236 matches found
CVE-2026-10741
Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials...
EUVD-2026-37783
Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials...
CVE-2026-10741
Sonatype Nexus Repository Manager prior to 3.93.0 contains an authorization flaw in the proxy repository configuration that lets a delegated repository administrator disclose stored upstream proxy credentials. This affects confidentiality (credentials exposure) with a CVSS base score of 5.9 (MEDI...
PT-2026-50525
Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository Manager versions prior to 3.93.0 Description An authorization bypass exists in the proxy repository configuration. This issue allows a delegated repository administrator to disclose stored upstream proxy credentials...
CVE-2026-3329 Nexus Repository Manager - Improper Restriction of Excessive Authentication Attempts
A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...
CVE-2026-3329 Nexus Repository Manager - Improper Restriction of Excessive Authentication Attempts
A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...
CVE-2026-3329
CVE-2026-3329 affects Sonatype Nexus Repository. A remote unauthenticated attacker can perform credential-guessing attacks via authentication endpoints, with a CVSS v4.0 base score 8.7 (HIGH) and network exposure. The vulnerability is characterized by a lack of authentication requirements for gue...
Nexus-Sonatype-Repository-Manager-Groovy-Script-RCE-Authenticated-
Nexus Repository Manager 3 Authenticated RCE Groovy Script Ta...
CVE-2026-3048
An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server...
CVE-2026-3048
An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server...
CVE-2026-3048 Nexus Repository 3 - Improper LDAP Referral Handling
An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server...
CVE-2026-3048 Nexus Repository 3 - Improper LDAP Referral Handling
An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server...
CVE-2026-3048
Nexus Repository Manager (Sonatype) 3.x is affected: versions 3.0.0–3.91.1, when an authenticated administrator configures or tests LDAP connectivity, may initiate unintended server-side connections with a malicious LDAP server due to improper LDAP referral handling. No exploitation details or mi...
Sonatype Nexus Repository Manager 代码问题漏洞
Sonatype Nexus Repository Manager NXRM is a repository manager developed by Sonatype, Inc., in the United States. It is primarily used for managing, storing, and distributing software. Versions of Sonatype Nexus Repository Manager from 3.0.0 to 3.91.1 contained code vulnerabilities. These...
EUVD-2026-23031
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...
CVE-2026-5189
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...
CVE-2026-5189
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...
CVE-2026-5189 Nexus Repository 3 - Hardcoded Credential in Internal Database Component
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...
CVE-2026-5189 Nexus Repository 3 - Hardcoded Credential in Internal Database Component
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...
CVE-2026-5189
CVE-2026-5189 involves Sonatype Nexus Repository Manager versions 3.0.0–3.70.5 where a hard-coded credential in the internal database component can be exploited by an unauthenticated attacker with network access. The vulnerability enables read/write access to the internal database and allows exec...