CVE-2025-49005 Next.js cache poisoning due to omission of Vary header

Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to return a React Server Component RSC payloa...

GHSA-R2FC-CCR8-96C4 Next.js has a Cache poisoning vulnerability due to omission of the Vary header

Summary A cache poisoning issue in Next.js App Router =15.3.0 and 15.3.3 may have allowed RSC payloads to be cached and served in place of HTML, under specific conditions involving middleware and redirects. This issue has been fixed in Next.js 15.3.3. Users on affected versions should upgrade...

OpenStack 数据伪造问题漏洞

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA in collaboration with Rackspace in the United States. Openstack Neutron is vulnerable to a Data Forgery Issue vulnerability that stems from a flaw found in the default Open vSwitch...