CVE-2026-3199 Nexus Repository 3 - Authenticated Remote Code Execution via Task Property Injection

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control...

CVE-2026-3199 Nexus Repository 3 - Authenticated Remote Code Execution via Task Property Injection

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control...

PT-2026-31544

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control...

@accordproject/concerto-cli (=3.18.1-20251008112859), @accordproject/concerto-linter (>=3.22.1-20250716095953 <=3.24.1-20251209112947) potentially affected by unknown CVE via @accordproject/concerto-linter-default-ruleset (>=3.22.1-20250716095953 <=3.24.1-20251209112947)

@accordproject/concerto-linter-default-ruleset NPM version =3.22.1-20250716095953, =3.22.1-20250716095953, =3.24.1-20251209112947 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191173...

Rallly 安全特征问题漏洞

Rallly is a scheduling and collaboration tool from Luke Vella Individual Developer designed to make it easier to organize events and meetings. A security feature issue vulnerability exists in Rallly 3.22.1 and prior versions that stems from a 6-digit token with low entropy and no brute force...

WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 3.22.1 - Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin GiveWP versions = 3.22.1...

GHSA-36XR-4X2F-CFJ9 Deserialization of Untrusted Data in Apache Camel SQL

Deserialization of Untrusted Data vulnerability in Apache Camel SQL Component. This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users...

PT-2024-1815 · Apache · Apache Camel

Name of the Vulnerable Software and Affected Versions: Apache Camel versions 3.0.0 through 3.21.3 Apache Camel versions 3.22.0 Apache Camel versions 4.0.0 through 4.0.3 Apache Camel versions 4.1.0 through 4.3.x Description: The issue is related to the deserialization of untrusted data in the Apac...

Tigera Calico 输入验证错误漏洞

Tigera Calico is an open source network security solution for container, virtual machine and host workloads from US-based Tigera. A security vulnerability exists in Tigera Calico version 3.22.1 and earlier, and Calico Enterprise version 3.12.0 and earlier, which stems from vulnerability to route...

libgedit.a 3.22.1 Denial Of Service

whom it may concern, Title: libgedit.a mishandeling NUL blocks in geditGNOME text editor | Denial of service CVE: CVE-2017-14108 CWE: CWE-400 Exploit Author: Hosein Askari Vendor HomePage: https://gnome.org , https://wiki.gnome.org/Apps/Gedit Version : All Version 3.22.1 and older version Tested...

Regular Expression Denial of Service

Overview Versions of validator prior to 3.22.1 are affected by a regular expression denial of service vulnerability in the isURL method. Recommendation Update to version 3.22.1 or later. References - Issue 152, Comment 48107184 - GitHub Advisory...