Next.js Affected by Cache Key Confusion for Image Optimization API Routes

A vulnerability in Next.js Image Optimization has been fixed in v15.4.5 and v14.2.31. When images returned from API routes vary based on request headers such as Cookie or Authorization, these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug...

GHSA-G5QG-72QW-GW5V Next.js Affected by Cache Key Confusion for Image Optimization API Routes

A vulnerability in Next.js Image Optimization has been fixed in v15.4.5 and v14.2.31. When images returned from API routes vary based on request headers such as Cookie or Authorization, these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug...

Use of Cache Containing Sensitive Information

Overview next is a react framework. Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the image optimization process, when responses from API routes vary based on request headers such as Cookie or Authorization. An attacker can gain unauthorized...

CVE-2025-55173 Next.js Content Injection Vulnerability for Image Optimization

Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary...

CVE-2025-55173 Next.js Content Injection Vulnerability for Image Optimization

Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary...

CVE-2025-55173 Next.js Content Injection Vulnerability for Image Optimization

Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary...

GHSA-XV57-4MR9-WG8V Next.js Content Injection Vulnerability for Image Optimization

A vulnerability in Next.js Image Optimization has been fixed in v15.4.5 and v14.2.31. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary content and filenames under specific configurations. This behavior could be abused for phishing or malicious...

PT-2025-35326

Name of the Vulnerable Software and Affected Versions: Next.js versions prior to 14.2.31 Next.js versions 15.0.0 through 15.4.5 Description: Next.js Image Optimization is susceptible to content injection. Attackers controlling external image sources can trigger file downloads with arbitrary conte...

PT-2025-35327

Name of the Vulnerable Software and Affected Versions: Next.js versions prior to 14.2.31 Next.js versions 15.0.0 through 15.4.5 Description: Next.js Image Optimization API routes are susceptible to a cache key confusion issue. When images returned from API routes vary based on request headers, su...

Next.js 输入验证错误漏洞

Next.js is a React framework open-sourced by Vercel. An input validation error vulnerability exists in Next.js versions prior to 14.2.31 and 15.0.0 through 15.4.5, which stems from content injection of the image optimization feature and could lead to a phishing attack...

Secure Satellite Communications Via Multiple Aerial RISs: Joint Optimization of Reflection, Association, and Deployment

Satellite communication is envisioned as a key enabler of future 6G networks, yet its wide coverage with high link attenuation poses significant challenges for physical layer security. In this paper, we investigate secure multi-beam, multi-group satellite communications assisted by aerial...

PT-2025-33923 · Unknown · Delucks Seo

Name of the Vulnerable Software and Affected Versions: DELUCKS SEO versions through 2.6.0 Description: An incorrect privilege assignment issue exists in DELUCKS SEO, allowing for privilege escalation. Recommendations: Update DELUCKS SEO to a version later than 2.6.0...

CVE-2025-55303 Unauthorized third-party images in Astro’s _image endpoint

Astro is a web framework for content-driven websites. In versions of astro before 5.13.2 and 4.16.18, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. On-demand rendered sites built with Astro include a...

Optimizing Scalar Selection in Elliptic Curve Cryptography Using Differential Evolution for Enhanced Security

Elliptic Curve Cryptography ECC is a fundamental component of modern public-key cryptosystems that enable efficient and secure digital signatures, key exchanges, and encryption. Its core operation, scalar multiplication, denoted as $k \cdot P$, where $P$ is a base point and $k$ is a private scala...

CVE-2025-54421 NamelessMC allows Stored Cross Site Scripting (XSS) in SEO component

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting XSS vulnerability in NamelessMC before 2.2.4 allows remote authenticated attackers to inject arbitrary web script or HTML via the defaultkeywords crafted parameter. This vulnerability is fixe...

How Cloud Wrapper Evolved to Optimize Small-Object Caching

Learn how Akamai's Cloud Wrapper evolved to optimize small-object caching, reduce egress costs, and boost SEO rankings for web and media assets...

Modified Security Analysis of Device-Independent Quantum Key Distribution with Random Key Basis

Security analysis is a critical part in any cryptographic protocol, may it be classical or quantum. Without security analysis, one cannot ensure the secrecy of the distributed keys. To perform a conclusive security analysis, it is very often necessary to frame the problem as an optimization...

ViT-EnsembleAttack: Augmenting Ensemble Models for Stronger Adversarial Transferability in Vision Transformers

Ensemble-based attacks have been proven to be effective in enhancing adversarial transferability by aggregating the outputs of models with various architectures. However, existing research primarily focuses on refining ensemble weights or optimizing the ensemble path, overlooking the exploration ...

CVE-2025-55286

The CVE-2025-55286 issue affects z2d v0.7.0/v0.7.0-era MSAA buffering. Under scenarios where a drawn path lies wholly or partly outside the rendering surface, incorrect bounding can cause out-of-bounds access in the coverage buffer, impacting high-level operations (Context.fill/stroke, painter.fi...

CVE-2025-55286 z2d OOB drawing with new multi-sample anti-aliasing could lead to invalid memory access and corruption

z2d is a pure Zig 2D graphics library. z2d v0.7.0 released with a new multi-sample anti-aliasing MSAA method, which uses a new buffering mechanism for storing coverage data. This differs from the standard alpha mask surface used for the previous super-sample anti-aliasing SSAA method. Under certa...