cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-51479,https://securityvulnerability.io/vulnerability/CVE-2024-51479,Authorization Bypass Vulnerability in Next.js Framework,"CVE-2024-51479 is a critical vulnerability affecting the Next.js framework, which is widely used for building full-stack web applications. In versions prior to 14.2.15, a flaw exists in the authorization mechanism within middleware where pathname-based authorization can be bypassed. This means unauthorized users may access pages directly under the application's root directory, compromising the integrity of web applications. Next.js applications hosted on Vercel have automatic mitigation against this vulnerability, ensuring that even older versions are protected. No official workarounds are available; thus, updating to version 14.2.15 or later is strongly recommended to safeguard against potential exploits.",Vercel,,,,0.0004299999854993075,false,,true,false,true,2024-12-26T10:42:42.000Z,,false,false,,2024-12-17T19:15:00.000Z,530
CVE-2024-46982,https://securityvulnerability.io/vulnerability/CVE-2024-46982,Next.js vulnerability: Poisoned cache could expose sensitive data,"A cache poisoning vulnerability exists in the Next.js framework, which is widely used for building full-stack web applications. This vulnerability allows an attacker to send a specially crafted HTTP request that can manipulate the cache of non-dynamic server-side rendered routes. Specifically, it affects routes handled by the pages router when configured incorrectly, enabling the caching of content that should remain uncached. Affected versions, from 13.5.1 to 14.2.9, may inadvertently send a `Cache-Control: s-maxage=1, stale-while-revalidate` header, which may influence upstream Content Delivery Networks (CDNs) to cache responses. The only resolution to mitigate this issue is to upgrade to Next.js versions 13.5.7, 14.2.10, or later. Users are encouraged to apply the patch without delay, as there are no recommended workarounds available.",Vercel,Next.js,7.5,HIGH,0.00044999999227002263,false,,true,false,true,2024-12-14T18:14:01.000Z,true,true,false,,2024-09-17T22:15:00.000Z,8028
CVE-2024-34351,https://securityvulnerability.io/vulnerability/CVE-2024-34351,Server-Side Request Forgery (SSRF) vulnerability in Next.js Server Actions,"A vulnerability has been identified in the Next.js framework that allows Server-Side Request Forgery (SSRF) under specific conditions. This flaw arises when the 'Host' header is modified in a self-hosted Next.js environment. Particularly, if the application utilizes Server Actions and those actions perform redirects to relative paths starting with '/', an attacker could exploit this by making requests that seem to originate from the Next.js application server itself. The issue has been addressed and fixed in version 14.1.1 of Next.js.",Vercel,Next.js,7.5,HIGH,0.001019999966956675,false,,true,false,true,2024-05-11T05:39:10.000Z,true,true,true,2024-05-10T11:52:02.702Z,2024-05-14T15:38:00.000Z,17162