414 matches found
EUVD-2026-20757
A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction...
CVE-2026-3199
A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control...
CVE-2026-3438
A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data involving task management that allows authenticated users with task creation permissions to execute arbitrary code by injecting malicious properties into a serialized object. A user can bypass...
CVE-2026-3199
A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control...
CVE-2026-3199 Nexus Repository 3 - Authenticated Remote Code Execution via Task Property Injection
A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control...
CVE-2026-3199
CVE-2026-3199 is an authenticated remote code execution flaw in Sonatype Nexus Repository’s task management component, affecting versions 3.22.1 through 3.90.2. An attacker with task creation permissions can bypass nexus.scripts.allowCreation and execute arbitrary code. The connected CVE records ...
CVE-2026-3199 Nexus Repository 3 - Authenticated Remote Code Execution via Task Property Injection
A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control...
CVE-2026-3438 Nexus Repository 3 - Reflected Cross-Site Scripting (XSS) in ?describe Pages
A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction...
CVE-2026-3438
CVE-2026-3438 affects Sonatype Nexus Repository 3.x (versions 3.0.0 through 3.90.2). It is a reflected cross-site scripting vulnerability that lets unauthenticated remote attackers execute arbitrary JavaScript in a victim’s browser via a specially crafted URL. Exploitation requires user interacti...
CVE-2026-3438
A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction...
CVE-2026-3438 Nexus Repository 3 - Reflected Cross-Site Scripting (XSS) in ?describe Pages
A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction...
Sonatype Nexus Repository 安全漏洞
Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software. Versions of Sonatype Nexus Repository 3.90.2 and earlier contain security vulnerabilities. These vulnerabilities stem from...
PT-2026-31544
Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository versions 3.22.1 through 3.90.2 Description A flaw exists in the task management component of Sonatype Nexus Repository. An authenticated attacker possessing task creation permissions can execute arbitrary code,...
PT-2026-31545
Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository versions 3.0.0 through 3.90.2 Description A reflected cross-site scripting issue exists that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted UR...
Sonatype Nexus Repository 安全漏洞
Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software. Versions of Sonatype Nexus Repository 3.90.2 and earlier contain security vulnerabilities. These vulnerabilities stem from...
org.sonatype.nexus.assemblies:nexus-base-overlay (>=3.60.0-02 <=3.70.1-02), org.sonatype.nexus.assemblies:nexus-base-template (>=3.4.0-02 <=3.70.1-02) +39 more potentially affected by CVE-2026-3438 via org.sonatype.nexus:nexus-repository (>=3.0.0-03 <=3.8.0-02)
org.sonatype.nexus:nexus-repository MAVEN version =3.0.0-03, =3.60.0-02, =3.4.0-02, =3.0.0-03, =3.5.0-02, =3.4.0-02, =0.0.1, =3.17.0-01, =0.0.2, =0.0.2, =3.19.0-01, =0.0.3, =1.0.0, =0.0.4, =0.0.2, =0.0.7 and more Source cves: CVE-2026-3438 Source advisory: SNYK:JAVA-ORGSONATYPENEXUS-164...
📄 Nexus Repository Manager 3.53.0-01 File Disclosure / Traversal
A critical path traversal vulnerability exists in Sonatype Nexus Repository Manager 3 that allows unauthenticated attackers to read arbitrary files from the server filesystem through crafted URL paths. This is a proof of concept for an issue discovered in 2024...
Sonatype Nexus Repository vulnerable to server-side request forgery
Overview Nexus Repository provided by Sonatype contains the following vulnerability. Server-side request forgery CWE-918 - CVE-2026-0600 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...
CVE-2026-0601
A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction...