{"uuid": "37a899be-ea56-4dd8-9918-ed4a76f41e54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29927", "type": "exploited", "source": "https://t.me/thehackernews/6564", "content": "\ud83d\udc40 6-year-old bugs are back\u2014and being weaponized.\n\nCISA just flagged two 2019 Sitecore RCE flaws (CVE-2019-9874 & 9875) as actively exploited.\n\nBut it doesn\u2019t stop there:\n\u27a1\ufe0f Next.js auth bypass (CVE-2025-29927) is under live attack\n\u27a1\ufe0f DrayTek routers face fresh waves targeting old RCE/LFI bugs.\n\n\ud83d\udd17 Details: https://thehackernews.com/2025/03/cisa-flags-two-six-year-old-sitecore.html\n\nOld CVEs. New exploits. Patch now.", "creation_timestamp": "2025-03-27T07:26:21.000000Z"}