Linux Distros Unpatched Vulnerability : CVE-2026-44573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n...

Next.js Framework 12.2.x < 15.5.16 / 16.x < 16.2.5 Information Disclosure

The Next.js Framework on the remote host is affected by an information disclosure vulnerability: - Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /next/data//.json requests...

PT-2026-39412

Name of the Vulnerable Software and Affected Versions Next.js versions 13.0.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description Applications using beforeInteractive scripts combined with untrusted content are susceptible to cross-site scripting XSS, a flaw where malicious scripts...

PT-2026-39411

Name of the Vulnerable Software and Affected Versions Next.js versions prior to 15.5.16 Next.js versions prior to 16.2.5 Description Applications utilizing Partial Prerendering via the Cache Components feature are susceptible to connection exhaustion. A crafted POST request to a server action can...

CVE-2026-44573

creationtimestamp| type| source ---|---|--- 2026-05-08 12:09:44+00:00| seen| https://www.acn.gov.it/portale/w/next.js-aggiornamenti-di-sicurezza-1 2026-05-11 06:42:58+00:00| published-proof-of-concept| https://t.me/htfgtps/1107 2026-06-05 13:43:59+00:00| seen|...