| CVE-2026-44578 |
high |
8.6 |
8.6 |
|
|
|
15d ago |
Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades |
| CVE-2026-44574 |
high |
8.1 |
8.1 |
|
|
|
15d ago |
Next.js has a Middleware / Proxy bypass through dynamic route parameter injection |
| CVE-2026-45109 |
high |
7.5 |
7.5 |
|
|
|
15d ago |
Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up |
| CVE-2026-44579 |
high |
7.5 |
7.5 |
|
|
|
15d ago |
Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components |
| CVE-2026-44575 |
high |
7.5 |
7.5 |
|
|
|
15d ago |
Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes |
| CVE-2026-44573 |
high |
7.5 |
7.5 |
|
|
|
15d ago |
Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n |
| CVE-2017-16877 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Next.js Directory Traversal Vulnerability |