EUVD-2025-26244

Malicious code in bioql PyPI...

CVE-2025-57752 Next.js Affected by Cache Key Confusion for Image Optimization API Routes

Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers such as Cookie or...

CVE-2025-57752 Next.js Affected by Cache Key Confusion for Image Optimization API Routes

Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers such as Cookie or...

CVE-2025-55173 Next.js Content Injection Vulnerability for Image Optimization

Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary...

GHSA-XV57-4MR9-WG8V Next.js Content Injection Vulnerability for Image Optimization

A vulnerability in Next.js Image Optimization has been fixed in v15.4.5 and v14.2.31. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary content and filenames under specific configurations. This behavior could be abused for phishing or malicious...

PT-2025-35326

Name of the Vulnerable Software and Affected Versions: Next.js versions prior to 14.2.31 Next.js versions 15.0.0 through 15.4.5 Description: Next.js Image Optimization is susceptible to content injection. Attackers controlling external image sources can trigger file downloads with arbitrary conte...

Next.js 安全漏洞

Next.js is a React framework open-sourced by Vercel. A security vulnerability exists in Next.js versions prior to 14.2.31 and 15.0.0 through 15.4.5, which stems from cache key obfuscation and could lead to unauthorized user access...

PT-2025-35327

Name of the Vulnerable Software and Affected Versions: Next.js versions prior to 14.2.31 Next.js versions 15.0.0 through 15.4.5 Description: Next.js Image Optimization API routes are susceptible to a cache key confusion issue. When images returned from API routes vary based on request headers, su...

PT-2023-14138 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 13.7 through 15.4.5 GitLab EE versions 15.5 through 15.5.4 GitLab EE versions 15.6 through 15.6.0 Description: An information leak issue was identified that exposes user email IDs through the webhook payload. Recommendation...

UBUNTU-CVE-2022-3478

An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package...