Where
-Infinity
0

Trending

Last week
Last month
Last year

npm/nextNext.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

Risk 43
Severity
7.5
First published (updated )
CVE-2026-45109

npm/nextNext.js: Middleware / Proxy redirects can be cache-poisoned

Risk 35
Severity
5.9
First published (updated )
CVE-2026-44572

npm/nextNext.js: Cross-site scripting in App Router applications using CSP nonces

Risk 31
Severity
4.7
First published (updated )
CVE-2026-44581

npm/nextNext.js: Cache poisoning via collisions in React Server Component cache-busting

Risk 20
Severity
3.7
First published (updated )
CVE-2026-44582

npm/nextNext.js: Cross-site scripting in beforeInteractive scripts with untrusted input

Risk 38
Severity
6.1
First published (updated )
CVE-2026-44580
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

npm/nextNext.js: Denial of Service via connection exhaustion in applications using Cache Components

Risk 43
Severity
7.5
First published (updated )
CVE-2026-44579

npm/nextNext.js: Denial of Service in the Image Optimization API

Risk 35
Severity
5.9
First published (updated )
CVE-2026-44577

npm/nextNext.js: Server-side request forgery in applications using WebSocket upgrades

Risk 49
Severity
8.6
First published (updated )
CVE-2026-44578

npm/nextNext.js: Cache poisoning in React Server Component responses

Risk 35
Severity
5.4
First published (updated )
CVE-2026-44576

npm/nextNext.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

Risk 43
Severity
7.5
First published (updated )
CVE-2026-44575
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

npm/nextNext.js: Middleware / Proxy bypass through dynamic route parameter injection

Risk 60
Severity
8.1
First published (updated )
CVE-2026-44574

npm/nextNext.js: Middleware / Proxy bypass in Pages Router applications using i18n

Risk 43
Severity
7.5
First published (updated )
CVE-2026-44573

npm/nextNext.js: HTTP request smuggling in rewrites

Risk 40
Severity
6.5
First published (updated )
CVE-2026-29057

npm/nextNext.js: Unbounded next/image disk cache growth can exhaust storage

Risk 43
Severity
6.9
First published (updated )
CVE-2026-27980

npm/nextNext.js: Unbounded postponed resume buffering can lead to DoS

Risk 43
Severity
6.9
First published (updated )
CVE-2026-27979
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

npm/nextNext.js: null origin can bypass Server Actions CSRF checks

Risk 26
Severity
5.3
First published (updated )
CVE-2026-27978

npm/nextNext.js: null origin can bypass dev HMR websocket CSRF checks

Risk 34
Severity
2.3
First published (updated )
CVE-2026-27977

Vercel Next.js Node.jsA denial of service vulnerability exists in Next.js versions with Partial Prerendering (PPR) enabled…

Risk 43
Severity
7.5
First published (updated )
CVE-2025-59472

npm/nextA DoS vulnerability exists in self-hosted Next.js applications that have `remotePatterns` configured…

Risk 43
Severity
7.5
First published (updated )
CVE-2025-59471

Vercel Next.js Node.jsadditional act vulnerabilities (CVE-2025-55183, CVE-2025-55184, CVE-2025-67779)

Risk 47
Severity
7.5
First published (updated )
CVE-2025-67779
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Vercel Next.js Node.jsadditional act vulnerabilities (CVE-2025-55183, CVE-2025-55184, CVE-2025-67779)

Risk 47
Severity
7.5
First published (updated )
CVE-2025-55184

Vercel Next.js Node.jsadditional act vulnerabilities (CVE-2025-55183, CVE-2025-55184, CVE-2025-67779)

Risk 29
Severity
5.3
First published (updated )
CVE-2025-55183

Vercel Next.js Node.jsMeta React Server Components Remote Code Execution Vulnerability

Risk 100
Severity
10
Exploited
Trending
Year
First published (updated )
CVE-2025-55182

npm/nextAuthorization Bypass in Next.js Middleware

Risk 76
Severity
9.1
Exploited
Zeroday
EPSS
84.70%
First published (updated )
CVE-2025-29927

npm/nextNext.js Server-Side Request Forgery in Server Actions

Risk 31
Severity
7.5
EPSS
0.06%
First published (updated )
CVE-2024-34351
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203