2024-12-27 08:11:13 Pacfic
Next.js Authorization Bypass Exposes Root Pages - 7d
A high-severity authorization bypass vulnerability (CVE-2024-51479) has been discovered in Next.js, a widely used React framework. This flaw allows unauthorized access to certain pages directly under the application’s root directory, bypassing middleware-based authorization checks. The vulnerability affects versions from 9.5.5 up to 14.2.14. It requires immediate patching to version 14.2.15 to mitigate the risk.
Fortinet Flaws Allow Remote Code Execution - 7d
Multiple critical vulnerabilities have been discovered in Fortinet’s products including FortiWLM and FortiClient EMS. These vulnerabilities, including path traversal and SQL injection flaws, allow attackers to execute arbitrary code and access sensitive data. Exploitation of these vulnerabilities can lead to complete system compromise highlighting the need for immediate patching and proper vulnerability management.
FortiWLM Path Traversal and Next.js Auth Bypass - 7d
A critical path traversal vulnerability (CVE-2023-34990) has been identified in FortiWLM, allowing unauthenticated attackers to access sensitive files. Additionally, a separate authorization bypass (CVE-2024-51479) has been discovered in Next.js. Both vulnerabilities permit unauthorized actions, including potential code execution. Users are advised to patch their systems immediately to mitigate these serious risks which have been actively exploited in the wild.