41 matches found
Exploit for Incorrect Authorization in Vercel Next.Js
Himalaya Tech Admin Panel — CVE-2025-29927 Demo WARNING:...
Authentication Bypass Using an Alternate Path or Channel
Overview next is a react framework. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the middleware.ts with Turbopack enabled. An attacker can gain unauthorized access to protected resources by bypassing authentication mechanisms...
GHSA-FFHC-5MCF-PF4Q Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces
Impact App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derived from request headers could be reflected into rendered HTML in an unsafe way, allowing an attacker to...
Use of Weak Hash
Overview next is a react framework. Affected versions of this package are vulnerable to Use of Weak Hash via collisions in the rsc cache-busting process. An attacker can manipulate cache entries by crafting requests that cause shared caches to serve incorrect response variants to users. This is...
Allocation of Resources Without Limits or Throttling
Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling involving Partial Prerendering in the Cache Components feature. An attacker can exhaust the connection pool by sending malicious POST requests that cause a...
Server-side Request Forgery (SSRF)
Overview next is a react framework. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via crafted WebSocket upgrade requests. An attacker can access internal or external resources by sending specially crafted requests with absolute-url that cause the server to...
Interpretation Conflict
Overview next is a react framework. Affected versions of this package are vulnerable to Interpretation Conflict via improper handling of shared cache entries for React Server Component responses. An attacker can cause unintended component payloads to be served to other users by manipulating share...
Authentication Bypass Using an Alternate Path or Channel
Overview next is a react framework. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the handling of segment-prefetch routes. An attacker can gain unauthorized access to protected content by crafting .rsc and segment-prefetch URLs tha...
PT-2026-39417
Name of the Vulnerable Software and Affected Versions Next.js versions 12.2.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description An external client can send an x-nextjs-data header on a request to a path handled by middleware that returns a redirect. This causes the middleware or...
PT-2026-39412
Name of the Vulnerable Software and Affected Versions Next.js versions 13.0.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description Applications using beforeInteractive scripts combined with untrusted content are susceptible to cross-site scripting XSS, a flaw where malicious scripts...
CVE-2026-41248
Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerability is fixed in...
CVE-2026-41248 Official Clerk JavaScript SDKs: Middleware-based route protection bypass
Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerability is fixed in...
CVE-2026-41248 Official Clerk JavaScript SDKs: Middleware-based route protection bypass
Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerability is fixed in...
CVE-2026-29057
Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites proxy traffic to an external backend, a crafted DELETE/OPTIONS request using Transfer-Encoding: chunked could trigger request boundary...
HTTP Request Smuggling
Overview next is a react framework. Affected versions of this package are vulnerable to HTTP Request Smuggling during the rewrite of the proxy traffic to an external backend. An attacker can access unintended backend routes by sending crafted DELETE or OPTIONS requests with Transfer-Encoding:...
Allocation of Resources Without Limits or Throttling
Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of an upper bound on the disk cache used by the image optimization. An attacker can exhaust disk storage by generating a large number of...
Missing Origin Validation in WebSockets
Overview next is a react framework. Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets in the internal dev endpoint when the Origin header is set to null. An attacker can interact with internal development websocket traffic by connecting from...
next-mdx-remote affected by arbitrary code execution in React server-side rendering of untrusted MDX content
The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content...
CVE-2025-13984 Next.js - Critical - Access bypass - SA-CONTRIB-2025-122
Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting XSS.This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1...
EUVD-2025-206333
Next.js has Unbounded Memory Consumption via PPR Resume Endpoint...