Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

408 matches found

OSV
OSVadded 2020/04/20 7:15 p.m.0 views

CVE-2020-11753

An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default making this not...

8.8CVSS7.3AI score
Exploits0References2
Prion
Prionadded 2020/04/20 7:15 p.m.10 views

Design/Logic Flaw

An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default making this not...

6.5CVSS8.4AI score0.01245EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2020/04/20 6:49 p.m.46 views

CVE-2020-11753

CVE-2020-11753 affects Sonatype Nexus Repository Manager versions 3.21.1 and 3.22.0. The issue allows a user with appropriate privileges to create, modify, and execute scripting tasks without using the UI or API. The note for 3.22.0 states scripting is disabled by default, making it not exploitab...

8.8CVSS8.4AI score0.01245EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2020/04/20 12:0 a.m.2 views

PT-2020-12823 · Sonatype · Sonatype Nexus Repository Manager +1

Name of the Vulnerable Software and Affected Versions: Sonatype Nexus Repository Manager versions 3.21.1 Description: An issue was discovered in Sonatype Nexus Repository Manager. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of t...

8.8CVSS8.5AI score0.01245EPSS
Exploits0References5
Exploit DB
Exploit DBadded 2020/04/17 12:0 a.m.491 views

Nexus Repository Manager - Java EL Injection RCE (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nexus Repository Manager Java EL Injection RCE', 'Description' = %q This module exploits a Java Expression Language EL injection in Nexus...

9CVSS8.7AI score0.94379EPSS
Exploits10
0day.today
0day.todayadded 2020/04/16 12:0 a.m.171 views

Nexus Repository Manager 3.21.1-01 Remote Code Execution Exploit

This Metasploit module exploits a Java Expression Language EL injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. Tested against 3.21.1-01. This module requires Metasploit: https://metasploit.com/download Current source:...

9CVSS9AI score0.94379EPSS
Exploits10
Packet Storm
Packet Stormadded 2020/04/16 12:0 a.m.247 views

Nexus Repository Manager 3.21.1-01 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nexus Repository Manager Java EL Injection RCE', 'Description' = %q This module exploits a Java Expression Language EL injection in Nexus...

9CVSS8.7AI score0.94379EPSS
Exploits10
OSV
OSVadded 2020/04/14 3:27 p.m.12 views

GHSA-3944-787C-F852 Persistent Cross-Site scripting in Nexus Repository Manager

Sonatype Nexus Repository before 3.21.2 allows XSS...

4.8CVSS5AI score0.00351EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2020/04/14 3:27 p.m.60 views

Persistent Cross-Site scripting in Nexus Repository Manager

Sonatype Nexus Repository before 3.21.2 allows XSS...

4.8CVSS2.4AI score0.00351EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blogadded 2020/04/14 3:27 p.m.95 views

Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager

Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution...

9CVSS4.2AI score0.55841EPSS
Exploits3References6Affected Software1
CNVD
CNVDadded 2020/04/03 12:0 a.m.1 views

Nexus Repository Manager Incorrect Access Control Vulnerability

Nexus Repository Manager is a repository manager from Sonatype that lets you proxy, collect, and manage your dependencies so you don't have to deal with a series of JARs on a regular basis, making it easy to distribute your software. An incorrect access control vulnerability exists in Nexus...

8.8CVSS6.8AI score0.58746EPSS
Exploits2References1
OSV
OSVadded 2020/04/02 6:15 p.m.1 views

CVE-2020-11444

Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control...

8.8CVSS7.2AI score0.58746EPSS
Exploits2References2
Prion
Prionadded 2020/04/02 6:15 p.m.8 views

Improper access control

Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control...

6.5CVSS8.7AI score0.58746EPSS
Exploits2References2Affected Software1
Cvelist
Cvelistadded 2020/04/02 5:22 p.m.12 views

CVE-2020-11444

Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control...

8.8AI score0.58746EPSS
Exploits2References2
CVE
CVEadded 2020/04/02 5:22 p.m.230 views

CVE-2020-11444

CVE-2020-11444 affects Sonatype Nexus Repository Manager 3.x up to 3.21.2, with an Incorrect Access Control flaw that enables unauthorized actions on the server. Red Hat and CNVD entries confirm the issue exists in Nexus 3.x; public exploit references show a workaround: an unauthenticated or mini...

8.8CVSS8.7AI score0.58746EPSS
Exploits2References2Affected Software1
CNVD
CNVDadded 2020/04/02 12:0 a.m.1 views

Sonatype Nexus Repository Manager Command Execution Vulnerability

Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. A command execution vulnerability exists in Sonatype Nexus Repository Manager. An attacker can exploit this vulnerability to execute code...

9CVSS7.4AI score0.55841EPSS
Exploits3References1
CNVD
CNVDadded 2020/04/02 12:0 a.m.3 views

Sonatype Nexus Repository Manager Command Execution Vulnerability (CNVD-2020-28477)

Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. A command execution vulnerability exists in Sonatype Nexus Repository Manager. An attacker can exploit this vulnerability to execute arbitrary code with the help of a malicious request...

9CVSS9.7AI score0.94379EPSS
Exploits10References1
Check Point Advisories
Check Point Advisoriesadded 2019/11/18 12:0 a.m.4 views

Sonatype Nexus Repository Manager 3 Remote Code Execution (CVE-2019-7238)

A remote code execution vulnerability exists in Sonatype Nexus Repository Manager 3. This vulnerability is due to insufficient validation of the parameter in the previewAssets function. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the...

7.5CVSS4.9AI score0.94379EPSS
Exploits4
CNVD
CNVDadded 2019/11/04 12:0 a.m.1 views

Command Execution Vulnerability in Nexus Repository Manager

Sonatype Nexus is a Maven repository management system that provides powerful repository management, component search, and can be used to build a Maven repository self-service to save bandwidth and time by maintaining a local repository while proxying a remote repository. A command execution...

9CVSS7.6AI score0.073EPSS
Exploits4
NVD
NVDadded 2019/11/01 3:15 p.m.10 views

CVE-2019-15588

There is an OS Command Injection in Nexus Repository Manager = 2.14.14 bypass CVE-2019-5475 that could allow an attacker a Remote Code Execution RCE. All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability...

9CVSS8.2AI score0.073EPSS
Exploits4References2
Rows per page
Query Builder