Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

288 matches found

RedHat Linux
RedHat Linuxadded 2026/06/09 3:31 p.m.10 views

Important: Red Hat Security Advisory: Red Hat Quay 3.15.5

Red Hat Quay 3.15.5 is now available with bug fixes. Quay 3.15.5...

10CVSS6.7AI score0.01075EPSS
Exploits9References24
RedHat Linux
RedHat Linuxadded 2026/06/09 1:57 p.m.8 views

Important: Red Hat Security Advisory: Red Hat Quay 3.17.3

Red Hat Quay 3.17.3 is now available with bug fixes. Quay 3.17.3...

8.8CVSS5.4AI score0.00413EPSS
Exploits0References3
NVD
NVDadded 2026/06/08 12:16 p.m.11 views

CVE-2026-11569

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS0.00138EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/06/08 10:54 a.m.6 views

CVE-2026-11569

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS5.2AI score0.00138EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/06/08 10:54 a.m.8 views

CVE-2026-11569

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS5.2AI score0.00138EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/06/08 10:54 a.m.34 views

CVE-2026-11569 Quay: quay: stored xss via filedrop svg upload

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS0.00138EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/08 10:54 a.m.6 views

EUVD-2026-35044

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS5.2AI score0.00138EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/06/08 10:54 a.m.7 views

CVE-2026-11569 Quay: quay: stored xss via filedrop svg upload

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS5.2AI score0.00138EPSS
Exploits0References2
CVE
CVEadded 2026/06/08 10:54 a.m.14 views

CVE-2026-11569

CVE-2026-11569 affects Quay: the filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG containing JavaScript. The file is stored and served inline via the CDN, enabling stored XSS when a victim visits the ...

5.4CVSS5.2AI score0.00138EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/06/08 12:0 a.m.3 views

Red Hat Quay 跨站脚本漏洞

Red Hat Quay is a container image repository platform operated by the American company Red Hat. Red Hat Quay has a cross-site scripting vulnerability. This vulnerability stems from the lack of validation of MIME types at the filedrop endpoint. It may allow authenticated users with write permissio...

5.4CVSS4.9AI score0.00138EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/06/08 12:0 a.m.8 views

PT-2026-47274

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS5.2AI score0.00138EPSS
Exploits0References3
RedHat Linux
RedHat Linuxadded 2026/06/04 2:36 p.m.13 views

Important: Red Hat Security Advisory: Red Hat Quay 3.9.22

Red Hat Quay 3.9.22 is now available with bug fixes. Quay 3.9.22...

10CVSS6.7AI score0.01075EPSS
Exploits9References23
RedHat Linux
RedHat Linuxadded 2026/06/03 1:2 p.m.14 views

Important: Red Hat Security Advisory: Red Hat Quay 3.10.22

Red Hat Quay 3.10.22 is now available with bug fixes. Quay 3.10.22...

10CVSS7.1AI score0.01075EPSS
Exploits8References20
RedHat Linux
RedHat Linuxadded 2026/06/02 6:16 p.m.13 views

Important: Red Hat Security Advisory: Red Hat Quay 3.12.18

Red Hat Quay 3.12.18 is now available with bug fixes. Quay 3.12.18...

10CVSS7.1AI score0.01075EPSS
Exploits7References18
RedHat Linux
RedHat Linuxadded 2026/06/02 1:10 p.m.9 views

Important: Red Hat Security Advisory: Red Hat Quay 3.17.2

Red Hat Quay 3.17.2 is now available with bug fixes. Quay 3.17.2...

10CVSS7.2AI score0.01075EPSS
Exploits10References25
ATTACKERKB
ATTACKERKBadded 2026/06/01 7:56 a.m.8 views

CVE-2026-10517

A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...

5.8CVSS5.7AI score0.00281EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/06/01 7:56 a.m.8 views

CVE-2026-10517

A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...

5.8CVSS5.7AI score0.00281EPSS
Exploits0References2
NVD
NVDadded 2026/05/29 11:16 a.m.14 views

CVE-2026-10078

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

2.7CVSS0.00196EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/29 9:30 a.m.7 views

CVE-2026-10078

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

2.7CVSS5.7AI score0.00196EPSS
Exploits0References3
CVE
CVEadded 2026/05/29 9:30 a.m.13 views

CVE-2026-10078

The CVE-2026-10078 entry concerns Quay config-tool’s GitLab OAuth validator. The vulnerability causes client_id and client_secret to be sent in plaintext via URL query parameters during POST requests to the GitLab endpoint, enabling potential exposure of credentials in logs (server access logs, r...

2.7CVSS5.7AI score0.00196EPSS
Exploits0References2
Rows per page
Query Builder