a vulnerability where x-middleware-subrequest-id is exposed to third-party destinations when a fetch to a different host occurs inside Middleware. Root cause: subrequest-id validation persisted across requests whereas destinations can differ, allowing informatio...

6.3CVSS7AI score0.00398EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/04/02 9:23 p.m.40 views

CVE-2025-30218 Next.js may leak x-middleware-subrequest-id to external hosts

Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host ...

6.3CVSS0.00398EPSS
Exploits0References2
Circl
Circl
added 2025/04/02 6:14 p.m.7 views

CVE-2025-30218

creationtimestamp| type| source ---|---|--- 2025-04-02 18:14:04+00:00| seen| https://bsky.app/profile/feedbot.unronritaro.net/post/3lltyj64efo2d 2025-04-02 21:34:07+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10140 2025-04-02 22:14:42+00:00| seen|...

6.3CVSS5.3AI score0.00398EPSS
Exploits0References7
Rows per page
Query Builder