Next.js 代码问题漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 13.4.13 to 15.5.16, as well as versions before 16.2.5, have code vulnerabilities. These vulnerabilities stem from the use of the built-in Node.js server for hosting. When a custom WebSocket upgrade request is made, it ma...

@adenta/cms (>=0.0.6 <=1.1.1-0), @anjy7/navbar-cms (=0.0.5) +21 more potentially affected by CVE-2026-25544 via @payloadcms/next (>=3.0.0-alpha.46 <=3.73.0-internal.783bc97)

@payloadcms/next NPM version =3.0.0-alpha.46, =0.0.6, =0.1.2, =1.0.2, =0.1.0, =3.2.0, =0.2.0, =1.0.54, =0.1.0, =0.1.4, =1.0.0, =0.0.5, =0.0.1, =0.0.4 and more Source cves: CVE-2026-25544 Source advisory: SNYK:JS-PAYLOADCMSNEXT-15240192...

@blitzjs/server (>=0.16.5-canary.8 <=0.24.1), @brudi-toolbox/next (>=1.14.17 <=1.14.26-next.2) +32 more potentially affected by CVE-2020-15242 via next (>=9.5.0 <=9.5.4-canary.24)

next NPM version =9.5.0, =0.16.5-canary.8, =1.14.17, =1.13.4, =0.1.8, =0.0.1, =0.16.0, =0.31.0, =1.10.8, =1.0.0-alpha.1, =1.0.0-alpha.0, =0.16.5-canary.8, =0.20.0 - cna-template-material-tailwindcss-reduxtoolkit =0.1.0 and more Source cves: CVE-2020-15242 Source advisory: OSV:GHSA-X56P-C8CG-Q435...

PT-1990-1007 · Next · Next

Name of the Vulnerable Software and Affected Versions: NeXT versions 1.0a through 1.0 Description: A local user can gain root privileges due to an issue in the restore0.9 installation script. Recommendations: For NeXT versions 1.0a through 1.0, at the moment, there is no information about a newer...

PT-1990-1006 · Next · Next

Name of the Vulnerable Software and Affected Versions: NeXT versions 1.0a and 1.0 Description: The issue allows local users to gain privileges through a combination of the npd program and weak directory permissions, specifically when printers are publicly accessible. Recommendations: For NeXT...