CVE-2025-4374 – Quay Unauthorized Privilege Escalation Vulnerability

May 6, 2025

CVE ID : CVE-2025-4374

Published : May 6, 2025, 3:16 p.m. | 19 minutes ago

Description : A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn’t been mirrored yet, they are granted “Admin” permissions on the newly created repository.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleHuawei MateBook X Pro 2024 (Linux Edition) Goes on Sale

Next Article CVE-2025-4373 – GLib Integer Overflow Buffer Underwrite

Highlights

CVE-2025-53487 – Mediawiki ApprovedRevs Stored XSS

July 7, 2025

CVE ID : CVE-2025-53487

Published : July 7, 2025, 4:15 p.m. | 1 hour, 8 minutes ago

Description : The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping. Attackers can exploit this by injecting JavaScript payloads via the uselang=x-xss language override, which causes crafted message keys to be rendered unescaped.

This issue affects Mediawiki – ApprovedRevs extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Arriva Agama 15, l’installatore di openSUSE con miglioramenti all’usabilità

May 29, 2025

The wireless gaming mouse I’ve used for 5 years is down to $30 — that’s less than 2 cents a day (and it’s still my favorite)

July 17, 2025

Finally, safe array methods in JavaScript

September 9, 2025

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

@ts-ignore is almost always the worst option

@ts-ignore is almost always the worst option

MutativeJS v1.3.0 is out with massive performance gains

Student Performance Prediction System using Python Machine Learning (ML)

DistroWatch Weekly, Issue 1140

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Hyprland Made Easy: Preconfigured Beautiful Distros

CVE-2025-4374 – Quay Unauthorized Privilege Escalation Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

SEC Consult SA-20250521-0 :: Multiple Vulnerabilities in eCharge Hardy Barth cPH2 and cPP2 charging stations

CVE-2025-26062 – Intelbras RX1500/3000 Unauthenticated Access to Settings File

5 Best AI Companion Apps: From Learning Tools to “AI Girlfriends”

I tested Razer’s Iskur V2 gaming chair, and it’s just too hard for comfort — but the lumbar support can’t be beat

CVE-2025-53487 – Mediawiki ApprovedRevs Stored XSS

Arriva Agama 15, l’installatore di openSUSE con miglioramenti all’usabilità

The wireless gaming mouse I’ve used for 5 years is down to $30 — that’s less than 2 cents a day (and it’s still my favorite)

Finally, safe array methods in JavaScript

CVE-2025-4374 – Quay Unauthorized Privilege Escalation Vulnerability

Related Posts