8218 matches found
CVE-2026-44573 Next.js: Middleware / Proxy bypass in Pages Router applications using i18n
Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less...
CVE-2026-44573
Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less...
CVE-2026-44573 Next.js: Middleware / Proxy bypass in Pages Router applications using i18n
Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less...
CVE-2026-44573
CVE-2026-44573 affects Next.js (Pages Router with i18n). From 12.2.0 up to but not including 15.5.16 and 16.2.5, middleware/proxy-based authorization can be bypassed for locale-less /_next/data//.json requests, allowing retrieval of SSR JSON for protected pages without authorization checks. The u...
CVE-2026-44457
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...
CVE-2026-44572
Summary of CVE-2026-44572 (Next.js): Affects Next.js versions 12.2.0 to just before 15.5.16 and 16.2.5. An external client could send the x-nextjs-data header on a normal request to a path handled by middleware that returns a redirect. The middleware could treat this as a data request and replace...
CVE-2026-44572 Next.js: Middleware / Proxy redirects can be cache-poisoned
Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data header on a normal request to a path handled by middleware that returns a redirect. When that happened, the middleware/proxy could treat t...
CVE-2026-44572 Next.js: Middleware / Proxy redirects can be cache-poisoned
Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data header on a normal request to a path handled by middleware that returns a redirect. When that happened, the middleware/proxy could treat t...
CVE-2026-44457 Hono: Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...
CVE-2026-44457 Hono: Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...
CVE-2026-44457
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...
CVE-2026-44457
CVE-2026-44457 affects Hono's Cache Middleware prior to v4.12.18, which does not skip caching for responses with Vary: Authorization or Vary: Cookie. This can allow a response cached for one authenticated user to be served to other users, leaking per-user data. The issue is fixed in v4.12.18. Rem...
Next.js 安全漏洞
Next.js is a React framework open source by Vercel. Versions of Next.js from 15.4.0 to 15.5.16, as well as versions before 16.2.5, have security vulnerabilities. These vulnerabilities arise from the use of middleware that protects dynamic routes. In this scenario, specially crafted query paramete...
Next.js 安全漏洞
Next.js is a React framework open source by Vercel. Versions of Next.js from 12.2.0 to 15.5.16, as well as versions before 16.2.5, have security vulnerabilities. These vulnerabilities arise from using the Pages Router and when configuring i18n and middleware or proxy authorization. In these cases...
Next.js 安全漏洞
Next.js is a React framework open source by Vercel. Versions of Next.js from 15.2.0 to 15.5.16, as well as versions before 16.2.5, have security vulnerabilities. These vulnerabilities arise when the App Router relies on middleware or proxy authorization checks. Specific route variants are used fo...
Flight 安全漏洞
Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained security vulnerabilities. These vulnerabilities stemmed from the unconditional acceptance of the X-HTTP-Method-Override header and the$REQUESTmethod parameter by the Request::getMethod method. This...
Hono 安全漏洞
Hono is a web framework built in TypeScript for the Hono community. Versions of Hono prior to 4.12.18 contained security vulnerabilities. These vulnerabilities stemmed from the caching middleware not skipping the caching of responses that declared differences per user. This could result in cached...
Next.js 安全漏洞
Next.js is a React framework open source by Vercel. There were security vulnerabilities in versions of Next.js from 15.2.0 to 15.5.18, and also in version 16.2.6. These vulnerabilities stemmed from failing to apply the corrections for CVE-2026-44575 when using the Turbopack-based middleware.ts...
NPM: SillyTavern has a SSRF vulnerability in the CORS proxy middleware
NPM: SillyTavern has a SSRF vulnerability in the CORS proxy middleware discovered by ? in WordPress Npm sillytavern versions = 1.17.0...
NPM: SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware
NPM: SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware discovered by ? in WordPress Npm sillytavern versions = 1.17.0...