Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2026/01/28 3:20 p.m.51 views

Next.js has Unbounded Memory Consumption via PPR Resume Endpoint

A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...

7.5CVSS5.9AI score0.00363EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/01/27 7:18 p.m.6 views

EUVD-2025-206334

Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration...

5.9CVSS5.9AI score0.00444EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/01/26 9:43 p.m.3 views

CVE-2025-59471

A denial of service vulnerability exists in self-hosted Next.js applications that have remotePatterns configured for the Image Optimizer. The image optimization endpoint /next/image loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause...

5.9CVSS5.9AI score0.00444EPSS
Exploits0References1
CVE
CVE
added 2026/01/26 9:43 p.m.94 views

CVE-2025-59471

CVE-2025-59471 describes a denial-of-service in self-hosted Next.js apps that have a remotePatterns configuration for the Image Optimizer. The vulnerability arises because the image optimization endpoint /_next/image loads external images fully into memory and does not enforce a maximum size, ena...

7.5CVSS5.9AI score0.00444EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/01/26 9:43 p.m.21 views

CVE-2025-59471

A denial of service vulnerability exists in self-hosted Next.js applications that have remotePatterns configured for the Image Optimizer. The image optimization endpoint /next/image loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause...

5.9CVSS0.00444EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/09/01 12:0 a.m.3 views

PT-2023-26806 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.1 through 16.1.4 GitLab EE versions 16.2 through 16.2.4 GitLab EE versions 16.3 through 16.3.0 Description: An issue has been discovered in GitLab EE where an external user with an owner role on any group can escalate...

7.2CVSS6.8AI score0.00565EPSS
Exploits0References7
Rows per page
Query Builder