| CVE-2026-44578 |
high |
8.6 |
8.6 |
15d ago |
Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades |
|
| CVE-2026-44574 |
high |
8.1 |
8.1 |
15d ago |
Next.js has a Middleware / Proxy bypass through dynamic route parameter injection |
|
| CVE-2026-45109 |
high |
7.5 |
7.5 |
15d ago |
Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up |
|
| CVE-2026-44579 |
high |
7.5 |
7.5 |
15d ago |
Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components |
|
| CVE-2026-44575 |
high |
7.5 |
7.5 |
15d ago |
Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes |
|
| CVE-2026-44573 |
high |
7.5 |
7.5 |
15d ago |
Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n |
|
| CVE-2017-16877 |
high |
7.5 |
7.5 |
9y ago |
Next.js Directory Traversal Vulnerability |
|
| CVE-2026-44580 |
medium |
6.1 |
6.1 |
15d ago |
Next.js has cross-site scripting in beforeInteractive scripts with untrusted input |
|
| CVE-2026-44577 |
medium |
5.9 |
5.9 |
15d ago |
Next.js has a Denial of Service in the Image Optimization API |
|
| CVE-2026-44572 |
medium |
5.9 |
5.9 |
15d ago |
Next.js's Middleware / Proxy redirects can be cache-poisoned |
|
| CVE-2026-44576 |
medium |
5.4 |
5.4 |
15d ago |
Next.js vulnerable to cache poisoning in React Server Component responses |
|
| CVE-2026-44581 |
medium |
4.7 |
4.7 |
15d ago |
Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces |
|
| CVE-2026-44582 |
low |
3.7 |
3.7 |
15d ago |
Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting |
|