CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

49 matches found

Linux Distros Unpatched Vulnerability : CVE-2026-45109

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing...

7.5CVSS5.8AI score0.00053EPSS

Exploits0References2

RedhatCVE•added 2 days ago•6 views

CVE-2026-45109

A flaw was found in Next.js. A remote unauthenticated attacker could exploit a bypass in a security fix when using middleware.ts with Turbopack. This vulnerability could lead to the disclosure of sensitive information. Mitigation Mitigation for this issue is either not available or the currently...

7.5CVSS5.6AI score0.00014EPSS

Exploits0References4

NVD•added 2026/05/13 6:16 p.m.•7 views

CVE-2026-45109

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed in 15.5.18 and 16.2.6...

7.5CVSS0.00014EPSS

Exploits0References1

Cvelist•added 2026/05/13 5:11 p.m.•21 views

CVE-2026-45109 Next.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

7.5CVSS0.00014EPSS

Exploits0References1

CNNVD•added 2026/05/13 12:0 a.m.•5 views

Next.js 安全漏洞

Next.js is a React framework open source by Vercel. There were security vulnerabilities in versions of Next.js from 15.2.0 to 15.5.18, and also in version 16.2.6. These vulnerabilities stemmed from failing to apply the corrections for CVE-2026-44575 when using the Turbopack-based middleware.ts...

7.5CVSS5.8AI score0.00014EPSS

Exploits0References1

OSV•added 2026/05/11 4:21 p.m.•2 views

GHSA-26HH-7CQF-HHC6 Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up

Impact It was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. Refer to CVE-2026-44575 for further details. References - CVE CVE-2026-44575...

7.5CVSS5.8AI score0.00014EPSS

Exploits0References6

Github Security Blog•added 2026/05/11 4:21 p.m.•6 views

Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up

Impact It was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. Refer to CVE-2026-44575 for further details. References - CVE CVE-2026-44575...

7.5CVSS5.8AI score0.00053EPSS

Exploits0References6Affected Software1

Snyk•added 2026/05/11 4:21 p.m.•3 views

Authentication Bypass Using an Alternate Path or Channel

Overview next is a react framework. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the middleware.ts with Turbopack enabled. An attacker can gain unauthorized access to protected resources by bypassing authentication mechanisms...

8.7CVSS5.8AI score0.00053EPSS

Exploits0References2

Patchstack•added 2026/05/11 2:50 p.m.•6 views

NPM: Facebook React has a Denial of Service Vulnerability in React Server Components

NPM: Facebook React has a Denial of Service Vulnerability in React Server Components discovered by ? in WordPress Npm react-server-dom-turbopack versions = 19.0.0, 19.0.6...

7.5CVSS5.8AI score0.00338EPSS

Exploits1References5Affected Software1

OSV•added 2026/05/11 2:50 p.m.•0 views

GHSA-RV78-F8RC-XRXH Facebook React has a Denial of Service Vulnerability in React Server Components

Impact A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to out-of-memory exceptions or excessive CPU usage. We recommend updating immediately. The vulnerability exists in versions 19.0.0 through 19.0.5,...

7.5CVSS5.9AI score0.00338EPSS

Exploits1References5

Snyk•added 2026/05/06 7:32 p.m.•4 views

Allocation of Resources Without Limits or Throttling

Overview react-server-dom-turbopack is a React Server Components bindings for DOM using Turbopack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or...

8.7CVSS5.8AI score0.00338EPSS

Exploits1References2

CNNVD•added 2026/05/06 12:0 a.m.•4 views

Meta多款产品安全漏洞

react-server-dom-parcel is a software packaging tool library open-sourced by Meta. Several products of Meta have security vulnerabilities, which stem from sending specially crafted HTTP requests to server endpoints. These vulnerabilities may lead to server crashes, out-of-memory exceptions, or...

7.5CVSS5.8AI score0.00338EPSS

Exploits1References1

VulnCheck KEV•added 2026/04/15 12:0 a.m.•5 views

VulnCheck KEV: CVE-2025-55184

A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafe...

7.5CVSS5.9AI score0.41239EPSS

In wildExploits10References2

RedhatCVE•added 2026/04/10 7:56 p.m.•3 views

CVE-2026-23869

A flaw was found in react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack. Specially crafted HTTP requests to server function endpoints can result in an excessive consumption of CPU resources for up to a minute, causing an error that is catchable. Mitigation Red Hat has...

7.5CVSS5.7AI score0.00841EPSS

Exploits3References4

Github Security Blog•added 2026/04/10 3:35 p.m.•10 views

React Server Components have a Denial of Service Vulnerability

Impact A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack versions 19.0.0, 19.1.0 and 19.2.0. The vulnerability is triggered by sending specially crafted HTTP requests...

7.5CVSS5.8AI score0.00841EPSS

Exploits3References4Affected Software3

F5 Networks•added 2026/04/09 9:43 a.m.•7 views

K000160686: React framework vulnerability CVE-2026-23869

Security Advisory Description A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. T...

7.5CVSS5.9AI score0.00841EPSS

Exploits3

NVD•added 2026/04/08 8:16 p.m.•2 views

CVE-2026-23869

A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. The vulnerability is triggered ...

7.5CVSS0.00841EPSS

Exploits3References1

Cvelist•added 2026/04/08 7:11 p.m.•16 views

CVE-2026-23869

7.5CVSS0.00841EPSS

Exploits3References1

Vulnrichment•added 2026/04/08 7:11 p.m.•4 views

CVE-2026-23869

7.5CVSS5.9AI score0.00841EPSS

Exploits3References1

CNNVD•added 2026/04/08 12:0 a.m.•3 views

React 安全漏洞

React is a JavaScript library developed by Meta for building user interfaces. There is a security vulnerability in React, which stems from excessive CPU usage when handling specially crafted HTTP requests, potentially leading to denial of service attacks. The following versions are affected:...

7.5CVSS7.3AI score0.00841EPSS

Exploits3References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by