Every CVE whose affected-product data names Zeit Next.js, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2017-16877 — CVSS 7.5 (high): ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive…
CVE-2020-5284 — CVSS 4.4 (medium): Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist…