Skip to main content
CVE-2025-29927 CRITICAL POC PATCH THREAT Act Now

Next.js versions 1.11.4 through 15.2.2 contain a critical middleware authorization bypass via the x-middleware-subrequest header. Attackers can send crafted requests that skip middleware entirely, bypassing authentication, authorization, and security headers enforced at the middleware layer.

Authentication Bypass Red Hat Next.js Vercel
NVD GitHub Exploit-DB
CVSS 3.1
9.1
EPSS
93.0%
Threat
6.1
CVE-2025-29814 CRITICAL Act Now

Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.9% and no vendor patch available.

Microsoft Information Disclosure Partner Center
NVD
CVSS 3.1
9.3
EPSS
18.9%
CVE-2024-53351 CRITICAL PATCH Act Now

Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Pipecd Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy