Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2 matches found

vulnersOsv
vulnersOsvadded 2026/04/15 8:22 p.m.4 views

org.sonatype.nexus.assemblies:nexus-base-feature (>=3.4.0-02 <=3.70.1-02), org.sonatype.nexus.assemblies:nexus-base-overlay (>=3.60.0-02 <=3.70.1-02) +3 more potentially affected by CVE-2026-5189 via org.sonatype.nexus:nexus-base (>=3.10.0-04 <=3.70.1-02)

org.sonatype.nexus:nexus-base MAVEN version =3.10.0-04, =3.4.0-02, =3.60.0-02, =3.4.0-02, =0.1.6, =3.48.0-01, =3.70.1-02 Source cves: CVE-2026-5189 Source advisory: SNYK:JAVA-ORGSONATYPENEXUS-16427423...

9.2CVSS5.8AI score0.00036EPSS
Exploits0
ATTACKERKB
ATTACKERKBadded 2026/04/15 6:43 p.m.0 views

CVE-2026-5189

CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...

9.2CVSS6AI score0.00036EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder