Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Tenable Nessus
Tenable Nessusadded 2026/05/15 12:0 a.m.27 views

Next.js Framework 15.4.x < 15.5.16 / 16.x < 16.2.5 Authorization Bypass

The Next.js Framework on the remote host is affected by an authorization bypass vulnerability: - Applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. Specially crafted query parameters can alter the dynamic route value seen by the page while...

8.1CVSS5.8AI score0.00011EPSS
Exploits2References2
Vulnrichment
Vulnrichmentadded 2026/05/13 4:56 p.m.5 views

CVE-2026-44574 Next.js: Middleware / Proxy bypass through dynamic route parameter injection

Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the...

8.1CVSS5.8AI score0.00011EPSS
Exploits2References1
OSV
OSVadded 2026/05/11 3:54 p.m.3 views

GHSA-492V-C6PP-MQQV Next.js has a Middleware / Proxy bypass through dynamic route parameter injection

Impact Applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the dynamic route value seen by the page while leaving the visible path unchanged, which can allow protected conte...

8.1CVSS5.8AI score0.00011EPSS
Exploits2References5
Patchstack
Patchstackadded 2026/05/11 3:54 p.m.7 views

NPM: Next.js has a Middleware / Proxy bypass through dynamic route parameter injection

NPM: Next.js has a Middleware / Proxy bypass through dynamic route parameter injection vulnerability discovered by ? in WordPress Npm next versions = 15.4.0, 15.5.16...

8.1CVSS5.8AI score0.00011EPSS
Exploits2References5Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/06 12:0 a.m.8 views

PT-2026-38637

Name of the Vulnerable Software and Affected Versions Next.js affected versions not specified Description An authorization bypass exists in applications that use middleware to protect dynamic routes. Attackers can use specially crafted query parameters to alter the dynamic route value perceived b...

8.5CVSS5.8AI score0.00011EPSS
Exploits2References20
Vulnrichment
Vulnrichmentadded 2026/04/08 2:42 p.m.0 views

CVE-2026-39408 Hono has a path traversal in toSSG() allows writing files outside the output directory

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal issue in toSSG allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially...

5.9CVSS5.6AI score0.00017EPSS
Exploits1References3
GithubExploit
GithubExploitadded 2022/03/21 11:37 p.m.448 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

Vulnerability Profile Spring Cloud Gateway is a brand new pro...

10CVSS8AI score0.94461EPSS
Exploits54
Rows per page
Query Builder