Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

12 matches found

RedhatCVE
RedhatCVEadded 2026/06/02 11:53 p.m.12 views

CVE-2026-44579

A flaw was found in Next.js. Applications utilizing Partial Prerendering via the Cache Components feature are susceptible to connection exhaustion. A remote attacker can send crafted POST requests to a server action, triggering a request-body handling deadlock. This leaves connections open,...

7.5CVSS5.7AI score0.00019EPSS
Exploits1References4
NVD
NVDadded 2026/05/13 6:16 p.m.8 views

CVE-2026-44579

Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 16.2.5, applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In affected...

7.5CVSS0.00019EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/05/13 5:4 p.m.6 views

CVE-2026-44579 Next.js: Denial of Service via connection exhaustion in applications using Cache Components

Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 16.2.5, applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In affected...

7.5CVSS5.8AI score0.00019EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/05/13 5:4 p.m.28 views

CVE-2026-44579 Next.js: Denial of Service via connection exhaustion in applications using Cache Components

Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 16.2.5, applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In affected...

7.5CVSS0.00019EPSS
Exploits1References1
CVE
CVEadded 2026/05/13 5:4 p.m.30 views

CVE-2026-44579

Next.js vulnerability CVE-2026-44579 affects Next.js releases prior to 15.5.16 and 16.2.5 where Partial Prerendering via Cache Components can cause a connection-exhaustion DoS through crafted POST requests to a server action. A malicious request may trigger a request-body handling deadlock, leavi...

7.5CVSS5.8AI score0.00019EPSS
Exploits1References1Affected Software1
CNNVD
CNNVDadded 2026/05/13 12:0 a.m.8 views

Next.js 安全漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js prior to 15.5.16 and 16.2.5 have a security vulnerability. This vulnerability arises from using the Partial Prerendering feature of Cache Components. A specially crafted POST request to the server can lead to connection...

7.5CVSS5.8AI score0.00019EPSS
Exploits1References1
Snyk
Snykadded 2026/05/11 3:56 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling involving Partial Prerendering in the Cache Components feature. An attacker can exhaust the connection pool by sending malicious POST requests that cause a...

8.7CVSS5.8AI score0.00019EPSS
Exploits1References2
Patchstack
Patchstackadded 2026/05/11 3:56 p.m.5 views

NPM: Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components

NPM: Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components vulnerability discovered by ? in WordPress Npm next versions = 15.0.0, 15.5.16...

7.5CVSS5.8AI score0.00019EPSS
Exploits1References5Affected Software1
OSV
OSVadded 2026/05/11 3:56 p.m.3 views

GHSA-MG66-MRH9-M8JX Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components

Impact Applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In affected configurations, a malicious request can trigger a request-body handling deadlock that leaves connections ope...

7.5CVSS5.8AI score0.00019EPSS
Exploits1References5
Github Security Blog
Github Security Blogadded 2026/05/11 3:56 p.m.6 views

Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components

Impact Applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In affected configurations, a malicious request can trigger a request-body handling deadlock that leaves connections ope...

7.5CVSS5.8AI score0.00019EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blogadded 2026/01/28 3:20 p.m.49 views

Next.js has Unbounded Memory Consumption via PPR Resume Endpoint

A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...

7.5CVSS5.9AI score0.0015EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2026/01/26 10:15 p.m.4 views

CVE-2025-59472

A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...

7.5CVSS0.0015EPSS
Exploits0References1
Rows per page
Query Builder