Next.js - Server Side Request Forgery (SSRF)

Next.Js, inferior to version 14.1.1, have its image optimization built-in component prone to SSRF. id: CVE-2024-34351 info: name: Next.js - Server Side Request Forgery SSRF author: righettod severity: high description: | Next.Js, inferior to version 14.1.1, have its image optimization built-in...

Adobe Substance 3D Designer 14.1.1 Multiple Vulnerabilities (APSB25-22)

The version of Adobe Substance 3D Designer installed on the remote host is prior to 14.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB25-22 advisory. - Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability...

CVE-2024-41840

Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Adobe Bridge Memory Leak Vulnerability (APSB24-51_1) - Windows

Adobe Bridge is prone to a memory leak vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:bridgecc";...

CVE-2024-34351

Next.js SSRF in Server Actions (CVE-2024-34351) affects self-hosted deployments using Server Actions with redirects to a relative path starting with “/” when Host header can be manipulated. Affected: Next.js prior to 14.1.1 (fixed in 14.1.1). Public writeups and PoC references exist in connected ...