Linux Distros Unpatched Vulnerability : CVE-2026-44575

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware...

Linux Distros Unpatched Vulnerability : CVE-2026-44582

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be...

CVE-2026-44573

A flaw was found in Next.js. Applications utilizing the Pages Router with internationalization i18n configured and middleware or proxy-based authorization are susceptible to unauthorized access. A remote attacker can exploit this by making locale-less /next/data//.json requests, which bypass the...

Exploit for Server-Side Request Forgery in Vercel Next.Js

CVE-2026-44578 - Next.js WebSocket SSRF PoC Vulnerability:...

Next.js Framework 15.4.x < 15.5.16 / 16.x < 16.2.5 Authorization Bypass

The Next.js Framework on the remote host is affected by an authorization bypass vulnerability: - Applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. Specially crafted query parameters can alter the dynamic route value seen by the page while...

CVE-2026-44578

CVE-2026-44578 affects Next.js self-hosted deployments using the built-in Node.js server. The issue enables server-side request forgery via crafted WebSocket upgrade requests, allowing an attacker to proxy requests to internal or external destinations and potentially expose internal services or c...

Security Bulletin: IBM Edge Data Collector Component uses next-15.5.7.tgz which is vulnerable to CVE-2025-59471.

Summary Security Bulletin: IBM Edge Data Collector Component uses next-15.5.7.tgz which is vulnerable to CVE-2025-59471. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-59471 DESCRIPTION: A denial of service vulnerability exists in self-hosted...

@bentwnghk/chat (>=1.91.2 <=1.91.6), @lobehub/chat (>=1.49.5 <=1.49.12) +2 more potentially affected by CVE-2026-41248 via @clerk/nextjs (>=6.10.2 <=6.28.1)

@clerk/nextjs NPM version =6.10.2, =1.91.2, =1.49.5, =0.0.2, =0.17.1, =0.17.3-centauri.0 Source cves: CVE-2026-41248 Source advisory: SNYK:JS-CLERKNEXTJS-16098250...

CVE-2026-27979 Next.js: Unbounded postponed resume buffering can lead to DoS

Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, a request containing the next-resume: 1 header corresponding with a PPR resume request would buffer request bodies without consistently enforcing maxPostponedStateSize in...

Next.js 资源管理错误漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 10.0.0 to 16.1.7 had a resource management vulnerability. This vulnerability stemmed from the default image optimization feature, which had no configuration limit on disk caching, potentially leading to exhaustion of dis...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE Exploitation Arsenal Professional penetration testing too...

Exploit for CVE-2025-66478

Vulnerable Mall Next.js Red/Blue Team Training Target Vul...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell PoC This repository provides a minimal intentiona...

Exploit for Deserialization of Untrusted Data in Facebook React

🛠️ CVE-2025-55182-POC-NEXTJS - Simple Proof of Concept for Nex...

GHSA-VR6P-VQ2P-6J74 Withdrawn Advisory: LikeC4 has RCE through vulnerable React and Next.js versions

Withdrawn Advisory This advisory has been withdrawn because LikeC4 isn’t impacted by CVE-2025-55182 because it doesn’t ship React. React is a peer dependency. Original Description LikeC4 uses React and Next.js: which contain known RCE vulnerabilities, as seen in CVE-2025-55182. 2025-12-15 Edit: t...

Exploit for CVE-2025-66478

PoC for Next.js Vulnerability. Credits where credits are d...

Exploit for Deserialization of Untrusted Data in Facebook React

🚀 React2Shell Exploiter Advanced Exploitation & Server I...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 — demo This repository provides a demonstratio...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Next.js RCE Exploit Tool 中文文档./README.zh-CN...

Exploit for CVE-2025-55182

CVE-2025-55182 This repository provides a minimal intentional...