CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

85 matches found

Tenable Nessus•added 2026/02/04 12:0 a.m.•4 views

Next.js Framework 10.x / 11.x / 12.x / 13.x / 14.x / 15.x < 15.5.10 / 16.x < 16.1.5 Image Optimizer DoS (GHSA-9g9p-9gw9-jx7f)

The Next.js Framework on the remote host is affected by a denial of service vulnerability: - A denial of service vulnerability exists in self-hosted Next.js applications that have remotePatterns configured for the Image Optimizer. The image optimization endpoint /next/image loads external images...

7.5CVSS5.9AI score0.00041EPSS

Exploits0References2

Veracode•added 2026/02/02 6:57 a.m.•4 views

Denial Of Service (DoS)

Next.js is vulnerable to Denial Of Service DoS. The vulnerability is due to the image optimization endpoint loading external images into memory without enforcing a maximum size limit, which allows an attacker to request optimization of arbitrarily large images and trigger out-of-memory conditions...

7.5CVSS5.5AI score0.00041EPSS

Exploits0References6Affected Software1

RedhatCVE•added 2026/01/29 9:24 a.m.•3 views

CVE-2026-1298

The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on the imagereplacementfromurl function that is hooked to the erifromurl AJAX action. This makes it possible for authenticated...

5.3CVSS5.9AI score0.00015EPSS

Exploits0References1

Veracode•added 2026/01/28 7:40 a.m.•4 views

Denial Of Service (DoS)

Next.js is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to unbounded memory consumption in the Image Optimizer, where the /next/image endpoint loads attacker-controlled external images entirely into memory without size limits when remotePatterns is enabled, allowing large image...

7.5CVSS5.9AI score0.0015EPSS

Exploits0References5Affected Software1

CVE•added 2026/01/28 5:30 a.m.•7 views

CVE-2026-1298

The CVE-2026-1298 entry refers to the WordPress plugin Easy Replace Image (

5.3CVSS5.9AI score0.00015EPSS

Exploits0References4

EUVD•added 2026/01/27 7:18 p.m.•2 views

EUVD-2025-206334

Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration...

5.9CVSS5.9AI score0.00041EPSS

Exploits0References6

OSV•added 2026/01/27 7:18 p.m.•2 views

GHSA-9G9P-9GW9-JX7F Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration

A DoS vulnerability exists in self-hosted Next.js applications that have remotePatterns configured for the Image Optimizer. The image optimization endpoint /next/image loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause out-of-memory...

5.9CVSS5.9AI score0.00041EPSS

Exploits0References7

Snyk•added 2026/01/26 10:49 p.m.•3 views

Allocation of Resources Without Limits or Throttling

Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the fetchExternalImage function, which is used for image optimization and loads external images into memory without a maximum size limit. An attacker ca...

8.2CVSS5.9AI score0.0015EPSS

Exploits0References2

OSV•added 2026/01/26 10:15 p.m.•2 views

CVE-2025-59471

A denial of service vulnerability exists in self-hosted Next.js applications that have remotePatterns configured for the Image Optimizer. The image optimization endpoint /next/image loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause...

7.5CVSS5.7AI score

Exploits0References1

ATTACKERKB•added 2026/01/26 9:43 p.m.•4 views

CVE-2025-59471

5.9CVSS5.9AI score0.00041EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/01/26 9:43 p.m.•18 views

CVE-2025-59471

5.9CVSS0.00041EPSS

Exploits0References1

CVE•added 2026/01/26 9:43 p.m.•32 views

CVE-2025-59471

CVE-2025-59471 describes a denial-of-service in self-hosted Next.js apps that have a remotePatterns configuration for the Image Optimizer. The vulnerability arises because the image optimization endpoint /_next/image loads external images fully into memory and does not enforce a maximum size, ena...

7.5CVSS5.9AI score0.00041EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/01/26 9:43 p.m.•2 views

CVE-2025-59471

5.9CVSS5.9AI score0.00041EPSS

Exploits0References1

Positive Technologies•added 2026/01/26 12:0 a.m.•3 views

PT-2026-4816

Name of the Vulnerable Software and Affected Versions Next.js versions prior to 15.5.10 Next.js versions prior to 16.1.5 Description A denial of service issue exists in self-hosted Next.js applications utilizing the Image Optimizer with configured remotePatterns. The image optimization endpoint /...

7.5CVSS5.9AI score0.0015EPSS

Exploits0References18

Veracode•added 2025/12/13 5:11 a.m.•3 views

Directory Traversal

Mammoth is vulnerable to Directory Traversal. The vulnerability is due to the lack of path or file type validation when processing DOCX files with externally linked images, which allows an attacker to read arbitrary files on the system or trigger excessive resource consumption by referencing...

9.3CVSS6AI score0.00254EPSS

Exploits0References4Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-3890

Malware in sbrugna...

4.3CVSS4.7AI score0.00701EPSS

Exploits0References8

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2023-55519

Malicious code in bioql PyPI...

4.1CVSS6.5AI score0.00164EPSS

Exploits0References3