CVE-2026-9658 Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\r\nHost:...

Interpretation Conflict

Overview @fastify/middie is a Middleware engine for Fastify Affected versions of this package are vulnerable to Interpretation Conflict in the propagation of middleware paths to child plugin scopes due to incorrect re-prefixing. An attacker can gain unauthorized access to protected routes by...

CVE-2025-69211

Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses @nestjs/platform-fastify; relies on NestMiddleware via MiddlewareConsumer for security checks...

CVE-2025-69211

Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses @nestjs/platform-fastify; relies on NestMiddleware via MiddlewareConsumer for security checks...

EUVD-2020-22708

Malware in sbrugna...

EUVD-2025-14703

Malicious code in bioql PyPI...

Malicious code in blog-post-prisma-middleware-cls-hooked (npm)

The package blog-post-prisma-middleware-cls-hooked was found to contain malicious code...

Exploit for CVE-2025-29927

CVE-2025-29927 - Critical Security Vulnerability in Next.js...

CVE-2024-21119

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Core. Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In...

CVE-2023-21846

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware component: Security. Supported versions that are affected are 5.9.0.0.0, 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise...

Exploit for Server-Side Request Forgery in Microsoft

CVE-2025-29927 - Critical Security Vulnerability in Next.js...

CVE-2025-29927

A flaw was found in Next.js package. This vulnerability allows bypassing authorization checks within a Next.js application if the authorization check occurs in middleware. Mitigation Block or drop external user requests which contain the x-middleware-subrequest header from reaching your Next.js...

CVE-2025-29927 Authorization Bypass in Next.js Middleware

Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to ...

Authorization Bypass

Next is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization in middleware based on pathname, allowing it to be bypassed for pages directly under the root directory of a Next.js application...

CVE-2024-51479

Next.js CVE-2024-51479: A pathname-based authorization check in middleware can bypass access control for root-level pages (e.g., /foo) while not affecting deeper paths (e.g., /foo/bar). Patch available in Next.js 14.2.15 and later; if hosted on Vercel, mitigation is automatic. IBM-related notices...

CVE-2013-7370

node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware...

SUSE-SU-2017:1062-1 Security update for python-oslo.middleware

This update for python-oslo.middleware fixes the following issues: Security issue fixed: - CVE-2017-2592: Using the CatchError class may include sensitive values in the error message accompanying a Traceback, resulting in their disclosure bsc1022043...