Researchers have identified a critical vulnerability in the open-source JavaScript framework Next.js, designated CVE-2025-29927, which could allow attackers to bypass authorization in middleware and gain unauthorized access to targeted systems. This vulnerability is currently under active exploitation. Additionally, another serious flaw in NetApp SnapCenter, labeled CVE-2025-26512 with a CVSS score of 9.9, enables authenticated users to escalate their privileges to full admin rights on remote systems. This vulnerability poses a risk to enterprise backup systems widely utilized across various sectors. The Cybersecurity and Infrastructure Security Agency (CISA) has also flagged two older vulnerabilities from 2019 in Sitecore, CVE-2019-9874 and CVE-2019-9875, as actively exploited, highlighting ongoing threats from previously identified flaws. Furthermore, the IngressNightmare exploit chain, including CVE-2025-1974, has been detailed by researchers, indicating a broader concern for security across multiple platforms.