CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

Positive Technologies•added 2026/06/08 12:0 a.m.•8 views

PT-2026-47274

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS5.2AI score0.00138EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-32204

Malicious code in bioql PyPI...

7.3CVSS7.5AI score0.00339EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-32201

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00522EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-13599

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00211EPSS

Exploits0References3

CVE•added 2025/05/06 2:49 p.m.•54 views

CVE-2025-4374

CVE-2025-4374 affects Quay: when an organization acts as a proxy cache and a user/robot pulls an unmapped image, the newly created repository may be granted Admin privileges due to an improper privilege assignment in the proxy cache flow. Impact described as elevated (Admin) access on the new rep...

6.5CVSS6.5AI score0.00211EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/05/06 2:49 p.m.•14 views

CVE-2025-4374 Quay: incorrect privilege assignment

A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository...

6.5CVSS0.00211EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by