Lucene search
K

216 matches found

OSV
OSV
added 2024/11/01 3:15 p.m.5 views

CVE-2024-48044

Missing Authorization vulnerability in ShortPixel – Convert WebP/AVIF & Optimize Images ShortPixel Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3...

8.8CVSS5.8AI score0.00383EPSS
Exploits0References1
Veracode
Veracode
added 2024/10/22 6:10 a.m.12 views

Denial Of Service (DoS)

Next.js is vulnerable to a Denial of Service DoS. The vulnerability is due to improper handling of image optimization, allowing for excessive resource consumption that can lead to a Denial of Service DoS attack...

7.5CVSS7.4AI score0.00737EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2024/10/14 7:55 p.m.30 views

CVE-2024-47831

A flaw was found in Next.js. In certain versions, a vulnerability in the image optimization feature allows for a potential Denial of Service DoS condition, which could lead to excessive CPU consumption. Neither the next.config.js file that is configured with images.unoptimized set to true or...

5.9CVSS6.5AI score0.00737EPSS
Exploits1References5
OSV
OSV
added 2024/10/14 7:45 p.m.1 views

GHSA-G77X-44XX-532M Denial of Service condition in Next.js image optimization

Impact The image optimization feature of Next.js contained a vulnerability which allowed for a potential Denial of Service DoS condition which could lead to excessive CPU consumption. Not affected: - The next.config.js file is configured with images.unoptimized set to true or images.loader set to...

8.2CVSS7.2AI score0.00737EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/10/14 7:45 p.m.40 views

Denial of Service condition in Next.js image optimization

Impact The image optimization feature of Next.js contained a vulnerability which allowed for a potential Denial of Service DoS condition which could lead to excessive CPU consumption. Not affected: - The next.config.js file is configured with images.unoptimized set to true or images.loader set to...

7.5CVSS6.7AI score0.00737EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2024/10/14 6:15 p.m.19 views

CVE-2024-47831

Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service DoS condition which could lead to excessive CPU consumption. Neither t...

7.5CVSS0.00737EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/14 6:4 p.m.28 views

CVE-2024-47831 Next.js image optimization has Denial of Service condition

Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service DoS condition which could lead to excessive CPU consumption. Neither t...

5.9CVSS0.00737EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/10/14 6:4 p.m.23 views

CVE-2024-47831 Next.js image optimization has Denial of Service condition

Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service DoS condition which could lead to excessive CPU consumption. Neither t...

5.9CVSS6.8AI score0.00737EPSS
Exploits1References2
OSV
OSV
added 2024/10/14 6:4 p.m.22 views

CVE-2024-47831 Next.js image optimization has Denial of Service condition

Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service DoS condition which could lead to excessive CPU consumption. Neither t...

5.9CVSS6.6AI score0.00737EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/10/14 12:0 a.m.8 views

PT-2024-7169 · Vercel · Next.Js

Name of the Vulnerable Software and Affected Versions: Next.js versions 10.x through 14.x before version 14.2.7 Description: The issue is related to the image optimization feature in Next.js, which contains a vulnerability allowing for a potential Denial of Service DoS condition that could lead t...

7.5CVSS7.5AI score0.00737EPSS
Exploits1References15
Cvelist
Cvelist
added 2024/10/02 7:35 a.m.30 views

CVE-2024-8800 RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more <= 2.21.0 - Reflected Cross-Site Scripting

The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and...

6.1CVSS0.00355EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/09/17 12:0 a.m.16 views

Next.js Remote Patterns Server-Side Request Forgery

Next.js framework embeds an image optimization component which is enabled by default and allows dynamic resizing when requested. This feature leverages the 'next.config.js' configuration file to ensure that the target host being requested is allowed. When misconfigured, a remote and unauthenticat...

7AI score
Exploits0References2
NVD
NVD
added 2024/05/15 7:15 a.m.22 views

CVE-2024-4636

The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allowmemetypes’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5.9AI score0.0042EPSS
Exploits0References3
CVE
CVE
added 2024/05/15 6:51 a.m.38 views

CVE-2024-4636

CVE-2024-4636 affects the WordPress plugin Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF . Connected sources confirm a Stored Cross-Site Scripting (XSS) vulnerability via the function allow_meme_types in versions up to and including 3.12.10, caused by insufficient input san...

6.4CVSS5.7AI score0.0042EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/15 6:51 a.m.33 views

CVE-2024-4636 Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF <= 3.12.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allowmemetypes’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS6AI score0.0042EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/15 6:51 a.m.9 views

CVE-2024-4636 Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF <= 3.12.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allowmemetypes’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5.8AI score0.0042EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/15 12:0 a.m.5 views

WordPress plugin Image Optimization by Optimole 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS5.9AI score0.0042EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2024/05/14 12:0 a.m.17 views

Image Optimization by Optimole < 3.13.0 - Author+ Stored Cross-Site Scripting via SVG Upload

Description The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allowmemetypes’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes...

6.4CVSS5.9AI score0.0042EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/02/29 1:43 a.m.26 views

CVE-2024-1336

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possible for unauthenticated attackers to modif...

4.3CVSS4.2AI score0.00208EPSS
Exploits0References2
OSV
OSV
added 2024/02/29 1:43 a.m.2 views

CVE-2024-1338

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOptimizeAll function. This makes it possible for unauthenticated attackers to...

4.3CVSS7.2AI score0.00208EPSS
Exploits0References2
Rows per page
Query Builder