16 matches found
ROOT-APP-NPM-CVE-2026-44575 CVE-2026-44575 in @rootio/next - Patched by Root
Root has patched CVE-2026-44575 in the @rootio/next package for Root:npm. Multiple fixed versions available...
CVE-2026-44575 vulnerabilities
Vulnerabilities for packages: keep...
Next.js 安全漏洞
Next.js is a React framework open source by Vercel. There were security vulnerabilities in versions of Next.js from 15.2.0 to 15.5.18, and also in version 16.2.6. These vulnerabilities stemmed from failing to apply the corrections for CVE-2026-44575 when using the Turbopack-based middleware.ts...
Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up
Impact It was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. Refer to CVE-2026-44575 for further details. References - CVE CVE-2026-44575...
PT-2026-39417
Name of the Vulnerable Software and Affected Versions Next.js versions 12.2.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description An external client can send an x-nextjs-data header on a request to a path handled by middleware that returns a redirect. This causes the middleware or...
PT-2026-39418
Name of the Vulnerable Software and Affected Versions Next.js versions 14.2.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description Applications using React Server Components RSC are susceptible to cache poisoning when shared caches fail to correctly partition response variants. An...
PT-2026-39412
Name of the Vulnerable Software and Affected Versions Next.js versions 13.0.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description Applications using beforeInteractive scripts combined with untrusted content are susceptible to cross-site scripting XSS, a flaw where malicious scripts...
PT-2026-39411
Impact Applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In affected configurations, a malicious request can trigger a request-body handling deadlock that leaves connections ope...
CVE-2026-44575
creationtimestamp| type| source ---|---|--- 2026-05-08 12:09:44+00:00| seen| https://www.acn.gov.it/portale/w/next.js-aggiornamenti-di-sicurezza-1 2026-05-11 06:42:58+00:00| published-proof-of-concept| https://t.me/htfgtps/1107 2026-05-27 04:39:56+00:00| seen|...
EUVD-2025-44575
Malicious code in wati-martabak36-sukiwir npm...
CVE-2024-44575
RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...
CVE-2022-44575
creationtimestamp| type| source ---|---|--- 2025-04-22 04:03:17+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12793...
CVE-2024-44575
creationtimestamp| type| source ---|---|--- 2024-09-11 19:32:44+00:00| seen| https://t.me/cvedetector/5397...
CVE-2022-44575
Siemens PLM Help Server V4.2 (all versions) is affected by a reflected cross-site scripting (XSS) vulnerability in the web interface. Root cause: improper neutralization of input (CWE-79) leading to the execution of malicious JavaScript when a user is tricked into clicking a crafted link. CVSS v3...
CVE-2021-44575
...
CVE-2021-44575
This CVE entry is rejected/not used and does not represent an active vulnerability.