CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

408 matches found

Cvelist•added 2018/11/15 8:0 p.m.•13 views

CVE-2018-16620

Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control...

7.6AI score0.00324EPSS

Exploits0References1

CVE•added 2018/11/15 8:0 p.m.•53 views

CVE-2018-16621

CVE-2018-16621 affects Sonatype Nexus Repository Manager prior to version 3.14, where Java Expression Language Injection is possible. The root cause is insecure EL handling in the repository manager, enabling injection that can lead to server-side behavior manipulation. In the public records, the...

7.2CVSS6.9AI score0.0054EPSS

Exploits2References2Affected Software1

CVE•added 2018/11/15 8:0 p.m.•45 views

CVE-2018-16619

CVE-2018-16619 affects Sonatype Nexus Repository Manager prior to version 3.14 and is a cross-site scripting (XSS) vulnerability. The issue allows an attacker to execute arbitrary JavaScript in a user’s browser, with exploitation described as remote and requiring user interaction in some sources....

6.1CVSS6.2AI score0.00353EPSS

Exploits0References1Affected Software1

Cvelist•added 2018/11/15 8:0 p.m.•12 views

CVE-2018-16621

Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection...

7AI score0.0054EPSS

Exploits2References2

Hacker One•added 2018/11/07 2:32 a.m.•33 views

Imgur: Ability to login to the Nexus Repo Manager from https://nexus.imgur.com/

Hello Imgur Administrators, I am not sure if this falls in your scope but I wanted to alert you that your Nexus Repository Manager can be accessed through https://nexus.imgur.com/ Usually the default user/pass for the NRM are admin/admin123 but there is an alternative way to login using the below...

0.5AI score

Exploits0

CNVD•added 2018/06/13 12:0 a.m.•1 views

Sonatype Nexus Repository Manager Cross-Site Scripting Vulnerability (CNVD-2018-11638)

Sonatype Nexus Repository Manager aka NXRM is a maven repository manager. A cross-site scripting vulnerability exists in Sonatype NXRM versions prior to 3.12.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the Administration UI...

4.8CVSS4.8AI score0.00342EPSS

Exploits0References1

OSV•added 2018/06/11 11:29 a.m.•14 views

CVE-2018-12100

Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI...

4.8CVSS5.2AI score0.00342EPSS

Exploits0References4

NVD•added 2018/06/11 11:29 a.m.•14 views

CVE-2018-12100

Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI...

4.8CVSS5AI score0.00342EPSS

Exploits0References4

Prion•added 2018/06/11 11:29 a.m.•17 views

Code injection

Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI...

3.5CVSS4.8AI score0.00342EPSS

Exploits0References4Affected Software1

CVE•added 2018/06/11 11:0 a.m.•39 views

CVE-2018-12100

The CVE-2018-12100 issue affects Sonatype Nexus Repository Manager 3.x prior to 3.12.0, with XSS in multiple Administration UI paths. The underlying cause is insufficient input validation/output sanitization in user-facing parameters, enabling an attacker to inject arbitrary JavaScript into a vic...

4.8CVSS4.8AI score0.00342EPSS

Exploits0References4Affected Software1

CNVD•added 2018/02/26 12:0 a.m.•1 views

Sonatype Nexus Repository Manager Cross-Site Scripting Vulnerability

Sonatype Nexus Repository Manager aka NXRM is a maven repository manager. A cross-site scripting vulnerability exists in Sonatype Nexus Repository Manager version 3.x prior to 3.8. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML in a variety of ways...

6.1CVSS5.9AI score0.00329EPSS

Exploits3References1

CNVD•added 2018/02/26 12:0 a.m.•1 views

Sonatype Nexus Repository Manager Cross-Site Scripting Vulnerability (CNVD-2018-05183)

Sonatype Nexus Repository Manager aka NXRM is a maven repository manager. Multiple cross-site scripting vulnerabilities exist in Sonatype Nexus Repository Manager version 2.x prior to 2.14.6. A remote attacker can exploit the vulnerabilities to inject arbitrary web script or HTML using a variety ...

6.1CVSS6.1AI score0.0032EPSS

Exploits3References1

OSV•added 2018/02/15 10:29 p.m.•2 views

CVE-2017-5787

A remote denial of service vulnerability in HPE Version Control Repository Manager VCRM in all versions prior to 7.6 was found...

6.5CVSS5.8AI score0.00346EPSS

Exploits0References3

OSV•added 2018/02/15 10:29 p.m.•2 views

CVE-2016-8514

A remote information disclosure in HPE Version Control Repository Manager VCRM was found. The problem impacts all versions prior to 7.6...

6.5CVSS5.8AI score0.00536EPSS

Exploits0References4

OSV•added 2018/02/15 10:29 p.m.•0 views

CVE-2016-8515

A remote malicious file upload vulnerability in HPE Version Control Repository Manager VCRM was found. The problem impacts all versions prior to 7.6...

8.8CVSS5.8AI score

Exploits0References4

Prion•added 2018/02/15 10:29 p.m.•15 views

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF vulnerability in HPE Version Control Repository Manager VCRM was found. The problem impacts all versions prior to 7.6...

6CVSS7.1AI score0.00164EPSS

Exploits0References4Affected Software1

Cvelist•added 2018/02/15 10:0 p.m.•13 views

CVE-2016-8513

A Cross-Site Request Forgery CSRF vulnerability in HPE Version Control Repository Manager VCRM was found. The problem impacts all versions prior to 7.6...

7.8AI score0.00164EPSS

Exploits0References4

CVE•added 2018/02/15 10:0 p.m.•39 views

CVE-2016-8513

CVE-2016-8513 describes a CSRF vulnerability in HPE Version Control Repository Manager (VCRM) affecting all versions prior to 7.6. A remote attacker could exploit this by convincing a user to follow a crafted link or HTML page to perform unauthorized actions. The vulnerability’s impact is indicat...

8CVSS7.8AI score0.00164EPSS

Exploits0References4Affected Software1

OSV•added 2018/02/09 10:29 p.m.•18 views

CVE-2018-5306

Multiple cross-site scripting XSS vulnerabilities in Sonatype Nexus Repository Manager aka NXRM 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via 1 the repoId or 2 format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; 3 the filename in...

6.1CVSS6AI score0.00329EPSS

Exploits3References3

OSV•added 2018/02/09 10:29 p.m.•0 views

CVE-2018-5307

Multiple cross-site scripting XSS vulnerabilities in Sonatype Nexus Repository Manager aka NXRM 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via 1 the repoId or 2 format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; 3 the filename...

6.1CVSS5.8AI score

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by