223 matches found
Nexus-Sonatype-Repository-Manager-Groovy-Script-RCE-Authenticated-
Nexus Repository Manager 3 Authenticated RCE Groovy Script Ta...
CVE-2026-3048
An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server...
CVE-2026-3048
Nexus Repository Manager (Sonatype) 3.x is affected: versions 3.0.0–3.91.1, when an authenticated administrator configures or tests LDAP connectivity, may initiate unintended server-side connections with a malicious LDAP server due to improper LDAP referral handling. No exploitation details or mi...
CVE-2026-3048
An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server...
CVE-2026-3048 Nexus Repository 3 - Improper LDAP Referral Handling
An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server...
CVE-2026-3048 Nexus Repository 3 - Improper LDAP Referral Handling
An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server...
Sonatype Nexus Repository Manager 代码问题漏洞
Sonatype Nexus Repository Manager NXRM is a repository manager developed by Sonatype, Inc., in the United States. It is primarily used for managing, storing, and distributing software. Versions of Sonatype Nexus Repository Manager from 3.0.0 to 3.91.1 contained code vulnerabilities. These...
EUVD-2026-23031
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...
CVE-2026-5189
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...
CVE-2026-5189
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...
CVE-2026-5189 Nexus Repository 3 - Hardcoded Credential in Internal Database Component
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...
CVE-2026-5189
CVE-2026-5189 involves Sonatype Nexus Repository Manager versions 3.0.0–3.70.5 where a hard-coded credential in the internal database component can be exploited by an unauthenticated attacker with network access. The vulnerability enables read/write access to the internal database and allows exec...
CVE-2026-5189 Nexus Repository 3 - Hardcoded Credential in Internal Database Component
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...
PT-2026-33132
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...
Sonatype Nexus Repository Manager 安全漏洞
Sonatype Nexus Repository Manager NXRM is a repository manager developed by Sonatype, Inc., in the United States. It is primarily used for managing, storing, and distributing software. Versions of Sonatype Nexus Repository Manager from 3.0.0 to 3.70.5 have security vulnerabilities. These...
📄 Nexus Repository Manager 3.53.0-01 File Disclosure / Traversal
A critical path traversal vulnerability exists in Sonatype Nexus Repository Manager 3 that allows unauthenticated attackers to read arbitrary files from the server filesystem through crafted URL paths. This is a proof of concept for an issue discovered in 2024...
Cross-site Scripting (XSS)
Overview org.sonatype.nexus:nexus-extdirect is a Repository Manager. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the request process. An attacker can execute arbitrary JavaScript in the context of a victim's browser by enticing the user to interact with a...
Nexus Repository Anonymous Access
Nexus Repository Manager is a popular repository management tool used to store and manage software artifacts. If anonymous access is enabled, unauthenticated users can list and browse repositories, potentially exposing private artifacts such as source code, packages, and Docker images. No source...
EUVD-2019-6804
Malware in sbrugna...
EUVD-2021-15797
Malware in sbrugna...