ProjectDiscovery

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)

March 24, 2025

A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web …

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)

October 9, 2024

If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security …

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519)

October 2, 2024

Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations. …

Resources

Report: Fortune 500 employee-linked account exposure
Report: The State of Secrets Sprawl 2025
eBook: What does it take to be a full-fledged virtual CISO?
Whitepaper: Securing GenAI

Don't miss

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)
Android financial threats: What businesses need to know to protect themselves and their customers
Post-quantum cryptography and the future of online safety
How to manage and protect your biometric data
UK NCSC offers security guidance for domain and DNS registrars