漏洞描述
2.4.1之前的ZEIT Next.js在/_Next和/static request命名空间下具有目录遍历功能,允许攻击者获取敏感信息。
Nextjs v2.4.1 任意文件读取(CVE-2017-16877)
PoC代码
暂无相关漏洞推荐
- (CVE-2023-53884)Webedition CMS v2.9.8.8 存储型跨站脚本漏洞
- Fortinet FortiWeb /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi 权限绕过漏洞(CVE-2025-64446/CVE-2025-58034)
- Fortinet FortiWeb /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi 权限绕过漏洞(CVE-2025-64446)
- POC CVE-2025-44136: MapTiler Tileserver-php v2.0 - Unauthenticated XSS
- POC CVE-2025-44137: MapTiler Tileserver-php v2.0 - Unauthenticated File Read
- Hoverfly /api/v2/hoverfly/middleware 命令执行漏洞(CVE-2025-54123)
- wordpress /wp-json/wp/v2/users 信息泄露漏洞
- Windows NTLMv2-SSP Hash信息泄露漏洞(CVE-2025-50154)
- Jeecg-boot v2.1.2-v3.0.0 后台未授权SQL注入漏洞: Jeecg-boot v2.1.2-v3.0.0 后台未授权SQL注入漏洞
- MapTiler Tileserver-php v2.0 存在xss漏洞(CVE-2025-44136)
- MapTiler Tileserver-php v2.0 存在目录遍历漏洞(CVE-2025-44137)
- POC CVE-2010-1586: HP System Management Homepage (SMH) v2.x.x.x - Open Redirect
- POC CVE-2015-2080: Eclipse Jetty <9.2.9.v20150224 - Sensitive Information Leakage