21 matches found
CVE-2026-44577
A flaw was found in Next.js. When self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. A remote attacker could exploit this by requesting large local assets from the /next/image endpoint...
CVE-2026-44577
Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could...
CVE-2026-44577
CVE-2026-44577 affects Next.js self-hosted Image Optimization API when using the default image loader. From 10.0.0 through versions before 15.5.16 and 16.2.5, local images are read entirely into memory without a maximum size limit, enabling potential Out-Of-Memory conditions via requests to /_nex...
CVE-2026-44577
Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could...
CVE-2026-44577 Next.js: Denial of Service in the Image Optimization API
Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could...
CVE-2026-44577 Next.js: Denial of Service in the Image Optimization API
Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could...
Next.js has a Denial of Service in the Image Optimization API
Impact When self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could cause out-of-memory conditions by requesting large local assets from the /next/image endpoint that match t...
GHSA-H64F-5H5J-JQJH Next.js has a Denial of Service in the Image Optimization API
Impact When self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could cause out-of-memory conditions by requesting large local assets from the /next/image endpoint that match t...
CVE-2023-40124
In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead to local information disclosure of photos or other images with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2022-1013
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2016-8579
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - docker2aci = 0.12.3 has an infinite loop when handling local images with cyclic dependency chain. CVE-2016-8579 Note that Nessus relies on the presence of the...
CVE-2024-45734
In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed...
PT-2024-7419 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions 9.1.6, 9.2.3, and 9.3.0 Description: A low-privileged user without the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic...
Denial of Service in docker2aci
docker2aci = 0.12.3 has an infinite loop when handling local images with cyclic dependency chain...
GHSA-GFH2-7JG5-653P Denial of Service in docker2aci
docker2aci = 0.12.3 has an infinite loop when handling local images with cyclic dependency chain...
CVE-2016-8579
docker2aci = 0.12.3 has an infinite loop when handling local images with cyclic dependency chain...
DEBIAN-CVE-2016-8579
docker2aci = 0.12.3 has an infinite loop when handling local images with cyclic dependency chain...
CVE-2016-8579
docker2aci = 0.12.3 has an infinite loop when handling local images with cyclic dependency chain...
UBUNTU-CVE-2016-8579
docker2aci = 0.12.3 has an infinite loop when handling local images with cyclic dependency chain...
Code injection
docker2aci = 0.12.3 has an infinite loop when handling local images with cyclic dependency chain...