Exposição de Next.js
JavaScript frameworks, Web frameworks65
score de exposição
318.444
sites usam
0
em exploração
1
críticos
CVEs
41 resultadosCVE-2025-55173MEDIUMNext.js Content Injection Vulnerability for Image OptimizationEPSS 0.5%CVE-2024-39693HIGHNext.js Denial of Service (DoS) conditionEPSS 0.5%CVE-2026-27979MEDIUMNext.js: Unbounded postponed resume buffering can lead to DoSEPSS 0.5%CVE-2026-44579HIGHNext.js: Denial of Service via connection exhaustion in applications using Cache ComponentsEPSS 0.5%CVE-2026-29057MEDIUMNext.js: HTTP request smuggling in rewritesEPSS 0.4%CVE-2025-49005LOWNext.js cache poisoning due to omission of Vary headerEPSS 0.4%CVE-2026-44577MEDIUMNext.js: Denial of Service in the Image Optimization APIEPSS 0.4%CVE-2026-45109HIGHNext.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routesEPSS 0.4%CVE-2026-44574HIGHNext.js: Middleware / Proxy bypass through dynamic route parameter injectionEPSS 0.4%CVE-2025-30218LOWNext.js may leak x-middleware-subrequest-id to external hostsEPSS 0.4%CVE-2026-44573HIGHNext.js: Middleware / Proxy bypass in Pages Router applications using i18nEPSS 0.4%CVE-2025-57752MEDIUMNext.js Affected by Cache Key Confusion for Image Optimization API RoutesEPSS 0.3%CVE-2026-44576MEDIUMNext.js: Cache poisoning in React Server Component responsesEPSS 0.3%CVE-2026-44581MEDIUMNext.js: Cross-site scripting in App Router applications using CSP noncesEPSS 0.2%CVE-2026-44580MEDIUMNext.js: Cross-site scripting in beforeInteractive scripts with untrusted inputEPSS 0.2%CVE-2026-44582LOWNext.js: Cache poisoning via collisions in React Server Component cache-bustingEPSS 0.2%CVE-2026-27978MEDIUMNext.js: null origin can bypass Server Actions CSRF checksEPSS 0.2%CVE-2026-44572LOWNext.js: Middleware / Proxy redirects can be cache-poisonedEPSS 0.2%CVE-2026-27977LOWNext.js: null origin can bypass dev HMR websocket CSRF checksEPSS 0.2%CVE-2025-48068LOWInformation exposure in Next.js dev server due to lack of origin verificationEPSS 0.2%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →