9 matches found
EUVD-2025-9629
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-30218
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which...
The vulnerability of the Next.js software platform for creating web applications lies in the insufficient protection of sensitive data, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the Next.js web application development software platform is related to the transfer of the x-middleware-subrequest-id parameter to external hosts. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...
GHSA-223J-4RM8-MRMF Next.js may leak x-middleware-subrequest-id to external hosts
Summary In the process of remediating CVE-2025-29927, we looked at other possible exploits of Middleware. We independently verified this low severity vulnerability in parallel with two reports from independent researchers. Learn more here. Credit Thank you to Jinseo Kim kjsman and RyotaK GMO Flat...
Next.js may leak x-middleware-subrequest-id to external hosts
Summary In the process of remediating CVE-2025-29927, we looked at other possible exploits of Middleware. We independently verified this low severity vulnerability in parallel with two reports from independent researchers. Learn more here. Credit Thank you to Jinseo Kim kjsman and RyotaK GMO Flat...
CVE-2025-30218
Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host ...
CVE-2025-30218 Next.js may leak x-middleware-subrequest-id to external hosts
Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host ...
CVE-2025-30218 Next.js may leak x-middleware-subrequest-id to external hosts
Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host ...
CVE-2025-30218
Next.js (React framework) contains a vulnerability where x-middleware-subrequest-id is exposed to third-party destinations when a fetch to a different host occurs inside Middleware. Root cause: subrequest-id validation persisted across requests whereas destinations can differ, allowing informatio...