Reddounsf

**Name of the Vulnerable Software and Affected Versions** Next.js versions prior to 14.2.31 Next.js versions 15.0.0 through 15.4.5 **Description** Next.js Image Optimization API routes are susceptible to a cache key confusion issue. When images returned from API routes vary based on request headers, such as `Cookie` or `Authorization`, responses may be incorrectly cached and served to unauthorized users. **Recommendations** Upgrade to Next.js version 14.2.31 or later. Upgrade to Next.js version 15.4.5 or later.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.18 **Description** The issue allows a malicious link to be crafted to perform a reflected XSS attack on the search page. If anonymous ticket creation is enabled, this attack can be performed by an unauthenticated user. **Recommendations** For versions prior to 10.0.18, update to version 10.0.18 to resolve the issue. As a temporary workaround, consider disabling anonymous ticket creation to minimize the risk of exploitation.