Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Tenable Nessus
Tenable Nessusadded 2026/06/03 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-44573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n...

7.5CVSS5.8AI score0.00351EPSS
Exploits1References2
GithubExploit
GithubExploitadded 2025/09/20 8:12 a.m.259 views

Exploit for Improper Authorization in Vercel Next.Js

CVE-2025-29927 — Next.js middleware authorization bypass...

9.1CVSS7.1AI score0.93247EPSS
Exploits56
Tenable Nessus
Tenable Nessusadded 2025/04/10 12:0 a.m.9 views

Next.js 11.1.4 < 12.3.5 Authorization Bypass

The version of Next.js installed on the remote host is 11.1.4 prior to 12.3.5, 13.0.x prior to 13.5.9, 14.x prior to 14.2.25 or 15.x prior to 15.2.3. It is, therefore, affected by Authorization Bypass if the authorization check occurs in middleware. Note that the scanner has not attempted to...

9.1CVSS7.3AI score0.93247EPSS
Exploits56References3
Tenable Nessus
Tenable Nessusadded 2025/04/10 12:0 a.m.6 views

Next.js 9.5.5 < 14.2.15 Authorization Bypass

The version of Next.js installed on the remote host is 9.5.5 prior to 14.2.15. It is, therefore, affected by Authorization Bypass if the authorization check occurs in middleware. Note that the scanner has not attempted to exploit this issue but has instead relied only on application's self-report...

7.5CVSS7.2AI score0.03818EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/03/21 2:34 p.m.32 views

CVE-2025-29927 Authorization Bypass in Next.js Middleware

Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to ...

9.1CVSS6.9AI score0.93247EPSS
Exploits56References5
CNNVD
CNNVDadded 2025/03/21 12:0 a.m.5 views

Next.js 安全漏洞

Next.js is Vercel open source a React framework. Vercel Next.js suffers from a privilege bypass vulnerability that stems from the fact that if authorization checking occurs in middleware, an attacker can use the vulnerability to bypass authorization checking...

9.1CVSS6.9AI score0.93247EPSS
Exploits56References10
Github Security Blog
Github Security Blogadded 2023/11/20 11:25 p.m.44 views

Possible user mocking that bypasses basic authentication

Impact next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow state, PKCE or nonce. Manually overriding the...

5.3CVSS6.5AI score0.007EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder