CVE-2026-44577 Next.js: Denial of Service in the Image Optimization API

Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could...

CVE-2025-58179

Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...

PT-2023-30774 · Unknown · Jupyterhub +1

Name of the Vulnerable Software and Affected Versions: DockerSpawner versions 0.11.0 through 12 Description: The issue affects JupyterHub deployments running DockerSpawner, allowing users to launch any pullable Docker image instead of restricting to the single configured image. This has been...

WordPress plugin ProfilePress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin ProfilePress 4.5.0...

CVE-2016-10988

The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebookmessage, facebooklinkname, facebookcaption, facebookdescription, defaultimage, or wphttpreferer...