100 matches found
📄 Next.js 15.2.3 Middleware Authorization Bypass
This Python script checks whether a website built with Next.js is vulnerable to CVE‑2025‑29927, a middleware authorization bypass flaw triggered by the request header:x-middleware-subrequest...
📄 Next.js 13.5.9 Middleware Bypass Scanner
This is an authorization bypass scanner for Next.js versions 13.5.9 and below. A vulnerability exists in the Next.js middleware handling mechanism, where requests containing the "x-middleware-subrequest" header are processed differently compared to normal requests...
Exploit for Improper Authorization in Vercel Next.Js
PoC: CVE-2025-29927 - Next.js Middleware Bypass This reposito...
CVE-2025-64716
A flaw was found in Anubis. This vulnerability allows cross-site scripting XSS via an unvalidated redirect parameter when using subrequest authentication mode...
CVE-2025-64716
Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. Prior to version 1.23.0, when using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most...
CVE-2025-64716 Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode
Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. Prior to version 1.23.0, when using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most...
CVE-2025-64716
CVE-2025-64716 affects the Anubis Web AI Firewall Utility. Prior to version 1.23.0, the subrequest authentication flow did not validate the redirect URL, allowing redirects to arbitrary URL schemes and potentially triggering dangerous behavior (e.g., XSS via redirect parameters) in some contexts....
EUVD-2025-150356
Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. Prior to version 1.23.0, when using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most...
CVE-2025-64716 Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode
Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. Prior to version 1.23.0, when using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most...
CVE-2025-64716 Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode
Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. Prior to version 1.23.0, when using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most...
PT-2025-46775
Name of the Vulnerable Software and Affected Versions Anubis versions prior to 1.23.0 Description Anubis, a Web AI Firewall Utility designed to protect upstream resources from scraper bots, had a flaw in its subrequest authentication process. Before version 1.23.0, the software did not validate t...
kernel: netfs: Fix early read unlock of page with EOF in middle
A race condition flaw was found in the Linux kernel's netfs subsystem. In the netfsreadunlockfolios function, a folio memory page may be unlocked prematurely before the ZERO subrequest completes clearing the tail portion of the page beyond the end-of-file. This allows an application using mmap to...
GO-2025-4086 Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode in github.com/TecharoHQ/anubis
Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode in github.com/TecharoHQ/anubis...
EUVD-2025-37036
Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via the redir parameter when using subrequest authentication mode. An attacker can cause users to be redirected to arbitrary URLs by supplying crafted values to the redir parameter, potentially triggering dangerous...
GHSA-CF57-C578-7JVV Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode
Summary When using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most modern browsers do not allow a redirect to javascript: URLs, it could still trigger dangerous behavior in some cases. GET...
Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode
Summary When using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most modern browsers do not allow a redirect to javascript: URLs, it could still trigger dangerous behavior in some cases. GET...
EUVD-2025-19804
Malicious code in bioql PyPI...
EUVD-2025-9629
Malicious code in bioql PyPI...
Exploit for Improper Authorization in Vercel Next.Js
CVE-2025-29927 — Next.js middleware authorization bypass...