Lucene search
K

32 matches found

OSV
OSV
added 2026/01/28 3:20 p.m.7 views

GHSA-5F7Q-JPQC-WP7H Next.js has Unbounded Memory Consumption via PPR Resume Endpoint

A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...

5.9CVSS5.9AI score0.00444EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/01/28 3:20 p.m.53 views

Next.js has Unbounded Memory Consumption via PPR Resume Endpoint

A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...

7.5CVSS5.9AI score0.00363EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2026/01/28 7:57 a.m.5 views

Denial Of Service (DoS)

Next.js is vulnerable to a Denial of Service DoS vulnerability. The vulnerability is due to unbounded request body buffering and unbounded decompression in the Partial Prerendering PPR resume endpoint, which allows an attacker to send specially crafted unauthenticated POST requests or compressed...

7.5CVSS5.9AI score0.00363EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/28 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-59472

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts...

7.5CVSS5.6AI score0.00363EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/26 10:49 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Partial Prerendering resume endpoint when unauthenticated POST requests with the Next-Resume: 1 header are processed and attacker-controlled postpon...

8.2CVSS6AI score0.00444EPSS
Exploits0References2
NVD
NVD
added 2026/01/26 10:15 p.m.7 views

CVE-2025-59472

A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...

7.5CVSS0.00363EPSS
Exploits0References1
OSV
OSV
added 2026/01/26 10:15 p.m.5 views

CVE-2025-59472

A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...

7.5CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2026/01/26 9:43 p.m.20 views

CVE-2025-59472

A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...

5.9CVSS0.00363EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/26 9:43 p.m.4 views

CVE-2025-59472

A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...

5.9CVSS5.9AI score0.00363EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/26 9:43 p.m.6 views

CVE-2025-59472

A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...

5.9CVSS5.9AI score0.00363EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/01/26 9:43 p.m.21 views

CVE-2025-59472

CVE-2025-59472 concerns Next.js with Partial Prerendering (PPR) enabled in minimal mode. The vulnerability stems from the PPR resume endpoint accepting unauthenticated POSTs (Next-Resume: 1) and processing attacker-controlled data, causing memory exhaustion via two vectors: 1) Unbounded request b...

7.5CVSS5.9AI score0.00363EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.5 views

PT-2026-4817

Name of the Vulnerable Software and Affected Versions Next.js versions with experimental.ppr: true or cacheComponents: true configured along with the NEXT PRIVATE MINIMAL MODE=1 environment variable Description A denial of service issue exists in Next.js when Partial Prerendering PPR is enabled i...

5.9CVSS5.9AI score0.00363EPSS
Exploits0References6
Rows per page
Query Builder