Lucene search
K

23193 matches found

Github Security Blog
Github Security Blog
added 2026/05/11 3:54 p.m.31 views

Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes

Impact App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment prefetching. In affected configurations, specially crafted .rsc and segment-prefetch URLs can resolve to the same...

7.5CVSS5.8AI score0.01416EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/05/11 3:53 p.m.11 views

NPM: Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n

NPM: Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n vulnerability discovered by ? in WordPress Npm next versions = 12.2.0, 15.5.16...

7.5CVSS5.8AI score0.00551EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 3:53 p.m.19 views

Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n

Impact Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /next/data//.json requests. In affected configurations, middleware does not run for the unprefixed data route, allowing...

7.5CVSS5.8AI score0.00551EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/05/11 3:53 p.m.29 views

GHSA-36QX-FR4F-26G5 Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n

Impact Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /next/data//.json requests. In affected configurations, middleware does not run for the unprefixed data route, allowing...

7.5CVSS5.8AI score0.00551EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/11 2:50 p.m.17 views

Next.js Vulnerable to Denial of Service with Server Components

A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23870. A specially crafted HTTP request can be sent to any...

7.5CVSS5.8AI score0.01533EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/05/11 2:50 p.m.5 views

GHSA-8H8Q-6873-Q5FJ Next.js Vulnerable to Denial of Service with Server Components

A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23870. A specially crafted HTTP request can be sent to any...

7.5CVSS5.8AI score0.01533EPSS
Exploits1References5
NVD
NVD
added 2026/05/11 4:16 a.m.30 views

CVE-2026-8265

A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function getlogfile of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit...

7.2CVSS0.04412EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

D-Link DIR-816 注入漏洞

The D-Link DIR-816 is a wireless router produced by D-Link Corporation. The version 1.10CNB05R1B011D88210 of the D-Link DIR-816 has a vulnerability related to command injection. This vulnerability stems from the operation of the sub445E7C function in the /goform/singlePortForward file, which...

8.8CVSS6.6AI score0.03156EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.13 views

PT-2026-39894

Name of the Vulnerable Software and Affected Versions RVF versions 6.0.0 through 6.0.3 RVF versions 7.0.0 through 7.0.1 Description The setPath function in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object fails to block the keys proto , constructor, or prototype...

8.2CVSS5.9AI score0.00271EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.18 views

PT-2026-39552

A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been...

5.8CVSS5.5AI score0.04447EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.23 views

PT-2026-39564

A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get log file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The explo...

5.8CVSS5.6AI score0.04412EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.8 views

Tenda AC6 命令注入漏洞

Tenda AC6 is a wireless router produced by the Chinese company Tenda. The version 15.03.06.23 of Tenda AC6 has a command injection vulnerability. This vulnerability stems from the function formWifiApScan in the httpd component’s file/goform/WifiApScan, which processes parameters...

8.8CVSS6.6AI score0.02891EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Tenda AC6 命令注入漏洞

Tenda AC6 is a wireless router produced by the Chinese company Tenda. The version Tenda AC6 2.0/15.03.06.23 contains a command injection vulnerability. This vulnerability stems from an unknown function in the httpd component’s file/goform/telnet, which manipulates the parameter lan.ip, potentiall...

7.2CVSS5.8AI score0.04447EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.8 views

EDIMAX BR-6428nS 安全漏洞

The EDIMAX BR-6428nS is a wireless router produced by EDIMAX Corporation. The EDIMAX BR-6428nS V3 1.15 version has a security vulnerability. This vulnerability stems from insufficient input validation in the WLAN configuration function. It allows authenticated attackers to submit malicious inputs...

8.8CVSS6.1AI score0.01258EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.11 views

openSUSE 16 Security Update : wireshark (openSUSE-SU-2026:20685-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20685-1 advisory. This update for wireshark fixes the following issues - CVE-2026-3201: missing limit checks in USB HID protocol dissector's parsereportdescriptor...

7.8CVSS6.5AI score0.00206EPSS
Exploits34References99
Imperva Blog
Imperva Blog
added 2026/05/09 7:5 p.m.8 views

CVE-2026-23870: Imperva Customers Protected Against Critical React Server Components DoS Vulnerability

TL;DR:A newly disclosed denial-of-service vulnerability, CVE-2026-23870, impacts React Server Components and dependent frameworks, including Next.js App Router deployments. The flaw enables unauthenticated attackers to send specially crafted HTTP requests that trigger excessive CPU consumption...

7.5CVSS5.9AI score0.01533EPSS
Exploits1
Snyk
Snyk
added 2026/05/08 8:44 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when handling excessively large HTTP request bodies. A malicious pod on the same cluster can exhaust system memory and trigger an OOM condition. Remediation Upgrade...

7.4CVSS5.8AI score0.00173EPSS
Exploits0References2
Veracode
Veracode
added 2026/05/08 7:45 a.m.15 views

Improper Access Control

Apollo Federation is vulnerable to improper access control. The vulnerability is due to improper enforcement of user-defined access control directives on interface types and fields, which allows an attacker to bypass access restrictions by querying implementing object types and fields through...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/05/08 5:16 a.m.32 views

CVE-2026-8138

A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg”. The manipulation results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used...

9CVSS0.00568EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.9 views

Tenda CX12L 缓冲区错误漏洞

The Tenda CX12L is a home-use wireless router device from the Chinese company Tenda. The version 16.03.53.12 of the Tenda CX12L contains a buffer error vulnerability. This vulnerability stems from improper operation of the function in the file/goform/SetPptpServerCfg, which may lead to a stack...

9CVSS7.7AI score0.00568EPSS
Exploits1References1
Rows per page
Query Builder