Lucene search
K

105 matches found

RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.5 views

next.js: Next.js: Unauthorized access to protected content via middleware bypass

A flaw was found in Next.js. App Router applications that use middleware or proxy-based authorization checks are vulnerable to unauthorized access. A remote attacker can exploit this by crafting specific .rsc and segment-prefetch URLs, which bypass the intended middleware rules. This allows acces...

7.5CVSS5.9AI score0.01523EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-44581

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces...

4.7CVSS5.8AI score0.00222EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/02 11:53 p.m.18 views

CVE-2026-44575

A flaw was found in Next.js. App Router applications that use middleware or proxy-based authorization checks are vulnerable to unauthorized access. A remote attacker can exploit this by crafting specific .rsc and segment-prefetch URLs, which bypass the intended middleware rules. This allows acces...

7.5CVSS5.7AI score0.01523EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/18 4:21 p.m.81 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 React2Shell Analysis Report Sections require...

10CVSS7.8AI score0.99562EPSS
Exploits374
GithubExploit
GithubExploit
added 2026/05/17 10:49 a.m.116 views

react2shell-poc

日本語 !CAUTION For Authorized Security Re...

10CVSS8AI score0.99562EPSS
Exploits388
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.10 views

Next.js Framework 15.2.x < 15.5.16 / 16.x < 16.2.5 Authorization Bypass

The Next.js Framework on the remote host is affected by an authorization bypass vulnerability: - App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment prefetching. In affecte...

7.5CVSS5.8AI score0.01523EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.25 views

Next.js Framework 13.4.x < 15.5.16 / 16.x < 16.2.5 Stored XSS

The Next.js Framework on the remote host is affected by a stored cross-site scripting vulnerability: - App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derived from...

4.7CVSS5.8AI score0.00222EPSS
Exploits1References2
NVD
NVD
added 2026/05/13 6:16 p.m.17 views

CVE-2026-44581

Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derive...

4.7CVSS0.00222EPSS
Exploits1References1
NVD
NVD
added 2026/05/13 5:16 p.m.15 views

CVE-2026-44575

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment...

7.5CVSS0.01523EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/13 5:11 p.m.7 views

CVE-2026-45109 Next.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed in 15.5.18 and 16.2.6...

7.5CVSS5.8AI score0.00544EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 5:11 p.m.56 views

CVE-2026-45109 Next.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed in 15.5.18 and 16.2.6...

7.5CVSS0.00544EPSS
Exploits0References1
OSV
OSV
added 2026/05/13 5:11 p.m.6 views

CVE-2026-45109 Next.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed in 15.5.18 and 16.2.6...

7.5CVSS7AI score0.00544EPSS
Exploits0References8
CVE
CVE
added 2026/05/13 5:11 p.m.76 views

CVE-2026-45109

This CVE relates to Next.js prior to fixes: from 15.2.0 to before 15.5.18 and 16.2.6, the fix for CVE-2026-44575 did not apply to middleware.ts with Turbopack. The vulnerability is fixed in Next.js versions 15.5.18 and 16.2.6. Affected software: Next.js (Next.js framework for full‑stack apps). Un...

7.5CVSS5.8AI score0.00544EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 5:7 p.m.8 views

CVE-2026-44581 Next.js: Cross-site scripting in App Router applications using CSP nonces

Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derive...

4.7CVSS5.8AI score0.00222EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/13 5:7 p.m.33 views

CVE-2026-44581 Next.js: Cross-site scripting in App Router applications using CSP nonces

Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derive...

4.7CVSS0.00222EPSS
Exploits1References1
CVE
CVE
added 2026/05/13 5:7 p.m.34 views

CVE-2026-44581

CVE-2026-44581 details a stored XSS in Next.js App Router apps relying on CSP nonces when deployed behind shared caches. Affected versions are 13.4.0–before 15.5.16 and 16.2.5; malformed nonce values derived from request headers could be reflected into rendered HTML, enabling cache-poisoning and ...

4.7CVSS5.8AI score0.00222EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/13 4:54 p.m.10 views

CVE-2026-44575

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment...

7.5CVSS5.8AI score0.01523EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/13 4:54 p.m.37 views

CVE-2026-44575 Next.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment...

7.5CVSS0.01523EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 4:54 p.m.10 views

CVE-2026-44575 Next.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment...

7.5CVSS5.8AI score0.01523EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 4:54 p.m.58 views

CVE-2026-44575

Summary: CVE-2026-44575 affects Next.js App Router: middleware/proxy authorization checks can be bypassed via transport-specific route variants used for segment prefetching. Specifically, in versions 15.2.0–before 15.5.16 and 16.2.5, specially crafted .rsc and segment-prefetch URLs can resolve to...

7.5CVSS5.8AI score0.01523EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder