Linux Distros Unpatched Vulnerability : CVE-2026-44574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect...

Linux Distros Unpatched Vulnerability : CVE-2026-44578

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in...

Exploit for Server-Side Request Forgery in Vercel Next.Js

╔═══════════════════════════════════════════════════════════...

Next.js 安全漏洞

Next.js is a React framework open source by Vercel. There were security vulnerabilities in versions of Next.js from 12.2.0 to 15.5.16, and also in version 16.2.5. These vulnerabilities stemmed from the ability for an external client to send the x-nextjs-data header on normal requests processed by...

Postiz App has a High-Severity SSRF Vulnerability via Next.js

Impact A successful SSRF attack allows an attacker to: - Bypass firewalls to scan and interact with internal network services/ports. - Access sensitive cloud metadata services e.g., AWS IMDS 169.254.169.254 to potentially leak instance credentials. - Pivot into the internal network environment...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 React2Shell Vulnerability Analysis Lab This...

Withdrawn Advisory: LikeC4 has RCE through vulnerable React and Next.js versions

Withdrawn Advisory This advisory has been withdrawn because LikeC4 isn’t impacted by CVE-2025-55182 because it doesn’t ship React. React is a peer dependency. Original Description LikeC4 uses React and Next.js: which contain known RCE vulnerabilities, as seen in CVE-2025-55182. 2025-12-15 Edit: t...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Advanced Scanner 🚀 !Bashhttps://img.shields...

Exploit for Deserialization of Untrusted Data in Facebook React

R2SHELL !WARNING Este proyecto es SOLO PARA PROPÓSITO...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell /$$$$$$$...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell Vulnerability Scanner A safe, non-invasive scanne...

Exploit for Deserialization of Untrusted Data in Facebook React

REACT2SHELL CVE-2025-55182 CVE-2025-55182 & CVE-2025-66478 p...

Exploit for CVE-2025-66478

Next.js CVE-2025-66478 PoC English | 한...

Exploit for CVE-2025-55182

React2Shell Proof of Concept exploit for CVE-2025-55182 Unaut...

CVE-2025-30218 Next.js may leak x-middleware-subrequest-id to external hosts

Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host ...

Next.js 信息泄露漏洞

Next.js is a React framework open-sourced by Vercel. An information disclosure vulnerability exists in Next.js, which stems from insufficient validation of the x-middleware-subrequest-id, which could lead to information disclosure. The following versions are affected: versions prior to 12.3.6,...

GHSA-FQ77-7P7R-83RJ Directory Traversal in Next.js

Impact - Not affected: Deployments on ZEIT Now v2 https://zeit.co are not affected - Not affected: Deployments using the serverless target - Not affected: Deployments using next export - Affected: Users of Next.js below 9.3.2 We recommend everyone to upgrade regardless of whether you can reproduc...