Lucene search
K

17 matches found

Github Security Blog
Github Security Blog
added 2026/05/11 4:21 p.m.13 views

Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up

Impact It was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. Refer to CVE-2026-44575 for further details. References - CVE CVE-2026-44575...

7.5CVSS5.8AI score0.01416EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 2:50 p.m.15 views

Next.js Vulnerable to Denial of Service with Server Components

A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23870. A specially crafted HTTP request can be sent to any...

7.5CVSS5.8AI score0.01533EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/03/20 10:16 p.m.6 views

CVE-2026-32887

Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime inside a Next.js App Router route handler, any Node.js AsyncLocalStorage-dependent...

7.4CVSS0.0027EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/20 9:35 p.m.3 views

CVE-2026-32887 Effect Bug: `AsyncLocalStorage` context lost/contaminated inside Effect fibers under concurrent load with RPC

Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime inside a Next.js App Router route handler, any Node.js AsyncLocalStorage-dependent...

7.4CVSS5.8AI score0.0027EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/20 9:35 p.m.21 views

CVE-2026-32887 Effect Bug: `AsyncLocalStorage` context lost/contaminated inside Effect fibers under concurrent load with RPC

Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime inside a Next.js App Router route handler, any Node.js AsyncLocalStorage-dependent...

7.4CVSS0.0027EPSS
Exploits1References1
CVE
CVE
added 2026/03/20 9:35 p.m.20 views

CVE-2026-32887

The Connected document details a concurrency vulnerability in the Effect ecosystem where AsyncLocalStorage (ALS) context is not properly propagated across fibers in a web handler under concurrent load. Root cause: a scheduler drains multiple fiber continuations in a single drain cycle, causing AL...

7.4CVSS5.8AI score0.0027EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 9:35 p.m.2 views

CVE-2026-32887

Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime inside a Next.js App Router route handler, any Node.js AsyncLocalStorage-dependent...

7.4CVSS5.8AI score0.0027EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/10 4:44 p.m.1 views

CVE-2026-30942

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...

8.3CVSS5.9AI score0.00608EPSS
Exploits1References4Affected Software1
GithubExploit
GithubExploit
added 2025/12/17 6:0 p.m.148 views

Exploit for Deserialization of Untrusted Data in Facebook React

🚨 NextRce — CVE-2025-55182 Next.js / React Server Components...

10CVSS8.2AI score0.99562EPSS
Exploits372
GithubExploit
GithubExploit
added 2025/12/07 2:26 a.m.154 views

Exploit for Deserialization of Untrusted Data in Facebook React

Parameters - -f: File to scan default: urls.txt - -f...

10CVSS7.2AI score0.99562EPSS
Exploits372
GithubExploit
GithubExploit
added 2025/12/06 9:54 p.m.304 views

Exploit for Deserialization of Untrusted Data in Facebook React

NextRce - Next.js RSC Exploit Tool CVE-2025-55182...

10CVSS7.9AI score0.99562EPSS
Exploits372
GithubExploit
GithubExploit
added 2025/12/06 2:29 p.m.191 views

Exploit for Deserialization of Untrusted Data in Facebook React

Vulnerable Next.js RSC Application - CVE-2025-55182 ⚠️ WARN...

10CVSS8.8AI score0.99562EPSS
Exploits372
GithubExploit
GithubExploit
added 2025/12/04 2:58 p.m.266 views

Exploit for CVE-2025-55182

CVE-2025-55182 POC for Next.js App-Router CVE-2025-55182 POC...

10CVSS7.7AI score0.99562EPSS
Exploits372
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/05 4:38 p.m.2 views

Malicious code in spark-nextjs-app (npm)

The package spark-nextjs-app was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/09/05 4:38 p.m.1 views

MAL-2025-46116 Malicious code in spark-nextjs-app (npm)

The package spark-nextjs-app was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/19 10:52 a.m.3 views

Malicious code in nextjs-app-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1be3a353ab6fd3d56d1698543312d483fa52ee3aa1fbc09c0d9efbf8c6b99e33 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2024/12/19 10:52 a.m.4 views

MAL-2024-12010 Malicious code in nextjs-app-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1be3a353ab6fd3d56d1698543312d483fa52ee3aa1fbc09c0d9efbf8c6b99e33 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
Rows per page
Query Builder