339 matches found
CVE-2026-1246 ShortPixel Image Optimizer <= 6.4.2 - Authenticated (Editor+) Arbitrary File Read via 'loadFile' Parameter
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient path validation and sanitization in the 'loadLogFile' AJAX action. This makes it possible for...
CVE-2026-1246
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the loadFile parameter, caused by insufficient validation and sanitization in the loadLogFile AJAX action. Affected entries include all versions up to 6.4.2 (WordPress plugin). Exploitat...
CVE-2026-1246
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient path validation and sanitization in the 'loadLogFile' AJAX action. This makes it possible for...
CVE-2026-1246 ShortPixel Image Optimizer <= 6.4.2 - Authenticated (Editor+) Arbitrary File Read via 'loadFile' Parameter
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient path validation and sanitization in the 'loadLogFile' AJAX action. This makes it possible for...
EUVD-2026-5545
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient path validation and sanitization in the 'loadLogFile' AJAX action. This makes it possible for...
WordPress plugin ShortPixel Image Optimizer 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Robin Image Optimizer 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-6039
Name of the Vulnerable Software and Affected Versions Robin Image Optimizer – Unlimited Image Optimization & WebP Converter plugin for WordPress versions up to and including 2.0.2 Description The Robin Image Optimizer plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs...
PT-2026-6032
Name of the Vulnerable Software and Affected Versions ShortPixel Image Optimizer plugin for WordPress versions prior to 6.4.3 Description The ShortPixel Image Optimizer plugin for WordPress is susceptible to unauthorized file access through a path traversal flaw. This issue stems from inadequate...
WordPress Robin Image Optimizer plugin <= 2.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Alternative Text Field vulnerability
Authenticated Author+ Stored Cross-Site Scripting via Image Alternative Text Field vulnerability discovered by Vincent Theriault-Laine in WordPress Plugin Robin image optimizer versions = 2.0.2...
Next.js Framework 10.x / 11.x / 12.x / 13.x / 14.x / 15.x < 15.5.10 / 16.x < 16.1.5 Image Optimizer DoS (GHSA-9g9p-9gw9-jx7f)
The Next.js Framework on the remote host is affected by a denial of service vulnerability: - A denial of service vulnerability exists in self-hosted Next.js applications that have remotePatterns configured for the Image Optimizer. The image optimization endpoint /next/image loads external images...
Denial Of Service (DoS)
Next.js is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to unbounded memory consumption in the Image Optimizer, where the /next/image endpoint loads attacker-controlled external images entirely into memory without size limits when remotePatterns is enabled, allowing large image...
Linux Distros Unpatched Vulnerability : CVE-2025-59471
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service vulnerability exists in self-hosted Next.js applications that have remotePatterns configured for the Image Optimizer. The image optimization...
EUVD-2025-206334
Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration...
Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration
A DoS vulnerability exists in self-hosted Next.js applications that have remotePatterns configured for the Image Optimizer. The image optimization endpoint /next/image loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause out-of-memory...
GHSA-9G9P-9GW9-JX7F Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration
A DoS vulnerability exists in self-hosted Next.js applications that have remotePatterns configured for the Image Optimizer. The image optimization endpoint /next/image loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause out-of-memory...
CVE-2025-59471
A denial of service vulnerability exists in self-hosted Next.js applications that have remotePatterns configured for the Image Optimizer. The image optimization endpoint /next/image loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause...
CVE-2025-59471
A denial of service vulnerability exists in self-hosted Next.js applications that have remotePatterns configured for the Image Optimizer. The image optimization endpoint /next/image loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause...
CVE-2025-59471
A denial of service vulnerability exists in self-hosted Next.js applications that have remotePatterns configured for the Image Optimizer. The image optimization endpoint /next/image loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause...
CVE-2025-59471
A denial of service vulnerability exists in self-hosted Next.js applications that have remotePatterns configured for the Image Optimizer. The image optimization endpoint /next/image loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause...