ProjectDiscovery

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)

March 24, 2025

A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web …

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)

October 9, 2024

If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security …

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519)

October 2, 2024

Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations. …

Resources

eBook: Defending Identity Security the Moment It’s Threatened
Webinar: The BAS Summit 2025: Redefining Attack Simulation through AI
Download: Cyber defense guide for the financial sector

Don't miss

Critical Control Web Panel vulnerability is actively exploited (CVE-2025-48703)
18 arrested in €300 million global credit card fraud scheme
PortGPT: How researchers taught an AI to backport security patches automatically
AI can flag the risk, but only humans can close the loop
VulnRisk: Open-source vulnerability risk assessment platform