Recherche : [projectdiscovery]

CrushFTP Authentication Bypass - CVE-2025-2825 https://projectdiscovery.io/blog/crushftp-authentication-bypass

01/04/2025 09:49:24

Enterprise file transfer solutions are critical infrastructure for many organizations, facilitating secure data exchange between systems and users. CrushFTP, a widely used multi-protocol file transfer server, offers an extensive feature set including Amazon S3-compatible API access. However, a critical vulnerability (CVE-2025-2825) was discovered in versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 that allows unauthenticated attackers to bypass authentication and gain unauthorized access

CVE-2025-29927: Next.js Middleware Authorization Bypass https://projectdiscovery.io/blog/nextjs-middleware-authorization-bypass

27/03/2025 08:44:44

Next.js is an open-source web framework built by Vercel that powers React-based apps with features like server-side and static rendering. Recently, a critical vulnerability (CVE) was disclosed that lets attackers bypass middleware-based authorization checks. The issue was originally discovered and analyzed by Rachid Allam (zhero). In this blog, we’ll break down the vulnerability and walk through their research and will create a Nuclei template to help you detect it across your assets.

GameOver(lay) - Local Privilege Escalation in Ubuntu Kernel https://blog.projectdiscovery.io/gameover-lay-local-privilege-escalation-in-ubuntu-kernel/#:~:text=GameOver%20,of%20Ubuntu%20users

14/11/2023 10:33:20

GameOver(lay) encompasses two significant vulnerabilities within the Ubuntu kernel, CVE-2023-2640, and CVE-2023-32629, each carrying a high-severity rating with CVSS scores of 7.8. These vulnerabilities pose a critical threat, potentially affecting around 40% of Ubuntu users. The vulnerability lies within the OverlayFS module of the Ubuntu kernel, enabling a

Liens par page

Filtres