CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

Linux Distros Unpatched Vulnerability : CVE-2026-44582

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be...

3.7CVSS5.8AI score0.00009EPSS

Exploits1References2

RedhatCVE•added 2 days ago•7 views

CVE-2026-44573

A flaw was found in Next.js. Applications utilizing the Pages Router with internationalization i18n configured and middleware or proxy-based authorization are susceptible to unauthorized access. A remote attacker can exploit this by making locale-less /next/data//.json requests, which bypass the...

7.5CVSS5.7AI score0.00052EPSS

Exploits1References4

GithubExploit•added 2026/05/15 9:2 a.m.•69 views

Exploit for Server-Side Request Forgery in Vercel Next.Js

CVE-2026-44578 - Next.js WebSocket SSRF PoC Vulnerability:...

8.6CVSS5.8AI score0.0581EPSS

Exploits7

Tenable Nessus•added 2026/05/15 12:0 a.m.•20 views

Next.js Framework 15.4.x < 15.5.16 / 16.x < 16.2.5 Authorization Bypass

The Next.js Framework on the remote host is affected by an authorization bypass vulnerability: - Applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. Specially crafted query parameters can alter the dynamic route value seen by the page while...

8.1CVSS5.8AI score0.00011EPSS

Exploits2References2

CVE•added 2026/05/13 5:1 p.m.•29 views

CVE-2026-44578

CVE-2026-44578 affects Next.js self-hosted deployments using the built-in Node.js server. The issue enables server-side request forgery via crafted WebSocket upgrade requests, allowing an attacker to proxy requests to internal or external destinations and potentially expose internal services or c...

8.6CVSS5.9AI score0.0581EPSS

Exploits7References1Affected Software1

IBM Security Bulletins•added 2026/05/01 11:45 a.m.•1 views

Security Bulletin: IBM Edge Data Collector Component uses next-15.5.7.tgz which is vulnerable to CVE-2025-59471.

Summary Security Bulletin: IBM Edge Data Collector Component uses next-15.5.7.tgz which is vulnerable to CVE-2025-59471. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-59471 DESCRIPTION: A denial of service vulnerability exists in self-hosted...

7.5CVSS5.8AI score0.0015EPSS

Exploits0Affected Software1

vulnersOsv•added 2026/04/16 9:28 p.m.•4 views

@bentwnghk/chat (>=1.91.2 <=1.91.6), @lobehub/chat (>=1.49.5 <=1.49.12) +2 more potentially affected by CVE-2026-41248 via @clerk/nextjs (>=6.10.2 <=6.28.1)

@clerk/nextjs NPM version =6.10.2, =1.91.2, =1.49.5, =0.0.2, =0.17.1, =0.17.3-centauri.0 Source cves: CVE-2026-41248 Source advisory: SNYK:JS-CLERKNEXTJS-16098250...

9.1CVSS5.8AI score0.00096EPSS

Exploits0

OSV•added 2026/03/18 12:13 a.m.•0 views

CVE-2026-27979 Next.js: Unbounded postponed resume buffering can lead to DoS

Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, a request containing the next-resume: 1 header corresponding with a PPR resume request would buffer request bodies without consistently enforcing maxPostponedStateSize in...

6.9CVSS6AI score0.0002EPSS

Exploits0References5

CNNVD•added 2026/03/18 12:0 a.m.•2 views

Next.js 资源管理错误漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 10.0.0 to 16.1.7 had a resource management vulnerability. This vulnerability stemmed from the default image optimization feature, which had no configuration limit on disk caching, potentially leading to exhaustion of dis...

7.5CVSS5.8AI score0.00023EPSS

Exploits0References4

GithubExploit•added 2026/03/13 1:41 a.m.•124 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE Exploitation Arsenal Professional penetration testing too...

10CVSS5.8AI score0.82011EPSS

Exploits384

GithubExploit•added 2026/02/06 5:13 a.m.•128 views

Exploit for CVE-2025-66478

Vulnerable Mall Next.js Red/Blue Team Training Target Vul...

7AI score

Exploits110

GithubExploit•added 2026/01/23 6:5 p.m.•156 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell PoC This repository provides a minimal intentiona...

10CVSS6.6AI score0.82011EPSS

Exploits372

GithubExploit•added 2025/12/26 10:26 p.m.•146 views

Exploit for Deserialization of Untrusted Data in Facebook React

🛠️ CVE-2025-55182-POC-NEXTJS - Simple Proof of Concept for Nex...

10CVSS8.2AI score0.82011EPSS

Exploits358

OSV•added 2025/12/15 10:0 p.m.•6 views

GHSA-VR6P-VQ2P-6J74 Withdrawn Advisory: LikeC4 has RCE through vulnerable React and Next.js versions

Withdrawn Advisory This advisory has been withdrawn because LikeC4 isn’t impacted by CVE-2025-55182 because it doesn’t ship React. React is a peer dependency. Original Description LikeC4 uses React and Next.js: which contain known RCE vulnerabilities, as seen in CVE-2025-55182. 2025-12-15 Edit: t...

10CVSS7AI score0.82011EPSS

Exploits358References5

GithubExploit•added 2025/12/12 2:54 p.m.•107 views

Exploit for CVE-2025-66478

PoC for Next.js Vulnerability. Credits where credits are d...

7.2AI score

Exploits110

GithubExploit•added 2025/12/10 11:38 a.m.•134 views

Exploit for Deserialization of Untrusted Data in Facebook React

🚀 React2Shell Exploiter Advanced Exploitation & Server I...

10CVSS7.8AI score0.82011EPSS

Exploits372