Lucene search
K

24 matches found

CNNVD
CNNVD
added 2026/03/17 12:0 a.m.5 views

Next.js 安全漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 16.0.1 to 16.1.7 had a security vulnerability. This vulnerability stemmed from the cross-site protection of the internal WebSocket endpoint in development mode, which might treat Origin: null as an mechanism. This could...

5.4CVSS5.7AI score0.00171EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.7 views

Next.js 安全漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 16.0.1 to 16.1.7 had a security vulnerability. This vulnerability stemmed from treating origin: null as an absent source during server-side CSRF validation, which could lead to bypassing source verification and triggerin...

5.3CVSS5.7AI score0.002EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.14 views

PT-2026-25909

Name of the Vulnerable Software and Affected Versions Next.js versions 16.0.1 through 16.1.7 Description Next.js, a React framework for building full-stack web applications, had a flaw in its Server Action CSRF validation. Specifically, origin: null was incorrectly treated as a missing origin,...

5.3CVSS5.8AI score0.002EPSS
Exploits1References14
Veracode
Veracode
added 2017/02/16 7:7 a.m.7 views

Origin Null Vulnerability

rack-cors is vulnerable to an origin null vulnerability. When an iframe contains html code for its source instead of a URL, a website using rack-cors and allowing file:// does not prevent browsers to send null origins...

6.8AI score
Exploits0
Rows per page
Query Builder