Lucene search
K

103 matches found

Github Security Blog
Github Security Blog
added 2025/12/03 7:7 p.m.40 views

Next.js is vulnerable to RCE in React flight protocol

A vulnerability affects certain React packages1 for versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55182. Fixed in: React: 19.0.1, 19.1.2, 19.2.1 Next.js:...

10CVSS7.7AI score0.99562EPSS
Exploits374References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.26 views

Next.js Framework React Server Components Remote Code Execution (CVE-2025-55182)

The Next.js Framework on the remote host is affected by a remote code execution vulnerability: - A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel,...

10CVSS7.5AI score0.99562EPSS
Exploits388References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 1:11 p.m.11 views

Security Bulletin: IBM Security QRadar Network Threat Analytics app for IBM QRadar SIEM includes a component with known vulnerabilities (CVE-2025-29927 & CVE-2025-48068)

Summary The product includes a vulnerable component e.g., framework library that may be identified and exploited with automated tools. IBM Security QRadar Network Threat Analytics app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-29927 DESCRIPTION:...

9.1CVSS7.4AI score0.99301EPSS
Exploits58Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-16359

Malicious code in bioql PyPI...

4.3CVSS9AI score0.00166EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/01 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-48068

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may...

4.3CVSS8AI score0.00166EPSS
Exploits0References2
OSV
OSV
added 2025/07/03 8:30 p.m.6 views

GHSA-R2FC-CCR8-96C4 Next.js has a Cache poisoning vulnerability due to omission of the Vary header

Summary A cache poisoning issue in Next.js App Router =15.3.0 and 15.3.3 may have allowed RSC payloads to be cached and served in place of HTML, under specific conditions involving middleware and redirects. This issue has been fixed in Next.js 15.3.3. Users on affected versions should upgrade...

3.7CVSS6.9AI score0.00403EPSS
Exploits1References8
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-46982

Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce...

7.5CVSS5.8AI score0.58768EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/30 11:52 a.m.14 views

CVE-2025-48068

A flaw was found in Next.js. This vulnerability allows limited source code exposure via visiting a malicious webpage while the development server is running with the App Router enabled. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the...

4.3CVSS6.7AI score0.00166EPSS
Exploits0References5
NVD
NVD
added 2025/05/30 4:15 a.m.14 views

CVE-2025-48068

Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects...

4.3CVSS0.00166EPSS
Exploits0References2
CVE
CVE
added 2025/05/30 3:37 a.m.119 views

CVE-2025-48068

CVE-2025-48068 affects Next.js up to versions before 14.2.30 and before 15.2.2, where the dev server with App Router enabled could expose limited source code when a user visits a malicious page while npm run dev is active. The issue is restricted to local development environments and has been pat...

4.3CVSS4.5AI score0.00166EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/05/30 3:37 a.m.36 views

CVE-2025-48068 Information exposure in Next.js dev server due to lack of origin verification

Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects...

2.3CVSS0.00166EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/30 12:0 a.m.15 views

Next.js 安全漏洞

Next.js is a React framework open-sourced by Vercel. A security vulnerability exists in versions of Next.js prior to 13.0 through 15.2.2, which stems from a possible source code leak when the App Router is enabled on the development server...

4.3CVSS8.9AI score0.00166EPSS
Exploits0References3
OSV
OSV
added 2025/05/28 9:52 p.m.2 views

GHSA-3H52-269P-CP9R Information exposure in Next.js dev server due to lack of origin verification

Summary A low-severity vulnerability in Next.js has been fixed in version 15.2.2. This issue may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects local development environments and requires the user to visit a...

2.3CVSS6.5AI score0.00166EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/05/28 9:52 p.m.58 views

Information exposure in Next.js dev server due to lack of origin verification

Summary A low-severity vulnerability in Next.js has been fixed in version 15.2.2. This issue may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects local development environments and requires the user to visit a...

4.3CVSS4.5AI score0.00166EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/28 12:0 a.m.7 views

PT-2025-23134 · Next.Js · Next.Js

Name of the Vulnerable Software and Affected Versions: Next.js versions 13.0 through 15.2.2 Description: Next.js is a React framework for building full-stack web applications. In affected versions, Next.js may have allowed limited source code exposure when the dev server was running with the App...

2.3CVSS6.3AI score0.00166EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/02/05 7:22 a.m.9 views

CVE-2024-23841

apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input e.g. by redirecting...

8.2CVSS7.8AI score0.00385EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/19 10:52 a.m.4 views

Malicious code in nextjs-app-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1be3a353ab6fd3d56d1698543312d483fa52ee3aa1fbc09c0d9efbf8c6b99e33 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2024/12/19 10:52 a.m.5 views

MAL-2024-12010 Malicious code in nextjs-app-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1be3a353ab6fd3d56d1698543312d483fa52ee3aa1fbc09c0d9efbf8c6b99e33 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/30 5:14 p.m.4 views

CVE-2024-23841 XSS in @apollo/experimental-nextjs-app-support

apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input e.g. by redirecting...

8.2CVSS6.4AI score0.00385EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/01/12 8:27 p.m.34 views

@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)

Impact Unauthorized access or privilege escalation due to a logic flaw in auth in the App Router or getAuth in the Pages Router. Affected Versions All applications that that use @clerk/nextjs versions in the range of = 4.7.0, 4.29.3 in a Next.js backend to authenticate API Routes, App Router, or...

9.8CVSS7.3AI score0.00682EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder