17427 matches found
CLSA-2026-1768570231 git: Fix of CVE-2024-32021
CVE-2024-32021: fix issue where cloning local source repository with symlinks may create hardlinks to arbitrary user-readable files in the objects/ directory...
PT-2026-3330
Name of the Vulnerable Software and Affected Versions Gradle versions prior to 9.3.0 Description Gradle’s native-platform tool, which provides Java bindings for native APIs, does not treat certain exceptions as fatal errors when resolving dependencies in versions before 9.3.0. This allows Gradle ...
PT-2026-3331
Name of the Vulnerable Software and Affected Versions Gradle versions prior to 9.3.0 Description Gradle, a build automation tool, has an issue where dependency resolution in versions before 9.3.0 does not treat certain exceptions as fatal errors. This allows Gradle to continue to subsequent...
MiracleLinux 7 : git-1.8.3.1-14.el7 (AXSA:2018-3186:02)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3186:02 advisory. git: arbitrary code execution when recursively cloning a malicious repository CVE-2018-11235 Tenable has extracted the preceding description block directly...
CVE-2026-0601
A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction...
CVE-2026-0600
Server-Side Request Forgery SSRF vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network...
EUVD-2026-2665
A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction...
CVE-2026-0600
Server-Side Request Forgery SSRF vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network...
Cross-site Scripting (XSS)
Overview org.sonatype.nexus:nexus-extdirect is a Repository Manager. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the request process. An attacker can execute arbitrary JavaScript in the context of a victim's browser by enticing the user to interact with a...
org.sonatype.nexus.api.rest:nexus-api-rest-selfhosted (>=3.81.0-08 <=3.87.2-01), org.sonatype.nexus.assemblies:nexus-base-overlay (>=3.60.0-02 <=3.77.2-02) +49 more potentially affected by CVE-2026-0600 via org.sonatype.nexus:nexus-repository-services (>=3.22.0-01 <=3.87.2-01)
org.sonatype.nexus:nexus-repository-services MAVEN version =3.22.0-01, =3.81.0-08, =3.60.0-02, =3.22.0-01, =3.22.0-01, =3.22.0-01, =3.22.0-01, =3.23.0-01, =3.77.0-08, =0.0.8, =3.22.0-01, =0.0.5, =0.0.2, =3.22.0-01, =0.0.7, =1.0.0, =3.31.1-01 and more Source cves:...
CVE-2026-0600
Server-Side Request Forgery SSRF vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network...
CVE-2026-0600
CVE-2026-0600 is a Server-Side Request Forgery (SSRF) vulnerability affecting Sonatype Nexus Repository 3.x (3.0.0 and later). The issue allows authenticated administrators who configure proxy repositories to set URLs that can reach unintended network destinations, including cloud metadata servic...
CVE-2026-0600 Nexus Repository 3 - Server-Side Request Forgery in Proxy Repository Configuration
Server-Side Request Forgery SSRF vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network...
CVE-2026-0600 Nexus Repository 3 - Server-Side Request Forgery in Proxy Repository Configuration
Server-Side Request Forgery SSRF vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network...
EUVD-2026-2838
Server-Side Request Forgery SSRF vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network...
CVE-2026-0601
A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction...
CVE-2026-0601
A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction...
CVE-2026-0601
CVE-2026-0601 is a reflected XSS affecting Nexus Repository 3. An unauthenticated attacker can cause arbitrary JavaScript execution in a victim’s browser by sending a crafted request that requires user interaction. The vulnerability impacts the Nexus Repository 3 ecosystem (notably the nexus-extd...
CVE-2026-0601 Nexus Repository 3 - Cross-Site Scripting
A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction...
CVE-2026-0601 Nexus Repository 3 - Cross-Site Scripting
A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction...