FlagThis

A critical relative path traversal vulnerability (CVE-2024-52012) in Apache Solr for Windows allows arbitrary file path write access via the ‘configset upload’ API. Additionally, a medium severity vulnerability (CVE-2025-24814) allows users to replace trusted configset files with arbitrary configurations. These flaws require immediate patching to prevent attackers from writing or altering files on the system. Organizations need to prioritize patching their Apache Solr instances. The lack of input sanitization and insecure file handling exposes significant security risks.

A high-severity authorization bypass vulnerability (CVE-2024-51479) has been discovered in Next.js, a widely used React framework. This flaw allows unauthorized access to certain pages directly under the application’s root directory, bypassing middleware-based authorization checks. The vulnerability affects versions from 9.5.5 up to 14.2.14. It requires immediate patching to version 14.2.15 to mitigate the risk.

Multiple critical vulnerabilities have been discovered in Fortinet’s products including FortiWLM and FortiClient EMS. These vulnerabilities, including path traversal and SQL injection flaws, allow attackers to execute arbitrary code and access sensitive data. Exploitation of these vulnerabilities can lead to complete system compromise highlighting the need for immediate patching and proper vulnerability management.

A critical path traversal vulnerability (CVE-2023-34990) has been identified in FortiWLM, allowing unauthenticated attackers to access sensitive files. Additionally, a separate authorization bypass (CVE-2024-51479) has been discovered in Next.js. Both vulnerabilities permit unauthorized actions, including potential code execution. Users are advised to patch their systems immediately to mitigate these serious risks which have been actively exploited in the wild.