CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

Linux Distros Unpatched Vulnerability : CVE-2026-44573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n...

7.5CVSS5.8AI score0.00052EPSS

Exploits1References2

Tenable Nessus•added 2026/05/15 12:0 a.m.•4 views

Next.js Framework 12.2.x < 15.5.16 / 16.x < 16.2.5 Information Disclosure

The Next.js Framework on the remote host is affected by an information disclosure vulnerability: - Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /next/data//.json requests...

7.5CVSS5.8AI score0.00052EPSS

Exploits1References2

Positive Technologies•added 2026/05/09 12:0 a.m.•5 views

PT-2026-39417

Name of the Vulnerable Software and Affected Versions Next.js versions 12.2.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description An external client can send an x-nextjs-data header on a request to a path handled by middleware that returns a redirect. This causes the middleware or...

3.7CVSS5.8AI score0.00008EPSS

Exploits0References8

Positive Technologies•added 2026/05/09 12:0 a.m.•5 views

PT-2026-39418

Name of the Vulnerable Software and Affected Versions Next.js versions 14.2.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description Applications using React Server Components RSC are susceptible to cache poisoning when shared caches fail to correctly partition response variants. An...

5.4CVSS5.8AI score0.00016EPSS

Exploits0References8

Positive Technologies•added 2026/05/09 12:0 a.m.•6 views

PT-2026-39412

Name of the Vulnerable Software and Affected Versions Next.js versions 13.0.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description Applications using beforeInteractive scripts combined with untrusted content are susceptible to cross-site scripting XSS, a flaw where malicious scripts...

6.1CVSS5.8AI score0.00012EPSS

Exploits0References9

Positive Technologies•added 2026/05/09 12:0 a.m.•5 views

PT-2026-39411

Impact Applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In affected configurations, a malicious request can trigger a request-body handling deadlock that leaves connections ope...

7.5CVSS5.8AI score0.00019EPSS

Exploits1References10

Circl•added 2026/05/08 12:9 p.m.•6 views

CVE-2026-44573

creationtimestamp| type| source ---|---|--- 2026-05-08 12:09:44+00:00| seen| https://www.acn.gov.it/portale/w/next.js-aggiornamenti-di-sicurezza-1 2026-05-11 06:42:58+00:00| published-proof-of-concept| https://t.me/htfgtps/1107 2026-06-05 13:43:59+00:00| seen|...

7.5CVSS5.3AI score0.00052EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-44573

Malicious code in bioql PyPI...

5.5CVSS7.2AI score0.0001EPSS

Exploits0References4

Circl•added 2024/09/11 7:32 p.m.•0 views

CVE-2024-44573

creationtimestamp| type| source ---|---|--- 2024-09-11 19:32:39+00:00| seen| https://t.me/cvedetector/5394...

4.7CVSS4.8AI score0.0013EPSS

Exploits0References1

RedhatCVE•added 2022/02/22 4:20 a.m.•31 views

CVE-2021-44573

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3200 Reason: This candidate is a duplicate of CVE-2021-3200. Notes: All CVE users should reference CVE-2021-3200 instead of this candidate. Al...

4.3CVSS6.7AI score0.00033EPSS

Exploits1References3