2 matches found
CVE-2026-32589 Mirror-registry: quay: insecure direct object reference in blobupload
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to rea...
Apache ActiveMQ upload/download function directory traversal vulnerability
Apache ActiveMQ is a popular messaging and integration model provider . A directory traversal vulnerability in the upload/download function for blob messages in the fileserver in Apache ActiveMQ for Windows versions prior to 5.11.2 can be exploited by an attacker to create JSP files in an arbitra...