214 matches found
EUVD-2023-12654
Malicious code in bioql PyPI...
EUVD-2022-15967
Malicious code in bioql PyPI...
EUVD-2022-6760
Malicious code in bioql PyPI...
Cache Key Confusion
Next.js is vulnerable to cache key confusion. The vulnerability is due to improper handling of request headers in the Image Optimization API routes, which allows an attacker to receive cached image responses intended for authorized users...
Improper Access Control
@astrojs/node is vulnerable to Improper Access Control. The vulnerability is due to improper validation of image source domains in the image optimization endpoint, which allows an attacker to bypass third-party domain restrictions using protocol-relative URLs and serve unauthorized external image...
CVE-2025-58179
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...
Linux Distros Unpatched Vulnerability : CVE-2025-55173
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization i...
Linux Distros Unpatched Vulnerability : CVE-2025-57752
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization A...
CVE-2025-55173
A vulnerability in Next.js Image Optimization allowed attacker-controlled image servers to trigger arbitrary file downloads with custom content and filenames. Exploitation required permissive images.domains or images.remotePatterns and user interaction. Binary-Affected: Next.js...
CVE-2025-55173
Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary...
CVE-2025-57752
Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers such as Cookie or...
CVE-2025-57752 Next.js Affected by Cache Key Confusion for Image Optimization API Routes
Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers such as Cookie or...
CVE-2025-57752
CVE-2025-57752 affects Next.js image optimization API routes. The cache key confusion bug can cause responses that depend on request headers (e.g., Cookie/Authorization) to be cached and served to unauthorized users. Impact: potential exposure of image responses to unintended users. Affected vers...
CVE-2025-57752 Next.js Affected by Cache Key Confusion for Image Optimization API Routes
Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers such as Cookie or...
CVE-2025-57752 Next.js Affected by Cache Key Confusion for Image Optimization API Routes
Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers such as Cookie or...
Next.js Affected by Cache Key Confusion for Image Optimization API Routes
A vulnerability in Next.js Image Optimization has been fixed in v15.4.5 and v14.2.31. When images returned from API routes vary based on request headers such as Cookie or Authorization, these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug...
GHSA-G5QG-72QW-GW5V Next.js Affected by Cache Key Confusion for Image Optimization API Routes
A vulnerability in Next.js Image Optimization has been fixed in v15.4.5 and v14.2.31. When images returned from API routes vary based on request headers such as Cookie or Authorization, these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug...
Use of Cache Containing Sensitive Information
Overview next is a react framework. Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the image optimization process, when responses from API routes vary based on request headers such as Cookie or Authorization. An attacker can gain unauthorized...
CVE-2025-55173 Next.js Content Injection Vulnerability for Image Optimization
Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary...
CVE-2025-55173 Next.js Content Injection Vulnerability for Image Optimization
Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary...