7 matches found
Security Bulletin: Multiple Vulnerabilities in IBM Event Processing
Summary Multiple vulnerabilities were addressed in IBM Event Processing version 1.4.5 Vulnerability Details CVEID:CVE-2025-30218 DESCRIPTION: Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which...
CVE-2025-30218
A flaw was found in the Next.js package. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id, which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host as the Next.js application...
CVE-2025-30218
Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host ...
CVE-2025-30218 Next.js may leak x-middleware-subrequest-id to external hosts
Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host ...
CVE-2025-30218
Next.js (React framework) contains a vulnerability where x-middleware-subrequest-id is exposed to third-party destinations when a fetch to a different host occurs inside Middleware. Root cause: subrequest-id validation persisted across requests whereas destinations can differ, allowing informatio...
CVE-2025-30218 Next.js may leak x-middleware-subrequest-id to external hosts
Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host ...
CVE-2025-30218
creationtimestamp| type| source ---|---|--- 2025-04-02 18:14:04+00:00| seen| https://bsky.app/profile/feedbot.unronritaro.net/post/3lltyj64efo2d 2025-04-02 21:34:07+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10140 2025-04-02 22:14:42+00:00| seen|...