Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

25 matches found

RedhatCVE
RedhatCVEadded yesterday7 views

CVE-2026-44575

A flaw was found in Next.js. App Router applications that use middleware or proxy-based authorization checks are vulnerable to unauthorized access. A remote attacker can exploit this by crafting specific .rsc and segment-prefetch URLs, which bypass the intended middleware rules. This allows acces...

7.5CVSS5.7AI score0.00053EPSS
Exploits0References4
GithubExploit
GithubExploitadded 2026/05/18 4:21 p.m.38 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 React2Shell Analysis Report Sections require...

10CVSS7.8AI score0.82011EPSS
Exploits358
Vulnrichment
Vulnrichmentadded 2026/05/13 5:7 p.m.4 views

CVE-2026-44581 Next.js: Cross-site scripting in App Router applications using CSP nonces

Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derive...

4.7CVSS5.8AI score0.00011EPSS
Exploits1References1
Patchstack
Patchstackadded 2026/05/11 3:54 p.m.5 views

NPM: Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes

NPM: Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes vulnerability discovered by ? in WordPress Npm next versions = 15.2.0, 15.5.16...

7.5CVSS5.8AI score0.00053EPSS
Exploits0References5Affected Software1
Imperva Blog
Imperva Blogadded 2026/05/09 7:5 p.m.5 views

CVE-2026-23870: Imperva Customers Protected Against Critical React Server Components DoS Vulnerability

TL;DR:A newly disclosed denial-of-service vulnerability, CVE-2026-23870, impacts React Server Components and dependent frameworks, including Next.js App Router deployments. The flaw enables unauthenticated attackers to send specially crafted HTTP requests that trigger excessive CPU consumption...

7.5CVSS5.9AI score0.00338EPSS
Exploits1
OSV
OSVadded 2026/04/10 3:35 p.m.1 views

GHSA-Q4GF-8MX6-V5V3 Next.js has a Denial of Service with Server Components

A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23869. You can read more about this advisory our this...

7.5CVSS5.8AI score0.00841EPSS
Exploits3References3
RedhatCVE
RedhatCVEadded 2026/03/26 3:2 p.m.0 views

CVE-2026-32887

Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime inside a Next.js App Router route handler, any Node.js AsyncLocalStorage-dependent...

7.4CVSS5.8AI score0.00015EPSS
Exploits1References1
GithubExploit
GithubExploitadded 2026/03/25 6:29 p.m.101 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 RSC lab intentionally vulnerable Local Doc...

10CVSS6.9AI score0.82011EPSS
Exploits358
Positive Technologies
Positive Technologiesadded 2026/03/20 12:0 a.m.1 views

PT-2026-26681

Name of the Vulnerable Software and Affected Versions Effect versions prior to 3.20.0 @effect/rpc versions prior to 0.72.1 @effect/platform versions prior to 0.94.2 Description Effect is a TypeScript framework used for building TypeScript applications. A flaw exists in versions prior to 3.20.0,...

7.4CVSS5.9AI score0.00015EPSS
Exploits1References8
GithubExploit
GithubExploitadded 2025/12/31 2:20 p.m.195 views

Exploit for Deserialization of Untrusted Data in Facebook React

CyberSec Blog CTF - React2Shell PoC Ce dépôt fournit un envir...

10CVSS7.2AI score0.82011EPSS
Exploits372
GithubExploit
GithubExploitadded 2025/12/17 12:45 a.m.189 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell PoC This repository provides a minimal intentiona...

10CVSS8AI score0.82011EPSS
Exploits379
Github Security Blog
Github Security Blogadded 2025/12/16 7:37 p.m.4 views

tRPC has possible prototype pollution in `experimental_nextAppDirCaller`

Note that this vulnerability is only present when using experimentalcaller / experimentalnextAppDirCaller. Summary A Prototype Pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router adapter. An attacker can pollute Object.prototype by...

8.5CVSS7AI score0.00191EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2025/12/16 5:16 p.m.1 views

CVE-2025-68130

tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router...

8.5CVSS0.00191EPSS
Exploits0References1
EUVD
EUVDadded 2025/12/16 4:50 p.m.1 views

EUVD-2025-203822

tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router...

8.5CVSS6.5AI score0.00191EPSS
Exploits0References3
GithubExploit
GithubExploitadded 2025/12/14 5:18 p.m.154 views

Exploit for Deserialization of Untrusted Data in Facebook React

Next.Js React Server Components RSC Vulnerabilities This re...

10CVSS8.8AI score0.82011EPSS
Exploits368
OSV
OSVadded 2025/12/11 10:49 p.m.0 views

GHSA-MWV6-3258-Q52C Next Vulnerable to Denial of Service with Server Components

A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55184. A malicious HTTP request can...

7.5CVSS5.9AI score0.41239EPSS
Exploits10References4
GithubExploit
GithubExploitadded 2025/12/10 7:52 a.m.132 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 - Next.js RSC Remote Code Execution Exploit...

10CVSS8.6AI score0.82011EPSS
Exploits358
GithubExploit
GithubExploitadded 2025/12/06 11:36 p.m.175 views

Exploit for Deserialization of Untrusted Data in Facebook React

RSC Infra Scanner rscinfrascan.py is a fast, asynchronous...

10CVSS7.9AI score0.82011EPSS
Exploits372
GithubExploit
GithubExploitadded 2025/12/05 1:38 p.m.202 views

Exploit for CVE-2025-55182

React2Shell – Critical Remote Code Execution in React Server C...

10CVSS8.3AI score0.82011EPSS
Exploits372
GithubExploit
GithubExploitadded 2025/12/05 1:38 p.m.352 views

Exploit for CVE-2025-55182

React2Shell – Critical Remote Code Execution in React Server C...

10CVSS8.3AI score0.82011EPSS
Exploits372
Rows per page
Query Builder