Web
Hey folks, gather 'round the virtual campfire! Today, we're diving into CVE-2025-43859, a sneaky vulnerability lurking in older versions of h11, a popular Python library for handling HTTP/1.1. While it might seem like a minor parsing quirk at first glance, this bug can team up
Web
Executive Summary CVE-2025-29927 is a critical vulnerability affecting Next.js applications that utilize middleware for authorization. This vulnerability allows attackers to bypass authorization checks by manipulating the x-middleware-subrequest header in HTTP requests. Successful exploitation can lead to unauthorized access to protected routes and resources. The vulnerability is fixed in Next.
Web
Executive Summary CVE-2025-29914 describes a vulnerability in OWASP Coraza Web Application Firewall (WAF) versions prior to 3.3.3. This vulnerability arises from a parser confusion issue when handling URIs that begin with double slashes (//). Due to this confusion, the REQUEST_FILENAME variable, which is crucial for rule matching, is
Web
Executive Summary CVE-2025-29771 is a cross-site scripting (XSS) vulnerability affecting versions of the HtmlSanitizer library prior to 2.0.3. HtmlSanitizer is a JavaScript library used to sanitize HTML content, often employed in scenarios where user-generated content is rendered in web applications. The vulnerability arises when the library is used
Web
CVE-2025-26936 is a critical code injection vulnerability (CWE-94: Improper Control of Generation of Code) affecting the Fresh Framework WordPress plugin, versions up to and including 1.70.0. This vulnerability allows unauthenticated attackers to execute arbitrary code remotely on a target system, potentially leading to full compromise of the affected