Please turn on your JavaScript for this page to function normally.
ProjectDiscovery

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)
A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web …

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)
If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security …

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519)
Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations. …
Featured news
Resources
Don't miss
- 300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158
- AI Security Map: Linking AI vulnerabilities to real-world impact
- How compliance teams can turn AI risk into opportunity
- Hottest cybersecurity open-source tools of the month: August 2025
- What CISOs can learn from Doppel’s new AI-driven social engineering simulation