24 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-44573
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n...
CVE-2026-44573
A flaw was found in Next.js. Applications utilizing the Pages Router with internationalization i18n configured and middleware or proxy-based authorization are susceptible to unauthorized access. A remote attacker can exploit this by making locale-less /next/data//.json requests, which bypass the...
Next.js Framework 12.2.x < 15.5.16 / 16.x < 16.2.5 Information Disclosure
The Next.js Framework on the remote host is affected by an information disclosure vulnerability: - Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /next/data//.json requests...
CVE-2026-44573
Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less...
CVE-2026-44573 Next.js: Middleware / Proxy bypass in Pages Router applications using i18n
Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less...
CVE-2026-44573 Next.js: Middleware / Proxy bypass in Pages Router applications using i18n
Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less...
Next.js 安全漏洞
Next.js is a React framework open source by Vercel. Versions of Next.js from 12.2.0 to 15.5.16, as well as versions before 16.2.5, have security vulnerabilities. These vulnerabilities arise from using the Pages Router and when configuring i18n and middleware or proxy authorization. In these cases...
NPM: Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n
NPM: Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n vulnerability discovered by ? in WordPress Npm next versions = 12.2.0, 15.5.16...
GHSA-36QX-FR4F-26G5 Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n
Impact Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /next/data//.json requests. In affected configurations, middleware does not run for the unprefixed data route, allowing...
Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n
Impact Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /next/data//.json requests. In affected configurations, middleware does not run for the unprefixed data route, allowing...
EUVD-2025-14946
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2024-46982
Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce...
Denial Of Service
Next.js is vulnerable to Denial of Service. The vulnerability is due to a race condition in misconfigured Pages Router setups allowing pageProps data to be served instead of standard HTML responses...
GHSA-QPJV-V59X-3QC4 Next.js Race Condition to Cache Poisoning
Summary We received a responsible disclosure from Allam Rachid zhero for a low-severity race-condition vulnerability in Next.js. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve pageProps data instead of standard HTML. Learn more here...
Next.js Race Condition to Cache Poisoning
Summary We received a responsible disclosure from Allam Rachid zhero for a low-severity race-condition vulnerability in Next.js. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve pageProps data instead of standard HTML. Learn more here...
CVE-2025-32421
Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve pageProps data instead of standard HTML. Thi...
CVE-2025-32421 Next.js Race Condition to Cache Poisoning
Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve pageProps data instead of standard HTML. Thi...
CVE-2025-32421
Next.js CVE-2025-32421 describes a race-condition in the Pages Router that, under certain misconfigurations, can cause endpoints to serve pageProps data instead of HTML. Affected versions are pre-14.2.24 and pre-15.1.6; patch versions 14.2.24 and 15.1.6 strip the x-now-route-matches header to mit...
CVE-2025-32421 Next.js Race Condition to Cache Poisoning
Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve pageProps data instead of standard HTML. Thi...
PT-2025-19996
Name of the Vulnerable Software and Affected Versions Next.js versions prior to 14.2.24 and versions 15.0.0 through 15.1.6 Description Next.js, a React framework for building full-stack web applications, contains a race-condition issue affecting the Pages Router under specific misconfigurations...