Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2025/08/29 9:33 p.m.1 views

CVE-2025-57822 Next.js Improper Middleware Redirect Handling Leads to SSRF

Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers. This vulnerability has...

6.5CVSS6.4AI score0.07815EPSS
Exploits0References5
Snyk
Snykadded 2025/08/29 9:33 p.m.1 views

Server-side Request Forgery (SSRF)

Overview next is a react framework. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the resolve-routes. An attacker can access internal resources and potentially exfiltrate sensitive information by crafting requests containing user-controlled headers e.g.,...

8.3CVSS6.7AI score0.07815EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/08/29 12:0 a.m.4 views

PT-2025-35322

Name of the Vulnerable Software and Affected Versions Next.js versions prior to 14.2.32 and prior to 15.4.7 Description Next.js is a React framework for building full-stack web applications. When the next function was used without explicitly passing the request object in self-hosted applications,...

8.2CVSS6.4AI score0.07815EPSS
Exploits0References17
OSV
OSVadded 2022/06/10 12:15 a.m.1 views

DEBIAN-CVE-2022-31043

Guzzle is an open source PHP HTTP client. In affected versions Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This ...

7.5CVSS7.3AI score0.01454EPSS
Exploits0References1
NVD
NVDadded 2022/02/15 4:15 p.m.19 views

CVE-2022-21698

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS0.00376EPSS
Exploits0References22
OSV
OSVadded 2022/02/15 12:0 a.m.23 views

CVE-2022-21698 Uncontrolled Resource Consumption in promhttp

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS7.5AI score0.00376EPSS
Exploits0References24
OSV
OSVadded 2017/10/24 6:33 p.m.45 views

GHSA-WPW7-WXJM-CW8R actionpack allows bypass of database-query restrictions

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...

6.4CVSS7.6AI score0.00512EPSS
Exploits0References16
Rows per page
Query Builder