Lucene search
K

103 matches found

Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.6 views

PT-2026-26681

Name of the Vulnerable Software and Affected Versions Effect versions prior to 3.20.0 @effect/rpc versions prior to 0.72.1 @effect/platform versions prior to 0.94.2 Description Effect is a TypeScript framework used for building TypeScript applications. A flaw exists in versions prior to 3.20.0,...

7.4CVSS5.9AI score0.0027EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/03/18 8:54 p.m.6 views

CVE-2026-27979

A denial of service flaw has been discovered in Next.js. A request containing the next-resume: 1 header corresponding with a PPR resume request would buffer request bodies without consistently enforcing maxPostponedStateSize in certain setups. The previous mitigation protected minimal-mode...

7.5CVSS5.7AI score0.00483EPSS
Exploits0References6
NVD
NVD
added 2026/03/18 1:16 a.m.4 views

CVE-2026-27979

Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, a request containing the next-resume: 1 header corresponding with a PPR resume request would buffer request bodies without consistently enforcing maxPostponedStateSize in...

7.5CVSS0.00483EPSS
Exploits0References3
OSV
OSV
added 2026/03/18 12:13 a.m.6 views

CVE-2026-27979 Next.js: Unbounded postponed resume buffering can lead to DoS

Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, a request containing the next-resume: 1 header corresponding with a PPR resume request would buffer request bodies without consistently enforcing maxPostponedStateSize in...

6.9CVSS6AI score0.00483EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/18 12:13 a.m.4 views

CVE-2026-27979

Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, a request containing the next-resume: 1 header corresponding with a PPR resume request would buffer request bodies without consistently enforcing maxPostponedStateSize in...

6.9CVSS5.9AI score0.00483EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/18 12:13 a.m.27 views

CVE-2026-27979

Next.js CVE-2026-27979 affects Next.js 16.0.1 through 16.1.6 in non-minimal deployments with Partial Prerendering enabled. A request containing the next-resume: 1 header can cause unbounded postponed-body buffering, consuming memory and enabling DoS. The issue is fixed in 16.1.7 by enforcing size...

7.5CVSS5.9AI score0.00483EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/18 12:13 a.m.3 views

CVE-2026-27979 Next.js: Unbounded postponed resume buffering can lead to DoS

Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, a request containing the next-resume: 1 header corresponding with a PPR resume request would buffer request bodies without consistently enforcing maxPostponedStateSize in...

6.9CVSS5.9AI score0.00483EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/17 4:16 p.m.11 views

Next.js: Unbounded postponed resume buffering can lead to DoS

Summary A request containing the next-resume: 1 header corresponding with a PPR resume request would buffer request bodies without consistently enforcing maxPostponedStateSize in certain setups. The previous mitigation protected minimal-mode deployments, but equivalent non-minimal deployments...

7.5CVSS5.9AI score0.00483EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.12 views

PT-2026-25969

Name of the Vulnerable Software and Affected Versions Next.js versions 16.0.1 through 16.1.6 Description Next.js, a React framework for building full-stack web applications, is affected by an issue where requests containing the next-resume: 1 header can lead to excessive memory usage and potentia...

7.8CVSS5.7AI score0.00483EPSS
Exploits0References14
GithubExploit
GithubExploit
added 2026/02/03 2:2 p.m.174 views

Exploit for Deserialization of Untrusted Data in Facebook React

RSC Sentinel CVE-2025-55182 Next.js / React Server Components...

10CVSS5.7AI score0.99562EPSS
Exploits374
OSV
OSV
added 2026/01/28 3:38 p.m.3 views

GHSA-H25M-26QC-WCJF Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components

A vulnerability affects certain React Server Components packages for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23864. A specially crafted HTTP...

7.5CVSS5.9AI score0.02499EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/01/28 3:38 p.m.102 views

Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components

A vulnerability affects certain React Server Components packages for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23864. A specially crafted HTTP...

7.5CVSS5.9AI score0.02499EPSS
Exploits0References5Affected Software1
GithubExploit
GithubExploit
added 2025/12/31 2:20 p.m.246 views

Exploit for Deserialization of Untrusted Data in Facebook React

CyberSec Blog CTF - React2Shell PoC Ce dépôt fournit un envir...

10CVSS7.2AI score0.99562EPSS
Exploits388
Snyk
Snyk
added 2025/12/30 4:12 p.m.2 views

Malicious Package

Overview shopify-app-react-router is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/12/30 4:12 p.m.5 views

MAL-2025-192977 Malicious code in shopify-app-react-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d58b68abe183faeee5b24e4b524d982d1c78881c8d0c48dd847411bf8fc087e6 The package shopify-app-react-router was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References1
GithubExploit
GithubExploit
added 2025/12/17 6:0 p.m.158 views

Exploit for Deserialization of Untrusted Data in Facebook React

🚨 NextRce — CVE-2025-55182 Next.js / React Server Components...

10CVSS8.2AI score0.99562EPSS
Exploits374
RedhatCVE
RedhatCVE
added 2025/12/17 5:1 p.m.6 views

CVE-2025-68130

tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router...

8.5CVSS7.1AI score0.00357EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/12/17 12:45 a.m.229 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell PoC This repository provides a minimal intentiona...

10CVSS8AI score0.99562EPSS
Exploits395
Github Security Blog
Github Security Blog
added 2025/12/16 7:37 p.m.8 views

tRPC has possible prototype pollution in `experimental_nextAppDirCaller`

Note that this vulnerability is only present when using experimentalcaller / experimentalnextAppDirCaller. Summary A Prototype Pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router adapter. An attacker can pollute Object.prototype by...

8.5CVSS7AI score0.00357EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/12/16 5:16 p.m.5 views

CVE-2025-68130

tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router...

8.5CVSS0.00357EPSS
Exploits0References1
Rows per page
Query Builder