CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/13 5:0 p.m.•13 views

CVE-2026-44577

CVE-2026-44577 affects Next.js self-hosted Image Optimization API when using the default image loader. From 10.0.0 through versions before 15.5.16 and 16.2.5, local images are read entirely into memory without a maximum size limit, enabling potential Out-Of-Memory conditions via requests to /_nex...

Exploits1References1Affected Software1

ATTACKERKB•added 2026/05/13 5:0 p.m.•3 views

CVE-2026-44577

Exploits1References2Affected Software1

Vulnrichment•added 2026/05/13 5:0 p.m.•5 views

CVE-2026-44577 Next.js: Denial of Service in the Image Optimization API

Cvelist•added 2026/05/13 5:0 p.m.•22 views

CVE-2026-44577 Next.js: Denial of Service in the Image Optimization API

5.9CVSS0.00018EPSS

Packet Storm News•added 2026/05/13 12:0 a.m.•4 views

Red-Teaming Agent Execution Contexts: Open-World Security Evaluation on OpenClaw

Agentic language-model systems increasingly rely on mutable execution contexts, including files, memory, tools, skills, and auxiliary artifacts, creating security risks beyond explicit user prompts. This paper presents DeepTrap, an automated framework for discovering contextual vulnerabilities in...

6AI score

CNNVD•added 2026/05/13 12:0 a.m.•4 views

vm2 安全漏洞

vm2 is a high-level virtual machine/sandbox for Node.js developed by Patrik Simek from Czech Republic. It allows for the execution of untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 have security vulnerabilities; these vulnerabilities stem fro...

5.8CVSS6AI score0.00049EPSS

CNNVD•added 2026/05/13 12:0 a.m.•5 views

Next.js 安全漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 10.0.0 to 15.5.16, as well as versions before 16.2.5, have security vulnerabilities. These vulnerabilities arise from the default image loader being hosted on the server, where the Image Optimization API loads local imag...

Github Security Blog•added 2026/05/11 3:56 p.m.•17 views

Next.js has a Denial of Service in the Image Optimization API

Impact When self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could cause out-of-memory conditions by requesting large local assets from the /next/image endpoint that match t...

Exploits1References5Affected Software1

Patchstack•added 2026/05/11 3:56 p.m.•7 views

NPM: Next.js has a Denial of Service in the Image Optimization API

NPM: Next.js has a Denial of Service in the Image Optimization API vulnerability discovered by ? in WordPress Npm next versions = 10.0.0, 15.5.16...

Exploits1References5Affected Software1

Snyk•added 2026/05/11 3:56 p.m.•5 views

Allocation of Resources Without Limits or Throttling

Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Image Optimization API when handling requests to the /next/image endpoint that match the images.localPatterns configuration. An attacker can exhaust...

8.2CVSS5.8AI score0.00018EPSS

Exploits1References2

OSV•added 2026/05/11 3:56 p.m.•5 views

GHSA-H64F-5H5J-JQJH Next.js has a Denial of Service in the Image Optimization API

RedHat Linux•added 2026/05/11 2:12 p.m.•9 views

Exploits1References5

Important: Red Hat Security Advisory: Red Hat AI Inference Server Model Optimization Tools 3.3.3 (CUDA)

Red Hat AI Inference Server Model Optimization Tools 3.3.3 CUDA is now available. Red Hat® AI Inference Server Model Optimization Tools...

9.8CVSS7.3AI score0.00867EPSS

Exploits5References22

Hive Pro Threat Advisories•added 2026/05/11 4:26 a.m.•4 views

CTEM Business Case: CISO Guide to ROI

CTEM Business Case: CISO Guide to ROI A strong CTEM business case has to do more than explain why Continuous Threat Exposure Management matters. It has to show how a CTEM program reduces measurable business risk, improves remediation speed, consolidates security spend, and gives the board a clear...

5.8AI score

Packet Storm News•added 2026/05/08 12:0 a.m.•4 views

SecureForge: Finding and Preventing Vulnerabilities in LLM-Generated Code Via Prompt Optimization

LLM coding agents now generate code at an unprecedented scale, yet LLM-generated code introduces cybersecurity vulnerabilities into codebases without human involvement. Even when frontier models are explicitly asked to write secure production code with relevant weaknesses to avoid in context, we...

5.8AI score

GithubExploit•added 2026/05/06 4:29 p.m.•49 views

trying-to-make-a-website-scanner

trying-to-make-a-website-scanner Web Vulnerability Scanner —...

5.8AI score