| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-39420 | Use of Hard-coded Credentials in RDPCore.dll | Resort Data Processing, Inc. | IRM Next Generation | Critical | 9.9 | 2023-09-07 12:17:10 | Deep Dive |
| CVE-2023-39507 | RECRUIT Rikunabi NEXT 安全漏洞 | Recruit Co., Ltd. | "Rikunabi NEXT" App for Android | 中危 | - | 2023-08-16 08:47:29 | Deep Dive |
| CVE-2023-2626 | Authentication Bypass in OpenThread Boarder Router devices | Nest Hub Max | High | 7.5 | 2023-07-25 17:07:03 | Deep Dive | |
| CVE-2023-27919 | NEXT ENGINE Integration Plugin 授权问题漏洞 | NE Inc. | NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) | 中危 | - | 2023-05-10 00:00:00 | Deep Dive |
| CVE-2023-2521 | NEXTU NEXT-7004N POST Request formFilter cross site scripting | NEXTU | NEXT-7004N | Low | 3.5 | 2023-05-04 17:00:05 | Deep Dive |
| CVE-2023-27490 | Missing proper state, nonce and PKCE checks for OAuth authentication in next-auth | nextauthjs | next-auth | High | 8.1 | 2023-03-09 20:37:11 | Deep Dive |
| CVE-2023-27472 | HTML tags in entity names in the tree view are not sanitised in quickentity-editor-next | atampy25 | quickentity-editor-next | High | 8.2 | 2023-03-06 18:12:48 | Deep Dive |
| CVE-2022-39263 | NextAuth.js Upstash Adapter missing token verification | nextauthjs | next-auth | Medium | 6.8 | 2022-09-28 21:05:09 | Deep Dive |
| CVE-2022-36046 | Unexpected server crash in Next.js version 12.2.3 | vercel | next.js | Medium | 5.3 | 2022-08-31 18:55:09 | Deep Dive |
| CVE-2022-35924 | Verification requests (magic link) sent to unwanted emails | nextauthjs | next-auth | Critical | 9.1 | 2022-08-02 17:55:13 | Deep Dive |
| CVE-2022-31186 | Leakage of excessive information into log in next-auth | nextauthjs | next-auth | Low | 3.3 | 2022-08-01 19:25:24 | Deep Dive |
| CVE-2022-31127 | Improper handling of email input in next-auth | nextauthjs | next-auth | High | 7.1 | 2022-07-06 18:00:16 | Deep Dive |
| CVE-2022-31093 | Improper Handling of `callbackUrl` parameter in next-auth | nextauthjs | next-auth | High | 7.5 | 2022-06-27 21:30:20 | Deep Dive |
| CVE-2017-20017 | The Next Generation of Genealogy Sitebuilding timeline2.php sql injection | unspecified | The Next Generation of Genealogy Sitebuilding | Medium | 6.3 | 2022-06-05 05:10:10 | Deep Dive |
| CVE-2022-29214 | URL Redirection to Untrusted Site ('Open Redirect') in next-auth | nextauthjs | next-auth | Medium | 6.1 | 2022-05-20 23:45:11 | Deep Dive |
| CVE-2022-24858 | Default redirect callback vulnerable to open redirects | nextauthjs | next-auth | Medium | 6.1 | 2022-04-19 22:25:10 | Deep Dive |
| CVE-2022-23646 | Improper CSP in Image Optimization API for Next.js | vercel | next.js | Medium | 5.9 | 2022-02-17 20:35:12 | Deep Dive |
| CVE-2022-23107 | Jenkins Warnings Next Generation 路径遍历漏洞 | Jenkins project | Jenkins Warnings Next Generation Plugin | 高危 | - | 2022-01-12 19:06:06 | Deep Dive |
| CVE-2021-43803 | Unexpected server crash in Next.js | vercel | next.js | High | 7.5 | 2021-12-09 23:50:10 | Deep Dive |
| CVE-2021-29844 | IBM Engineering Requirements Management DOORS Next 代码问题漏洞 | IBM | Engineering Workflow Management | 高危 | - | 2021-10-27 16:00:31 | Deep Dive |