Linux Distros Unpatched Vulnerability : CVE-2026-44577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default imag...

CVE-2026-44577

Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could...

CVE-2026-44577 Next.js: Denial of Service in the Image Optimization API

Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could...

CVE-2026-44577 vulnerabilities

Vulnerabilities for packages: keep...

CVE-2026-44577

creationtimestamp| type| source ---|---|--- 2026-05-11 06:42:58+00:00| published-proof-of-concept| https://t.me/htfgtps/1107...

PT-2026-39418

Name of the Vulnerable Software and Affected Versions Next.js versions 14.2.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description Applications using React Server Components RSC are susceptible to cache poisoning when shared caches fail to correctly partition response variants. An...

PT-2026-39412

Name of the Vulnerable Software and Affected Versions Next.js versions 13.0.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description Applications using beforeInteractive scripts combined with untrusted content are susceptible to cross-site scripting XSS, a flaw where malicious scripts...

PT-2026-39411

Name of the Vulnerable Software and Affected Versions Next.js versions prior to 15.5.16 Next.js versions prior to 16.2.5 Description Applications utilizing Partial Prerendering via the Cache Components feature are susceptible to connection exhaustion. A crafted POST request to a server action can...

PT-2026-39417

Name of the Vulnerable Software and Affected Versions Next.js versions 12.2.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description An external client can send an x-nextjs-data header on a request to a path handled by middleware that returns a redirect. This causes the middleware or...

EUVD-2025-44577

Malicious code in wati-kue90-sukiwir npm...

CVE-2024-44577

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the timedate function...

CVE-2024-44577

creationtimestamp| type| source ---|---|--- 2024-09-11 19:32:48+00:00| seen| https://t.me/cvedetector/5401...

CVE-2024-44577

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the timedate function...

CVE-2021-44577

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3200 Reason: This candidate is a duplicate of CVE-2021-3200. Notes: All CVE users should reference CVE-2021-3200 instead of this candidate. Al...

CVE-2021-44577

CVE-2021-44577 is rejected/not used; reference CVE-2021-3200.