Lucene search
+L

118 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-59801

9Router through version 0.4.41 contains an unauthenticated access vulnerability that allows remote attackers to interact with provider management API endpoints by sending requests without any credentials due to missing authentication middleware in the Next.js API routes under...

9.8CVSS0.01905EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.7 views

next.js: Next.js: Information disclosure due to middleware bypass in Pages Router with i18n

A flaw was found in Next.js. Applications utilizing the Pages Router with internationalization i18n configured and middleware or proxy-based authorization are susceptible to unauthorized access. A remote attacker can exploit this by making locale-less /next/data//.json requests, which bypass the...

7.5CVSS5.9AI score0.00606EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-44574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect...

8.1CVSS5.8AI score0.00496EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-44578

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in...

8.6CVSS5.9AI score0.38872EPSS
Exploits9References2
GithubExploit
GithubExploit
added 2026/05/30 12:26 a.m.139 views

Exploit for CVE-2025-66478

CVE-2025-66478-Research-Proof-of-Concept Overview This re...

7.5AI score
Exploits111
GithubExploit
GithubExploit
added 2026/05/25 10:32 a.m.100 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 - React2shell A Python 2.7 exploit for CVE-2...

10CVSS7.4AI score0.99562EPSS
Exploits376
GithubExploit
GithubExploit
added 2026/05/19 7:47 a.m.96 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182-React2Shell xpl0ited by infrar3dhttps://git...

10CVSS7.3AI score0.99562EPSS
Exploits376
GithubExploit
GithubExploit
added 2026/05/16 10:15 a.m.234 views

Exploit for Server-Side Request Forgery in Vercel Next.Js

CVE-2026-44578 — Next.js WebSocket Upgrade SSRF Pre-authentic...

8.6CVSS5.8AI score0.38872EPSS
Exploits9
GithubExploit
GithubExploit
added 2026/05/15 12:26 p.m.82 views

SECpocs

Next.js React Server Components RCE Exploit Exploits CVE-2025...

10CVSS6.4AI score0.99562EPSS
Exploits376
GithubExploit
GithubExploit
added 2026/05/15 5:2 a.m.223 views

Exploit for Server-Side Request Forgery in Vercel Next.Js

╔═══════════════════════════════════════════════════════════...

8.6CVSS5.9AI score0.38872EPSS
Exploits9
NVD
NVD
added 2026/05/13 5:16 p.m.15 views

CVE-2026-44575

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment...

7.5CVSS0.01558EPSS
Exploits0References7
CVE
CVE
added 2026/05/13 5:7 p.m.37 views

CVE-2026-44581

CVE-2026-44581 details a stored XSS in Next.js App Router apps relying on CSP nonces when deployed behind shared caches. Affected versions are 13.4.0–before 15.5.16 and 16.2.5; malformed nonce values derived from request headers could be reflected into rendered HTML, enabling cache-poisoning and ...

4.7CVSS5.8AI score0.00222EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/13 5:6 p.m.6 views

CVE-2026-44580 Next.js: Cross-site scripting in beforeInteractive scripts with untrusted input

Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script content was not escap...

6.1CVSS6.2AI score0.00205EPSS
Exploits0References3
CVE
CVE
added 2026/05/13 5:4 p.m.63 views

CVE-2026-44579

Next.js vulnerability CVE-2026-44579 affects Next.js releases prior to 15.5.16 and 16.2.5 where Partial Prerendering via Cache Components can cause a connection-exhaustion DoS through crafted POST requests to a server action. A malicious request may trigger a request-body handling deadlock, leavi...

7.5CVSS5.8AI score0.00546EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/13 4:56 p.m.13 views

CVE-2026-44574

Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the...

8.1CVSS5.8AI score0.00496EPSS
Exploits2References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/13 4:48 p.m.9 views

CVE-2026-44573

Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less...

7.5CVSS5.8AI score0.00606EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/13 4:48 p.m.65 views

CVE-2026-44573

CVE-2026-44573 affects Next.js (Pages Router with i18n). From 12.2.0 up to but not including 15.5.16 and 16.2.5, middleware/proxy-based authorization can be bypassed for locale-less /_next/data//.json requests, allowing retrieval of SSR JSON for protected pages without authorization checks. The u...

7.5CVSS5.8AI score0.00606EPSS
Exploits1References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 3:57 p.m.10 views

CVE-2026-44572 Next.js: Middleware / Proxy redirects can be cache-poisoned

Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data header on a normal request to a path handled by middleware that returns a redirect. When that happened, the middleware/proxy could treat t...

3.7CVSS5.8AI score0.00195EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 3:57 p.m.53 views

CVE-2026-44572

Summary of CVE-2026-44572 (Next.js): Affects Next.js versions 12.2.0 to just before 15.5.16 and 16.2.5. An external client could send the x-nextjs-data header on a normal request to a path handled by middleware that returns a redirect. The middleware could treat this as a data request and replace...

5.9CVSS5.8AI score0.00195EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Next.js 安全漏洞

Next.js is a React framework open source by Vercel. There were security vulnerabilities in versions of Next.js from 12.2.0 to 15.5.16, and also in version 16.2.5. These vulnerabilities stemmed from the ability for an external client to send the x-nextjs-data header on normal requests processed by...

5.9CVSS5.8AI score0.00195EPSS
Exploits0References1
Rows per page
Query Builder