Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes

Impact App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment prefetching. In affected configurations, specially crafted .rsc and segment-prefetch URLs can resolve to the same...

NPM: Next.js has a Middleware / Proxy bypass through dynamic route parameter injection

NPM: Next.js has a Middleware / Proxy bypass through dynamic route parameter injection vulnerability discovered by ? in WordPress Npm next versions = 15.4.0, 15.5.16...

Next.js has a Middleware / Proxy bypass through dynamic route parameter injection

Impact Applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the dynamic route value seen by the page while leaving the visible path unchanged, which can allow protected conte...

NPM: Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n

NPM: Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n vulnerability discovered by ? in WordPress Npm next versions = 12.2.0, 15.5.16...

Incorrect Authorization

Overview next is a react framework. Affected versions of this package are vulnerable to Incorrect Authorization in the /next/data//.json route when i18n is configured and authorization is enforced via middleware or proxy. An attacker can gain unauthorized access to sensitive server-side-rendered...

Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n

Impact Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /next/data//.json requests. In affected configurations, middleware does not run for the unprefixed data route, allowing...

PT-2026-39756

A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is...

Inkeep Agents 授权问题漏洞

Inkeep Agents is an open-source tool developed by Inkeep, designed for building AI agents that support visual drag-and-drop operations and TypeScript SDKs. Version 0.58.14 of Inkeep Agents contains a vulnerability related to authorization. This vulnerability originates from the createDevContext...

CVE-2026-45179

Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' IP addresses may be leaked. Since version 0.9.0, the IP address is no...

CVE-2026-45179

Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' IP addresses may be leaked. Since version 0.9.0, the IP address is no...

EUVD-2026-28995

Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' IP addresses may be leaked. Since version 0.9.0, the IP address is no...

CVE-2026-45179 Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses

Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' IP addresses may be leaked. Since version 0.9.0, the IP address is no...

CVE-2026-45179 Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses

Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' IP addresses may be leaked. Since version 0.9.0, the IP address is no...

CVE-2026-45179

CVE-2026-45179 affects Plack::Middleware::Statsd for Perl, with versions before 0.9.0 potentially leaking user IP addresses if the statsd channel is not secured (e.g., UDP to a different network). Since 0.9.0, IPs are no longer logged unless configured; when configured, an HMAC signature of the I...

Plack::Middleware::Statsd 安全漏洞

Plack::Middleware::Statsd is a middleware component for logging web request metrics and sending them to a statistics system by Robert Rothenberg, an individual developer. A security vulnerability exists in Plack::Middleware::Statsd prior to version 0.9.0, which stems from an unencrypted...

PT-2026-39533

Name of the Vulnerable Software and Affected Versions Plack::Middleware::Statsd versions prior to 0.9.0 Description Plack::Middleware::Statsd for Perl may leak user IP addresses. This occurs if the communication channel to the statsd daemon is not secured, such as when sending UDP packets to a ho...

Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

Summary Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be served to subsequent requests from different users. Details The Cache Middleware skips caching when...

NPM: Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

NPM: Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage vulnerability discovered by ? in WordPress Npm hono versions 4.12.18...

Use of Cache Containing Sensitive Information

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information through the cache process in the cache middleware. An attacker can cause responses to be cached or served incorrectly by sending requests tha...

GHSA-P77W-8QQV-26RM Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

Summary Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be served to subsequent requests from different users. Details The Cache Middleware skips caching when...