Exploit for CVE-2025-66478

CVE-2025-66478 Exploit PoC This repository contains proof-of-...

EUVD-2021-2024

Malware in sbrugna...

EUVD-2023-2714

Malicious code in bioql PyPI...

CVE-2025-49005 Next.js cache poisoning due to omission of Vary header

Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to return a React Server Component RSC payloa...

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilities Vulnerability Details CVEID:CVE-2025-29927 DESCRIPTION: Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is...

Information exposure in Next.js dev server due to lack of origin verification

Summary A low-severity vulnerability in Next.js has been fixed in version 15.2.2. This issue may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects local development environments and requires the user to visit a...

CVE-2025-32421 Next.js Race Condition to Cache Poisoning

Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve pageProps data instead of standard HTML. Thi...

Detecting and Mitigating an Authorization Bypass Vulnerability in Next.js

...

Authorization Bypass in Next.js Middleware

Impact It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. Patches For Next.js 15.x, this issue is fixed in 15.2.3 For Next.js 14.x, this issue is fixed in 14.2.25 For Next.js 13.x, this issue is fixed in 13.5.9 For Next.js...

CVE-2024-51479 Authorization bypass in Next.js

Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For...

Next.js < 14.1.1 Server Actions Server-Side Request Forgery

Next.js versions from 13.4 included before 14.1.1 suffer from a Server-Side Request Forgery SSRF when using Server Actions performing a redirection to a relative path starting with '/'. By leveraging this vulnerability, a remote and unauthenticated attacker can forge an arbitrary 'Host' header an...

Exploit for CVE-2024-34351

CVE-2024-34351 Exploit - CVE-2024-34351 PoChttps://github...

Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint

Impact An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This could open door for other attack vectors: client-side vulnerabilities: XSS/CSRF in the context of the trusted domain; interaction with...