ProjectDiscovery

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)

March 24, 2025

A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web …

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)

October 9, 2024

If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security …

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519)

October 2, 2024

Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations. …

Resources

Beyond Passwords: A Guide to Advanced Enterprise Security Protection
Webinar: Cloud security made easy with CIS Hardened Images
Download: Edgescan 2025 Vulnerability Statistics Report

Don't miss

300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158
AI Security Map: Linking AI vulnerabilities to real-world impact
How compliance teams can turn AI risk into opportunity
Hottest cybersecurity open-source tools of the month: August 2025
What CISOs can learn from Doppel’s new AI-driven social engineering simulation