24h | 7d | 30d

CVE-2025-29927

Overview

  • vercel
  • next.js
21 Mar 2025
Published
08 Apr 2025
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
92.06%
KEV

Description

Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.

Statistics

  • 1 Post
Last activity: 19 hours ago

Bluesky

Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 PCPJack : un ver cloud vole des identifiants à grande échelle et évince TeamPCP 📝 ## 🔍 Contexte Publié le 7 mai 2026 par SentinelLABS (Alex Delamott… https://cyberveille.ch/posts/2026-05-08-pcpjack-un-ver-cloud-vole-des-identifiants-a-grande-echelle-et-evince-teampcp/ #CVE_2025_29927 #Cyberveille
  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-39825

Overview

  • Go standard library
  • net/http/httputil
  • net/http/httputil
07 May 2026
Published
08 May 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query "a1=x&a2=x&...&a10000=x&hidden=y" can forward the parameter "hidden=y" while hiding it from the proxy's Rewrite function.

Statistics

  • 1 Post
Last activity: 19 hours ago

Bluesky

Profile picture fallback
Lambda Watchdog @lambdawatchdog.bsky.social
🚨 New UNKNOWN CVE detected in AWS Lambda 🚨 CVE-2026-39825 impacts stdlib in 26 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/500 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-29202

Overview

  • WebPros
  • cPanel
08 May 2026
Published
09 May 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user.

Statistics

  • 2 Posts
Last activity: 15 hours ago

Fediverse

Profile picture fallback
:mastodon: decio @decio

Rien ne dit “bon week-end” comme trois CVE cPanel annoncées un vendredi, avec les détails techniques livrés pile au moment du patch -->c’est-à-dire à 18h, l’heure sacrée de l’apéro.

Santé aux admins qui vont lancer /scripts/upcp avec une main sur le clavier et l’autre sur le verre.
👇
" To help protect customers prior to patch availability, technical details about vulnerabilities will be released alongside the patches. Full technical details will be published on our support page at the same time the patch is released. The CVE IDs are CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203.

Patch & Affected Versions
The patch will be available on May 08 at 12:00pm EST and will be distributed through the standard cPanel automatic update process and through the manual update process. We strongly recommend performing a manual update with /scripts/upcp once the patch is made available. "
👇
reddit.com/r/cpanel/comments/1

  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
BfPVDFUe @openfactory

Unser täglich CVE Emergency patch gib uns heute

CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203

Fun times.

  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-29201

Overview

  • WebPros
  • cPanel
08 May 2026
Published
08 May 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed.

Statistics

  • 2 Posts
Last activity: 15 hours ago

Fediverse

Profile picture fallback
:mastodon: decio @decio

Rien ne dit “bon week-end” comme trois CVE cPanel annoncées un vendredi, avec les détails techniques livrés pile au moment du patch -->c’est-à-dire à 18h, l’heure sacrée de l’apéro.

Santé aux admins qui vont lancer /scripts/upcp avec une main sur le clavier et l’autre sur le verre.
👇
" To help protect customers prior to patch availability, technical details about vulnerabilities will be released alongside the patches. Full technical details will be published on our support page at the same time the patch is released. The CVE IDs are CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203.

Patch & Affected Versions
The patch will be available on May 08 at 12:00pm EST and will be distributed through the standard cPanel automatic update process and through the manual update process. We strongly recommend performing a manual update with /scripts/upcp once the patch is made available. "
👇
reddit.com/r/cpanel/comments/1

  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
BfPVDFUe @openfactory

Unser täglich CVE Emergency patch gib uns heute

CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203

Fun times.

  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-29203

Overview

  • WebPros
  • cPanel
08 May 2026
Published
09 May 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path under their home directory.

Statistics

  • 2 Posts
Last activity: 15 hours ago

Fediverse

Profile picture fallback
:mastodon: decio @decio

Rien ne dit “bon week-end” comme trois CVE cPanel annoncées un vendredi, avec les détails techniques livrés pile au moment du patch -->c’est-à-dire à 18h, l’heure sacrée de l’apéro.

