Lucene search
+L

31 matches found

OSV
OSV
added 2026/06/30 11:39 p.m.4 views

BIT-GHOST-2026-53943 Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header

Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared between different visitors, an unauthenticated user could send an x-ghost-preview header that altered the rendered frontend response. In affecte...

9.6CVSS5.8AI score0.00244EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:16 p.m.5 views

CVE-2025-71381

Hono before 4.10.2 fixed in 4.10.3 contains a flaw in its CORS middleware: when the origin is not set to "", the middleware copies the Vary header from the incoming request into the response. Because Vary is a response header that should be managed by the server, an attacker can supply arbitrary...

6.9CVSS0.0028EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/03 12:3 a.m.14 views

CVE-2026-44582

A flaw was found in Next.js. React Server Component responses are vulnerable to cache poisoning in deployments that use shared caches without proper response partitioning. An attacker can exploit collisions in the rsc cache-busting value to poison cache entries. This allows users to receive...

3.7CVSS5.6AI score0.00203EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-44581

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces...

4.7CVSS5.8AI score0.00222EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-44582

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be...

3.7CVSS5.8AI score0.00203EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/28 11:12 a.m.13 views

CVE-2026-44576

A flaw was found in Next.js, a React framework for building web applications. This vulnerability, related to cache poisoning, affects applications utilizing React Server Components RSC when shared caches fail to properly partition response variants. A remote attacker can exploit this by causing a...

5.4CVSS5.8AI score0.0025EPSS
Exploits0References4
NVD
NVD
added 2026/05/13 6:16 p.m.25 views

CVE-2026-44582

Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions,...

3.7CVSS0.00203EPSS
Exploits1References1
NVD
NVD
added 2026/05/13 5:16 p.m.48 views

CVE-2026-44576

Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker...

5.4CVSS0.0025EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 5:8 p.m.10 views

CVE-2026-44582 Next.js: Cache poisoning via collisions in React Server Component cache-busting

Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions,...

3.7CVSS5.8AI score0.00203EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/13 5:8 p.m.59 views

CVE-2026-44582 Next.js: Cache poisoning via collisions in React Server Component cache-busting

Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions,...

3.7CVSS0.00203EPSS
Exploits1References1
CVE
CVE
added 2026/05/13 5:8 p.m.59 views

CVE-2026-44582

Next.js (React Server Components) versions 13.4.6–before 15.5.16 and 16.2.5 are vulnerable to cache poisoning in deployments using shared caches with insufficient response partitioning. The issue stems from collisions in the _rsc cache-busting value, which can cause an attacker to serve a poisone...

3.7CVSS5.8AI score0.00203EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/13 5:8 p.m.4 views

CVE-2026-44582 Next.js: Cache poisoning via collisions in React Server Component cache-busting

Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions,...

3.7CVSS5.9AI score0.00203EPSS
Exploits1References3
OSV
OSV
added 2026/05/13 5:7 p.m.1 views

CVE-2026-44581 Next.js: Cross-site scripting in App Router applications using CSP nonces

Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derive...

4.7CVSS6AI score0.00222EPSS
Exploits1References3
OSV
OSV
added 2026/05/13 4:57 p.m.2 views

CVE-2026-44576 Next.js: Cache poisoning in React Server Component responses

Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker...

5.4CVSS6.1AI score0.0025EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/13 4:57 p.m.67 views

CVE-2026-44576 Next.js: Cache poisoning in React Server Component responses

Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker...

5.4CVSS0.0025EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 4:57 p.m.13 views

CVE-2026-44576

Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker...

5.4CVSS5.8AI score0.0025EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/13 4:57 p.m.44 views

CVE-2026-44576

CVE-2026-44576 affects Next.js (React Server Components). In affected versions 14.2.0 to before 15.5.16 and 16.2.5, shared caches that do not properly partition response variants can poison the cache by serving an RSC response from the original URL, causing subsequent visitors to receive componen...

5.4CVSS5.8AI score0.0025EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/05/11 3:56 p.m.16 views

Use of Weak Hash

Overview next is a react framework. Affected versions of this package are vulnerable to Use of Weak Hash via collisions in the rsc cache-busting process. An attacker can manipulate cache entries by crafting requests that cause shared caches to serve incorrect response variants to users. This is...

6.3CVSS5.8AI score0.00203EPSS
Exploits1References2
OSV
OSV
added 2026/05/11 3:56 p.m.26 views

GHSA-VFV6-92FF-J949 Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting

Impact React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions, collisions in the rsc cache-busting value can allow an attacker to poison cache entries so users receive the wron...

3.7CVSS5.8AI score0.00203EPSS
Exploits1References5
OSV
OSV
added 2026/05/11 3:54 p.m.18 views

GHSA-WFC6-R584-VFW7 Next.js vulnerable to cache poisoning in React Server Component responses

Impact Applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker can cause an RSC response to be served from the original URL and poison shared cache entries so later...

5.4CVSS5.8AI score0.0025EPSS
Exploits0References5
Rows per page
Query Builder