Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/05/13 5:16 p.m.15 views

CVE-2026-44574

Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the...

8.1CVSS0.00383EPSS
Exploits2References1
CVE
CVEadded 2026/05/13 4:56 p.m.24 views

CVE-2026-44574

CVE-2026-44574 affects Next.js versions 15.4.0 up to but not including 15.5.16 and 16.2.5. The issue: applications using middleware to protect dynamic routes can be bypassed via specially crafted query parameters that alter the dynamic route value seen by the page while the visible path remains u...

8.1CVSS5.8AI score0.00383EPSS
Exploits2References1Affected Software1
Cvelist
Cvelistadded 2026/05/13 4:56 p.m.26 views

CVE-2026-44574 Next.js: Middleware / Proxy bypass through dynamic route parameter injection

Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the...

8.1CVSS0.00383EPSS
Exploits2References1
ATTACKERKB
ATTACKERKBadded 2026/05/13 4:56 p.m.7 views

CVE-2026-44574

Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the...

8.1CVSS5.8AI score0.00383EPSS
Exploits2References2Affected Software1
CNNVD
CNNVDadded 2026/05/13 12:0 a.m.7 views

Next.js 安全漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 15.4.0 to 15.5.16, as well as versions before 16.2.5, have security vulnerabilities. These vulnerabilities arise from the use of middleware that protects dynamic routes. In this scenario, specially crafted query paramete...

8.1CVSS5.8AI score0.00383EPSS
Exploits2References1
Github Security Blog
Github Security Blogadded 2026/05/11 3:54 p.m.18 views

Next.js has a Middleware / Proxy bypass through dynamic route parameter injection

Impact Applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the dynamic route value seen by the page while leaving the visible path unchanged, which can allow protected conte...

8.1CVSS5.8AI score0.00383EPSS
Exploits2References5Affected Software1
OSV
OSVadded 2026/04/08 12:16 a.m.1 views

GHSA-XF4J-XP2R-RQQX Hono: Path traversal in toSSG() allows writing files outside the output directory

Summary A path traversal issue in toSSG allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially crafted values can cause generated file paths to escape the intended output directory. Details The...

5.9CVSS5.6AI score0.00532EPSS
Exploits1References5
Rows per page
Query Builder