Santé aux admins qui vont lancer /scripts/upcp avec une main sur le clavier et l’autre sur le verre.
👇
" To help protect customers prior to patch availability, technical details about vulnerabilities will be released alongside the patches. Full technical details will be published on our support page at the same time the patch is released. The CVE IDs are CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203.

Patch & Affected Versions
The patch will be available on May 08 at 12:00pm EST and will be distributed through the standard cPanel automatic update process and through the manual update process. We strongly recommend performing a manual update with /scripts/upcp once the patch is made available. "
👇
reddit.com/r/cpanel/comments/1

  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
BfPVDFUe @openfactory

Unser täglich CVE Emergency patch gib uns heute

CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203

Fun times.

  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-44127

Overview

  • SEPPmail AG
  • Secure Email Gateway
08 May 2026
Published
08 May 2026
Updated
CVSS v4.0
HIGH (8.8)
EPSS
Pending
KEV

Description

SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the privileges of the api.app process.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture fallback
nyanbinary @nyanbinary

I don't know what a "SEPPmail Secure Email Gateway" is but I guess neither did the devs? :neobot_giggle:

vulnerability.circl.lu/vuln/cv
vulnerability.circl.lu/vuln/cv
vulnerability.circl.lu/vuln/cv
vulnerability.circl.lu/vuln/cv
vulnerability.circl.lu/vuln/cv

  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-44129

Overview

  • SEPPmail AG
  • Secure Email Gateway
08 May 2026
Published
08 May 2026
Updated
CVSS v4.0
HIGH (8.3)
EPSS
Pending
KEV

Description

SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing remote attackers to execute arbitrary template expressions and potentially achieve remote code execution depending on the enabled template plugins.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture fallback
nyanbinary @nyanbinary

I don't know what a "SEPPmail Secure Email Gateway" is but I guess neither did the devs? :neobot_giggle:

vulnerability.circl.lu/vuln/cv
vulnerability.circl.lu/vuln/cv
vulnerability.circl.lu/vuln/cv
vulnerability.circl.lu/vuln/cv
vulnerability.circl.lu/vuln/cv

  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-44126

Overview

  • SEPPmail AG
  • Secure Email Gateway
08 May 2026
Published
08 May 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
Pending
KEV

Description

SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which can be reached from the new GINA UI and may allow unauthenticated remote attackers to execute code via a crafted serialized object.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture fallback
nyanbinary @nyanbinary

I don't know what a "SEPPmail Secure Email Gateway" is but I guess neither did the devs? :neobot_giggle:

vulnerability.circl.lu/vuln/cv
vulnerability.circl.lu/vuln/cv
vulnerability.circl.lu/vuln/cv
vulnerability.circl.lu/vuln/cv
vulnerability.circl.lu/vuln/cv

  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-44128

Overview

  • SEPPmail AG
  • Secure Email Gateway
08 May 2026
Published
08 May 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture fallback
nyanbinary @nyanbinary

I don't know what a "SEPPmail Secure Email Gateway" is but I guess neither did the devs? :neobot_giggle:

vulnerability.circl.lu/vuln/cv
vulnerability.circl.lu/vuln/cv
vulnerability.circl.lu/vuln/cv
vulnerability.circl.lu/vuln/cv
vulnerability.circl.lu/vuln/cv

  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-44125

Overview

  • SEPPmail AG
  • Secure Email Gateway
08 May 2026
Published
08 May 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture fallback
nyanbinary @nyanbinary

I don't know what a "SEPPmail Secure Email Gateway" is but I guess neither did the devs? :neobot_giggle:

vulnerability.circl.lu/vuln/cv
vulnerability.circl.lu/vuln/cv
vulnerability.circl.lu/vuln/cv
vulnerability.circl.lu/vuln/cv
vulnerability.circl.lu/vuln/cv

  • 0
  • 0
  • 0
  • 15h ago
Showing 51 to 60 of 60 CVEs