浏览 35+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-29057 | Next.js: HTTP request smuggling in rewrites | vercel | next.js | 中危 | - | 2026-03-18 00:30:28 | Deep Dive |
| CVE-2026-27980 | Next.js: Unbounded next/image disk cache growth can exhaust storage | vercel | next.js | 高危 | - | 2026-03-18 00:23:35 | Deep Dive |
| CVE-2026-27979 | Next.js: Unbounded postponed resume buffering can lead to DoS | vercel | next.js | 高危 | - | 2026-03-18 00:13:30 | Deep Dive |
| CVE-2026-27978 | Next.js: null origin can bypass Server Actions CSRF checks | vercel | next.js | 中危 | - | 2026-03-17 23:59:23 | Deep Dive |
| CVE-2026-27977 | Next.js: null origin can bypass dev HMR websocket CSRF checks | vercel | next.js | 中危 | - | 2026-03-17 23:56:25 | Deep Dive |
| CVE-2025-59471 | Next.js 安全漏洞 | vercel | next | Medium | 5.9 | 2026-01-26 21:43:05 | Deep Dive |
| CVE-2025-59472 | Next.js 安全漏洞 | vercel | next | Medium | 5.9 | 2026-01-26 21:43:05 | Deep Dive |
| CVE-2025-52662 | Nuxt DevTools 安全漏洞 | Vercel | Nuxt Devtools | Medium | 6.9 | 2025-11-07 00:43:28 | Deep Dive |
| CVE-2025-48985 | AI SDK 安全漏洞 | Vercel | AI SDK | Low | 3.7 | 2025-11-07 00:43:28 | Deep Dive |
| CVE-2025-57752 | Next.js Affected by Cache Key Confusion for Image Optimization API Routes | vercel | next.js | Medium | 6.2 | 2025-08-29 22:06:27 | Deep Dive |
| CVE-2025-55173 | Next.js Content Injection Vulnerability for Image Optimization | vercel | next.js | Medium | 4.3 | 2025-08-29 22:00:06 | Deep Dive |
| CVE-2025-57822 | Next.js Improper Middleware Redirect Handling Leads to SSRF | vercel | next.js | Medium | 6.5 | 2025-08-29 21:33:15 | Deep Dive |
| CVE-2025-7074 | vercel hyper rimraf-standalone.js ignoreMap redos | vercel | hyper | Medium | 4.3 | 2025-07-05 09:02:05 | Deep Dive |
| CVE-2025-49826 | Next.js DoS vulnerability via cache poisoning | vercel | next.js | High | 7.5 | 2025-07-03 21:03:24 | Deep Dive |
| CVE-2025-49005 | Next.js cache poisoning due to omission of Vary header | vercel | next.js | Low | 3.7 | 2025-07-03 21:01:15 | Deep Dive |
| CVE-2025-48068 | Information exposure in Next.js dev server due to lack of origin verification | vercel | next.js | - | - | 2025-05-30 03:37:45 | Deep Dive |
| CVE-2025-32421 | Next.js Race Condition to Cache Poisoning | vercel | next.js | Low | 3.7 | 2025-05-14 22:56:46 | Deep Dive |
| CVE-2025-46332 | Information Disclosure via Flags override link | vercel | flags | Medium | 6.5 | 2025-05-02 17:06:35 | Deep Dive |
| CVE-2025-30218 | Next.js may leak x-middleware-subrequest-id to external hosts | vercel | next.js | - | - | 2025-04-02 21:23:15 | Deep Dive |
| CVE-2025-29927 | Authorization Bypass in Next.js Middleware | vercel | next.js | Critical | 9.1 | 2025-03-21 14:34:50 | Deep Dive |