5332 matches found
CVE-2026-3199 Nexus Repository 3 - Authenticated Remote Code Execution via Task Property Injection
A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control...
CVE-2026-3199
CVE-2026-3199 is an authenticated remote code execution flaw in Sonatype Nexus Repository’s task management component, affecting versions 3.22.1 through 3.90.2. An attacker with task creation permissions can bypass nexus.scripts.allowCreation and execute arbitrary code. The connected CVE records ...
CVE-2026-3438
A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction...
CVE-2026-3438 Nexus Repository 3 - Reflected Cross-Site Scripting (XSS) in ?describe Pages
A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction...
CVE-2026-3438
CVE-2026-3438 affects Sonatype Nexus Repository 3.x (versions 3.0.0 through 3.90.2). It is a reflected cross-site scripting vulnerability that lets unauthenticated remote attackers execute arbitrary JavaScript in a victim’s browser via a specially crafted URL. Exploitation requires user interacti...
CVE-2026-3438 Nexus Repository 3 - Reflected Cross-Site Scripting (XSS) in ?describe Pages
A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction...
PT-2026-31544
Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository versions 3.22.1 through 3.90.2 Description A flaw exists in the task management component of Sonatype Nexus Repository. An authenticated attacker possessing task creation permissions can execute arbitrary code,...
Sonatype Nexus Repository 安全漏洞
Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software. Versions of Sonatype Nexus Repository 3.90.2 and earlier contain security vulnerabilities. These vulnerabilities stem from...
PT-2026-31545
Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository versions 3.0.0 through 3.90.2 Description A reflected cross-site scripting issue exists that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted UR...
Sonatype Nexus Repository 安全漏洞
Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software. Versions of Sonatype Nexus Repository 3.90.2 and earlier contain security vulnerabilities. These vulnerabilities stem from...
Cisco Nexus 9000 Series Fabric Switches in ACI Mode SNMP DoS (cisco-sa-nxos-dsnmp-cNN39Uh)
According to its self-reported version, Cisco NX-OS System Software in ACI Mode is affected by a vulnerability. - A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause ...
org.sonatype.nexus.assemblies:nexus-base-overlay (>=3.60.0-02 <=3.70.1-02), org.sonatype.nexus.assemblies:nexus-base-template (>=3.4.0-02 <=3.70.1-02) +39 more potentially affected by CVE-2026-3438 via org.sonatype.nexus:nexus-repository (>=3.0.0-03 <=3.8.0-02)
org.sonatype.nexus:nexus-repository MAVEN version =3.0.0-03, =3.60.0-02, =3.4.0-02, =3.0.0-03, =3.5.0-02, =3.4.0-02, =0.0.1, =3.17.0-01, =0.0.2, =0.0.2, =3.19.0-01, =0.0.3, =1.0.0, =0.0.4, =0.0.2, =0.0.7 and more Source cves: CVE-2026-3438 Source advisory: SNYK:JAVA-ORGSONATYPENEXUS-164...
Cisco Nexus Dashboard Server-Side Request Forgery (cisco-sa-nd-ssrf-NAen4O7r)
According to its self-reported version, Cisco Nexus Dashboard is affected by a vulnerability. - A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to...
PT-2026-30388
Breaking CyberSecurity News For 2026.04.04 | Pithy Cyborg | Threats. Breaches. Intel. ➔ Google patched CVE-2026-5281, a use-after-free bug in Dawn WebGPU, marking the fourth Chrome zero-day exploited in the wild this year. Affected versions were updated to 146.0.7680.177/178 for Windows, macOS, a...
Vulnerabilities fixed in Cisco Nexus Dashboard and Nexus Dashboard Insights
Cisco has fixed vulnerabilities in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights. The first vulnerability involves incorrect input validation of specific HTTP requests in Cisco Nexus Dashboard and Nexus Dashboard Insights. This allows unauthenticated remote attackers to perform...
nexus-corr-discovery (=0.0.1.post2) potentially affected by CVE-2026-35052 via dtale (=3.12.0)
dtale PYPI version =3.12.0 is affected by a known vulnerability. The following packages have a transitive dependency on dtale and may be impacted: - nexus-corr-discovery =0.0.1.post2 Source cves: CVE-2026-35052 Source advisory: SNYK:PYTHON-DTALE-15912439...
intelligenzaartificiale (>=0.0.0.35 <=0.0.0.38), nexus-corr-discovery (=0.0.1.post2) +1 more potentially affected by CVE-2026-35052 via dtale (>=2.16.0 <=3.12.0)
dtale PYPI version =2.16.0, =0.0.0.35, =0.1.0, =0.1.5 Source cves: CVE-2026-35052 Source advisory: OSV:GHSA-436G-FHFC-9G5W...
Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access (cisco-sa-nd-cbid-5YqkOSHu)
According to its self-reported version, Cisco Nexus Dashboard is affected by a vulnerability. - A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive...
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services AWS secrets, shell command history, Stripe API keys, and GitHub tokens at scale. Cisco Talos...
CVE-2026-20174
A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this...