Lucene search
+L

5332 matches found

cvelist
cvelist
added 2026/04/08 10:17 p.m.30 views

CVE-2026-3199 Nexus Repository 3 - Authenticated Remote Code Execution via Task Property Injection

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control...

9.4CVSS0.00359EPSS
Exploits0References2
cve
cve
added 2026/04/08 10:17 p.m.24 views

CVE-2026-3199

CVE-2026-3199 is an authenticated remote code execution flaw in Sonatype Nexus Repository’s task management component, affecting versions 3.22.1 through 3.90.2. An attacker with task creation permissions can bypass nexus.scripts.allowCreation and execute arbitrary code. The connected CVE records ...

9.4CVSS6.1AI score0.00359EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/08 10:16 p.m.2 views

CVE-2026-3438

A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction...

5.1CVSS6.1AI score0.00465EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2026/04/08 10:16 p.m.20 views

CVE-2026-3438 Nexus Repository 3 - Reflected Cross-Site Scripting (XSS) in ?describe Pages

A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction...

5.1CVSS0.00465EPSS
Exploits0References2
cve
cve
added 2026/04/08 10:16 p.m.32 views

CVE-2026-3438

CVE-2026-3438 affects Sonatype Nexus Repository 3.x (versions 3.0.0 through 3.90.2). It is a reflected cross-site scripting vulnerability that lets unauthenticated remote attackers execute arbitrary JavaScript in a victim’s browser via a specially crafted URL. Exploitation requires user interacti...

5.1CVSS6.1AI score0.00465EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/04/08 10:16 p.m.6 views

CVE-2026-3438 Nexus Repository 3 - Reflected Cross-Site Scripting (XSS) in ?describe Pages

A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction...

5.1CVSS6.1AI score0.00465EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/08 12:0 a.m.12 views

PT-2026-31544

Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository versions 3.22.1 through 3.90.2 Description A flaw exists in the task management component of Sonatype Nexus Repository. An authenticated attacker possessing task creation permissions can execute arbitrary code,...

9.4CVSS5.7AI score0.00359EPSS
Exploits0References8
cnnvd
cnnvd
added 2026/04/08 12:0 a.m.14 views

Sonatype Nexus Repository 安全漏洞

Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software. Versions of Sonatype Nexus Repository 3.90.2 and earlier contain security vulnerabilities. These vulnerabilities stem from...

9.4CVSS6AI score0.00359EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/08 12:0 a.m.11 views

PT-2026-31545

Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository versions 3.0.0 through 3.90.2 Description A reflected cross-site scripting issue exists that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted UR...

5.1CVSS6.1AI score0.00465EPSS
Exploits0References6
cnnvd
cnnvd
added 2026/04/08 12:0 a.m.8 views

Sonatype Nexus Repository 安全漏洞

Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software. Versions of Sonatype Nexus Repository 3.90.2 and earlier contain security vulnerabilities. These vulnerabilities stem from...

5.1CVSS5.9AI score0.00465EPSS
Exploits0References2
nessus
nessus
added 2026/04/08 12:0 a.m.6 views

Cisco Nexus 9000 Series Fabric Switches in ACI Mode SNMP DoS (cisco-sa-nxos-dsnmp-cNN39Uh)

According to its self-reported version, Cisco NX-OS System Software in ACI Mode is affected by a vulnerability. - A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause ...

7.7CVSS5.9AI score0.00302EPSS
Exploits0References4
vulnersosv
vulnersosv
added 2026/04/07 9:0 p.m.7 views

org.sonatype.nexus.assemblies:nexus-base-overlay (>=3.60.0-02 <=3.70.1-02), org.sonatype.nexus.assemblies:nexus-base-template (>=3.4.0-02 <=3.70.1-02) +39 more potentially affected by CVE-2026-3438 via org.sonatype.nexus:nexus-repository (>=3.0.0-03 <=3.8.0-02)

org.sonatype.nexus:nexus-repository MAVEN version =3.0.0-03, =3.60.0-02, =3.4.0-02, =3.0.0-03, =3.5.0-02, =3.4.0-02, =0.0.1, =3.17.0-01, =0.0.2, =0.0.2, =3.19.0-01, =0.0.3, =1.0.0, =0.0.4, =0.0.2, =0.0.7 and more Source cves: CVE-2026-3438 Source advisory: SNYK:JAVA-ORGSONATYPENEXUS-164...

5.1CVSS5.8AI score0.00465EPSS
Exploits0
nessus
nessus
added 2026/04/07 12:0 a.m.3 views

Cisco Nexus Dashboard Server-Side Request Forgery (cisco-sa-nd-ssrf-NAen4O7r)

According to its self-reported version, Cisco Nexus Dashboard is affected by a vulnerability. - A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to...

6.1CVSS6.1AI score0.00242EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/04/04 12:0 a.m.10 views

PT-2026-30388

Breaking CyberSecurity News For 2026.04.04 | Pithy Cyborg | Threats. Breaches. Intel. ➔ Google patched CVE-2026-5281, a use-after-free bug in Dawn WebGPU, marking the fourth Chrome zero-day exploited in the wild this year. Affected versions were updated to 146.0.7680.177/178 for Windows, macOS, a...

10CVSS7.4AI score0.99562EPSS
Exploits414References1
ncsc
ncsc
added 2026/04/03 8:20 a.m.11 views

Vulnerabilities fixed in Cisco Nexus Dashboard and Nexus Dashboard Insights

Cisco has fixed vulnerabilities in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights. The first vulnerability involves incorrect input validation of specific HTTP requests in Cisco Nexus Dashboard and Nexus Dashboard Insights. This allows unauthenticated remote attackers to perform...

6.5CVSS6.4AI score0.00489EPSS
Exploits0References3
vulnersosv
vulnersosv
added 2026/04/03 3:44 a.m.7 views

nexus-corr-discovery (=0.0.1.post2) potentially affected by CVE-2026-35052 via dtale (=3.12.0)

dtale PYPI version =3.12.0 is affected by a known vulnerability. The following packages have a transitive dependency on dtale and may be impacted: - nexus-corr-discovery =0.0.1.post2 Source cves: CVE-2026-35052 Source advisory: SNYK:PYTHON-DTALE-15912439...

9.8CVSS5.8AI score0.00622EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/04/03 3:44 a.m.6 views

intelligenzaartificiale (>=0.0.0.35 <=0.0.0.38), nexus-corr-discovery (=0.0.1.post2) +1 more potentially affected by CVE-2026-35052 via dtale (>=2.16.0 <=3.12.0)

dtale PYPI version =2.16.0, =0.0.0.35, =0.1.0, =0.1.5 Source cves: CVE-2026-35052 Source advisory: OSV:GHSA-436G-FHFC-9G5W...

9.8CVSS5.8AI score0.00622EPSS
Exploits0
nessus
nessus
added 2026/04/03 12:0 a.m.5 views

Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access (cisco-sa-nd-cbid-5YqkOSHu)

According to its self-reported version, Cisco Nexus Dashboard is affected by a vulnerability. - A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive...

6.5CVSS6.1AI score0.00293EPSS
Exploits0References3
thn
thn
added 2026/04/02 7:30 p.m.18 views

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services AWS secrets, shell command history, Stripe API keys, and GitHub tokens at scale. Cisco Talos...

10CVSS7.2AI score0.99562EPSS
Exploits376
redhatcve
redhatcve
added 2026/04/02 4:56 p.m.4 views

CVE-2026-20174

A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this...

4.9CVSS6AI score0.00489EPSS
Exploits0References1
Rows per page
Query Builder