Lucene search
K

149 matches found

SUSE CVE
SUSE CVE
added 3 days ago6 views

SUSE CVE-2024-7881

An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced...

5.1CVSS6.1AI score0.00191EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-56676 9router: Image prefetch DNS rebinding allows SSRF to internal services

9Router is an AI router & token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host before fetching, but open-sse/translator/concerns/image.js performs the later server-side image fetch with a separate DNS resolution. An authenticated attacker with access to the LLM proxy ca...

7.4CVSS0.00154EPSS
Exploits0References3
CVE
CVE
added 4 days ago10 views

CVE-2026-56676

9router is affected by an image prefetch DNS rebinding vulnerability (CVE-2026-56676). Prior to v0.5.2, the application validates the image URL by DNS resolution but then performs a server-side fetch with a separate DNS lookup, enabling an authenticated attacker with access to the LLM proxy to tr...

7.4CVSS6.1AI score0.00154EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.5 views

next.js: Next.js: Unauthorized access to protected content via middleware bypass

A flaw was found in Next.js. App Router applications that use middleware or proxy-based authorization checks are vulnerable to unauthorized access. A remote attacker can exploit this by crafting specific .rsc and segment-prefetch URLs, which bypass the intended middleware rules. This allows acces...

7.5CVSS5.9AI score0.01523EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/01 9:15 p.m.10 views

Malicious code in electron-orbit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7faf51a6c9d6ed9fce8cf9de9ea8afee0e9c3dc1fb254e8cd0c3c2a8ca61323f On require'electron-orbit', the module unconditionally fires an auto-prefetch pipeline in Node contexts when no document is present that opens a raw...

5.8AI score
Exploits0References32
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-44575

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware...

7.5CVSS5.8AI score0.01523EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/02 11:53 p.m.17 views

CVE-2026-44575

A flaw was found in Next.js. App Router applications that use middleware or proxy-based authorization checks are vulnerable to unauthorized access. A remote attacker can exploit this by crafting specific .rsc and segment-prefetch URLs, which bypass the intended middleware rules. This allows acces...

7.5CVSS5.7AI score0.01523EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/02 10:22 p.m.12 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the serialization algorithm in the PrefetchPageLinks function. An attacker can cause a denial of service by supplying specially crafted user input that is reflected and processed...

8.7CVSS5.5AI score0.00294EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/02 10:22 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview turbo-stream is an A streaming data transport format that aims to support built-in features such as Promises, Dates, RegExps, Maps, Sets and more. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the serialization algorithm in th...

8.7CVSS5.5AI score0.00294EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: Fixed the issue where the SoC may hang during 16-byte unaligned reads. There is an errata regarding the chip ls1028a: The SoC may hang during 16-byte unaligned read transactions initiated by QDMA. Unaligned...

5.5CVSS6AI score0.00173EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nfqueue – fixed a possible use-after-free issue. Eric Dumazet says: The sockhold function seems suspicious, as there is no guarantee that skrefcnt is not already 0. If this occurs, we cannot queue the packet and mus...

5.5CVSS6.3AI score0.00207EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.10 views

Next.js Framework 15.2.x < 15.5.16 / 16.x < 16.2.5 Authorization Bypass

The Next.js Framework on the remote host is affected by an authorization bypass vulnerability: - App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment prefetching. In affecte...

7.5CVSS5.8AI score0.01523EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 5:11 p.m.7 views

CVE-2026-45109 Next.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed in 15.5.18 and 16.2.6...

7.5CVSS5.8AI score0.00544EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 5:11 p.m.56 views

CVE-2026-45109 Next.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed in 15.5.18 and 16.2.6...

7.5CVSS0.00544EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 5:11 p.m.75 views

CVE-2026-45109

This CVE relates to Next.js prior to fixes: from 15.2.0 to before 15.5.18 and 16.2.6, the fix for CVE-2026-44575 did not apply to middleware.ts with Turbopack. The vulnerability is fixed in Next.js versions 15.5.18 and 16.2.6. Affected software: Next.js (Next.js framework for full‑stack apps). Un...

7.5CVSS5.8AI score0.00544EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/13 5:11 p.m.6 views

CVE-2026-45109 Next.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed in 15.5.18 and 16.2.6...

7.5CVSS7AI score0.00544EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/13 4:54 p.m.10 views

CVE-2026-44575

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment...

7.5CVSS5.8AI score0.01523EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/13 4:54 p.m.37 views

CVE-2026-44575 Next.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment...

7.5CVSS0.01523EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 4:54 p.m.10 views

CVE-2026-44575 Next.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment...

7.5CVSS5.8AI score0.01523EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 4:54 p.m.55 views

CVE-2026-44575

Summary: CVE-2026-44575 affects Next.js App Router: middleware/proxy authorization checks can be bypassed via transport-specific route variants used for segment prefetching. Specifically, in versions 15.2.0–before 15.5.16 and 16.2.5, specially crafted .rsc and segment-prefetch URLs can resolve to...

7.5CVSS5.8AI score0.01523EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder