Lucene search
K

414 matches found

EUVD
EUVD
added 2026/04/09 12:32 a.m.3 views

EUVD-2026-20757

A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction...

5.1CVSS6.1AI score0.00465EPSS
Exploits0References3
NVD
NVD
added 2026/04/08 11:16 p.m.4 views

CVE-2026-3199

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control...

9.4CVSS0.00359EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 11:16 p.m.6 views

CVE-2026-3438

A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction...

5.1CVSS0.00465EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 11:8 p.m.12 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data involving task management that allows authenticated users with task creation permissions to execute arbitrary code by injecting malicious properties into a serialized object. A user can bypass...

9.9CVSS6.1AI score0.00359EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/08 10:17 p.m.5 views

CVE-2026-3199

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control...

9.4CVSS6.1AI score0.00359EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/08 10:17 p.m.26 views

CVE-2026-3199 Nexus Repository 3 - Authenticated Remote Code Execution via Task Property Injection

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control...

9.4CVSS0.00359EPSS
Exploits0References2
CVE
CVE
added 2026/04/08 10:17 p.m.14 views

CVE-2026-3199

CVE-2026-3199 is an authenticated remote code execution flaw in Sonatype Nexus Repository’s task management component, affecting versions 3.22.1 through 3.90.2. An attacker with task creation permissions can bypass nexus.scripts.allowCreation and execute arbitrary code. The connected CVE records ...

9.4CVSS6.1AI score0.00359EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/08 10:17 p.m.2 views

CVE-2026-3199 Nexus Repository 3 - Authenticated Remote Code Execution via Task Property Injection

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control...

9.4CVSS6.1AI score0.00359EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/08 10:16 p.m.18 views

CVE-2026-3438 Nexus Repository 3 - Reflected Cross-Site Scripting (XSS) in ?describe Pages

A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction...

5.1CVSS0.00465EPSS
Exploits0References2
CVE
CVE
added 2026/04/08 10:16 p.m.24 views

CVE-2026-3438

CVE-2026-3438 affects Sonatype Nexus Repository 3.x (versions 3.0.0 through 3.90.2). It is a reflected cross-site scripting vulnerability that lets unauthenticated remote attackers execute arbitrary JavaScript in a victim’s browser via a specially crafted URL. Exploitation requires user interacti...

5.1CVSS6.1AI score0.00465EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/08 10:16 p.m.2 views

CVE-2026-3438

A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction...

5.1CVSS6.1AI score0.00465EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/08 10:16 p.m.5 views

CVE-2026-3438 Nexus Repository 3 - Reflected Cross-Site Scripting (XSS) in ?describe Pages

A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction...

5.1CVSS6.1AI score0.00465EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.7 views

Sonatype Nexus Repository 安全漏洞

Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software. Versions of Sonatype Nexus Repository 3.90.2 and earlier contain security vulnerabilities. These vulnerabilities stem from...

5.1CVSS5.9AI score0.00465EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.7 views

PT-2026-31544

Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository versions 3.22.1 through 3.90.2 Description A flaw exists in the task management component of Sonatype Nexus Repository. An authenticated attacker possessing task creation permissions can execute arbitrary code,...

9.4CVSS5.7AI score0.00359EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.8 views

PT-2026-31545

Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository versions 3.0.0 through 3.90.2 Description A reflected cross-site scripting issue exists that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted UR...

5.1CVSS6.1AI score0.00465EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.14 views

Sonatype Nexus Repository 安全漏洞

Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software. Versions of Sonatype Nexus Repository 3.90.2 and earlier contain security vulnerabilities. These vulnerabilities stem from...

9.4CVSS6AI score0.00359EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/07 9:0 p.m.7 views

org.sonatype.nexus.assemblies:nexus-base-overlay (>=3.60.0-02 <=3.70.1-02), org.sonatype.nexus.assemblies:nexus-base-template (>=3.4.0-02 <=3.70.1-02) +39 more potentially affected by CVE-2026-3438 via org.sonatype.nexus:nexus-repository (>=3.0.0-03 <=3.8.0-02)

org.sonatype.nexus:nexus-repository MAVEN version =3.0.0-03, =3.60.0-02, =3.4.0-02, =3.0.0-03, =3.5.0-02, =3.4.0-02, =0.0.1, =3.17.0-01, =0.0.2, =0.0.2, =3.19.0-01, =0.0.3, =1.0.0, =0.0.4, =0.0.2, =0.0.7 and more Source cves: CVE-2026-3438 Source advisory: SNYK:JAVA-ORGSONATYPENEXUS-164...

5.1CVSS5.8AI score0.00465EPSS
Exploits0
Packet Storm
Packet Storm
added 2026/02/05 12:0 a.m.220 views

📄 Nexus Repository Manager 3.53.0-01 File Disclosure / Traversal

A critical path traversal vulnerability exists in Sonatype Nexus Repository Manager 3 that allows unauthenticated attackers to read arbitrary files from the server filesystem through crafted URL paths. This is a proof of concept for an issue discovered in 2024...

7.5CVSS8.4AI score0.18245EPSS
Exploits16
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/02/02 6:18 a.m.4 views

Sonatype Nexus Repository vulnerable to server-side request forgery

Overview Nexus Repository provided by Sonatype contains the following vulnerability. Server-side request forgery CWE-918 - CVE-2026-0600 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...

7.6CVSS5.6AI score0.00284EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/15 10:32 p.m.5 views

CVE-2026-0601

A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction...

5.1CVSS6.6AI score0.00389EPSS
Exploits0References1
Rows per page
Query Builder