216 matches found
CVE-2024-48044
Missing Authorization vulnerability in ShortPixel – Convert WebP/AVIF & Optimize Images ShortPixel Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3...
Denial Of Service (DoS)
Next.js is vulnerable to a Denial of Service DoS. The vulnerability is due to improper handling of image optimization, allowing for excessive resource consumption that can lead to a Denial of Service DoS attack...
CVE-2024-47831
A flaw was found in Next.js. In certain versions, a vulnerability in the image optimization feature allows for a potential Denial of Service DoS condition, which could lead to excessive CPU consumption. Neither the next.config.js file that is configured with images.unoptimized set to true or...
GHSA-G77X-44XX-532M Denial of Service condition in Next.js image optimization
Impact The image optimization feature of Next.js contained a vulnerability which allowed for a potential Denial of Service DoS condition which could lead to excessive CPU consumption. Not affected: - The next.config.js file is configured with images.unoptimized set to true or images.loader set to...
Denial of Service condition in Next.js image optimization
Impact The image optimization feature of Next.js contained a vulnerability which allowed for a potential Denial of Service DoS condition which could lead to excessive CPU consumption. Not affected: - The next.config.js file is configured with images.unoptimized set to true or images.loader set to...
CVE-2024-47831
Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service DoS condition which could lead to excessive CPU consumption. Neither t...
CVE-2024-47831 Next.js image optimization has Denial of Service condition
Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service DoS condition which could lead to excessive CPU consumption. Neither t...
CVE-2024-47831 Next.js image optimization has Denial of Service condition
Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service DoS condition which could lead to excessive CPU consumption. Neither t...
CVE-2024-47831 Next.js image optimization has Denial of Service condition
Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service DoS condition which could lead to excessive CPU consumption. Neither t...
PT-2024-7169 · Vercel · Next.Js
Name of the Vulnerable Software and Affected Versions: Next.js versions 10.x through 14.x before version 14.2.7 Description: The issue is related to the image optimization feature in Next.js, which contains a vulnerability allowing for a potential Denial of Service DoS condition that could lead t...
CVE-2024-8800 RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more <= 2.21.0 - Reflected Cross-Site Scripting
The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and...
Next.js Remote Patterns Server-Side Request Forgery
Next.js framework embeds an image optimization component which is enabled by default and allows dynamic resizing when requested. This feature leverages the 'next.config.js' configuration file to ensure that the target host being requested is allowed. When misconfigured, a remote and unauthenticat...
CVE-2024-4636
The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allowmemetypes’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2024-4636
CVE-2024-4636 affects the WordPress plugin Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF . Connected sources confirm a Stored Cross-Site Scripting (XSS) vulnerability via the function allow_meme_types in versions up to and including 3.12.10, caused by insufficient input san...
CVE-2024-4636 Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF <= 3.12.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload
The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allowmemetypes’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2024-4636 Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF <= 3.12.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload
The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allowmemetypes’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it possible...
WordPress plugin Image Optimization by Optimole 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Image Optimization by Optimole < 3.13.0 - Author+ Stored Cross-Site Scripting via SVG Upload
Description The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allowmemetypes’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes...
CVE-2024-1336
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possible for unauthenticated attackers to modif...
CVE-2024-1338
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOptimizeAll function. This makes it possible for unauthenticated attackers to...