6 matches found
Next.js has Unbounded Memory Consumption via PPR Resume Endpoint
A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...
EUVD-2025-206334
Next.js self-hosted applications vulnerable to DoS via Image Optimizer remotePatterns configuration...
CVE-2025-59471
A denial of service vulnerability exists in self-hosted Next.js applications that have remotePatterns configured for the Image Optimizer. The image optimization endpoint /next/image loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause...
CVE-2025-59471
CVE-2025-59471 describes a denial-of-service in self-hosted Next.js apps that have a remotePatterns configuration for the Image Optimizer. The vulnerability arises because the image optimization endpoint /_next/image loads external images fully into memory and does not enforce a maximum size, ena...
CVE-2025-59471
A denial of service vulnerability exists in self-hosted Next.js applications that have remotePatterns configured for the Image Optimizer. The image optimization endpoint /next/image loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause...
PT-2023-26806 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.1 through 16.1.4 GitLab EE versions 16.2 through 16.2.4 GitLab EE versions 16.3 through 16.3.0 Description: An issue has been discovered in GitLab EE where an external user with an owner role on any group can escalate...