ProjectDiscovery

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)

March 24, 2025

A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web …

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)

October 9, 2024

If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security …

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519)

October 2, 2024

Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations. …

Resources

Webinar: The BAS Summit 2025: Redefining Attack Simulation through AI
Download: Cyber defense guide for the financial sector
Webinar: Why AI and SaaS are now the same attack surface

Don't miss

Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352)
Microsoft revokes 200 certs used to sign malicious Teams installers
A new approach to blockchain spam: Local reputation over global rules
SAP zero-day wake-up call: Why ERP systems need a unified defense
“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253)