The Hacker News10h
CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices
CISA adds Sitecore flaws CVE-2019-9874 and CVE-2019-9875 to KEV amid active exploitation and agency patch mandates.
InfoWorld1d
Warning for developers, web admins: update Next.js to prevent exploit
Vercel recommends that, if patching to a safe version is not feasible, admins should prevent external user requests which ...
The Hacker News2d
Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks
Next.js flaw CVE-2025-29927 bypasses authorization checks in versions 12.3.5 to 15.2.3, risking admin page access.