99 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-30218
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which...
Linux Distros Unpatched Vulnerability : CVE-2024-42256
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: cifs: Fix server re-repick on subrequest retry When a subrequest is marked for needing retry...
Exploit for CVE-2025-29927
CVE‑2025‑29927 – Next.js Middleware Authorization Bypass O...
SUSE CVE-2025-38139
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix oops in write-retry from mis-resetting the subreq iterator Fix the resetting of the subrequest iterator in netfsretrywritestream to use the iterator-reset function as the iterator may have been shortened by a previous...
DEBIAN-CVE-2025-38139
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix oops in write-retry from mis-resetting the subreq iterator Fix the resetting of the subrequest iterator in netfsretrywritestream to use the iterator-reset function as the iterator may have been shortened by a previous...
UBUNTU-CVE-2025-38139
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix oops in write-retry from mis-resetting the subreq iterator Fix the resetting of the subrequest iterator in netfsretrywritestream to use the iterator-reset function as the iterator may have been shortened by a previous...
CVE-2025-38139 netfs: Fix oops in write-retry from mis-resetting the subreq iterator
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix oops in write-retry from mis-resetting the subreq iterator Fix the resetting of the subrequest iterator in netfsretrywritestream to use the iterator-reset function as the iterator may have been shortened by a previous...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from netfs not properly resetting the subrequest iterator, which could lead to out-of-bounds reads...
The vulnerability of the Next.js software platform for creating web applications lies in the insufficient protection of sensitive data, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the Next.js web application development software platform is related to the transfer of the x-middleware-subrequest-id parameter to external hosts. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...
CVE-2020-11724
An issue was discovered in OpenResty before 1.15.8.4. ngxhttpluasubrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API...
PT-2025-27725
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0-rc6-syzkaller-00052-g9f35e33144ae Description: A vulnerability in the Linux kernel has been resolved, related to the resetting of the subrequest iterator in netfs retry write stream. The issue occurs when...
Exploit for CVE-2025-29927
CVE-2025-29927 CVE-2025-29927: Next.js Middleware Bypass Vulne...
GHSA-223J-4RM8-MRMF Next.js may leak x-middleware-subrequest-id to external hosts
Summary In the process of remediating CVE-2025-29927, we looked at other possible exploits of Middleware. We independently verified this low severity vulnerability in parallel with two reports from independent researchers. Learn more here. Credit Thank you to Jinseo Kim kjsman and RyotaK GMO Flat...
Next.js may leak x-middleware-subrequest-id to external hosts
Summary In the process of remediating CVE-2025-29927, we looked at other possible exploits of Middleware. We independently verified this low severity vulnerability in parallel with two reports from independent researchers. Learn more here. Credit Thank you to Jinseo Kim kjsman and RyotaK GMO Flat...
CVE-2025-30218
Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host ...
CVE-2025-30218 Next.js may leak x-middleware-subrequest-id to external hosts
Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host ...
CVE-2025-30218 Next.js may leak x-middleware-subrequest-id to external hosts
Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host ...
CVE-2025-30218
Next.js (React framework) contains a vulnerability where x-middleware-subrequest-id is exposed to third-party destinations when a fetch to a different host occurs inside Middleware. Root cause: subrequest-id validation persisted across requests whereas destinations can differ, allowing informatio...
Vulnerability fixed in Next.js
Vercel has fixed a vulnerability in Next.js Specific to versions 14.2.25 and 15.2.3 Next.js is a popular framework for developing Web applications. The vulnerability is in the way Next.js handles authentication checks in its own middleware. This allows malicious actors to bypass these controls,...
Exploit for CVE-2025-29927
CVE-2025-29927: Next.js Middleware Bypass PoC Overview This...