CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5309 matches found

Sonatype Nexus Repository Manager 3 - Local File Inclusion

Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1. id: CVE-2024-4956 info: name: Sonatype Nexus Repository Manager 3 - Local File Inclusion author: ritikchaddha severity: high description: | Path Traversal in Sonatype...

7.5CVSS7.2AI score0.18245EPSS

Exploits16References4

Nuclei•added 13 hours ago•53 views

Nexus Repository 2 - Remote Code Execution

A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2.This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1. id: CVE-2024-5082 info: name: Nexus Repository 2 - Remote Code Execution author: iamnoooob,rootxharsh,pdresearch severity: hi...

7.1CVSS7AI score0.01864EPSS

Exploits0References2

Nuclei•added 13 hours ago•75 views

Sonatype Nexus Repository Manager <3.15.0 - Remote Code Execution

Sonatype Nexus Repository Manager before 3.15.0 is susceptible to remote code execution. id: CVE-2019-7238 info: name: Sonatype Nexus Repository Manager 3.15.0 - Remote Code Execution author: pikpikcu severity: critical description: Sonatype Nexus Repository Manager before 3.15.0 is susceptible t...

9.8CVSS7.8AI score0.76526EPSS

Exploits4References5

Nuclei•added yesterday•25 views

Joomla! Portfolio Nexus - Remote File Inclusion

Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF comifnexus component that allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2009-4679 info: name: Joomla! Portfol...

7.5CVSS6.1AI score0.07866EPSS

Exploits1References4

Nuclei•added 4 days ago•103 views

Sonatype Nexus Repository Manager 3 - Remote Code Execution

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection id: CVE-2020-10199 info: name: Sonatype Nexus Repository Manager 3 - Remote Code Execution author: rootxharsh,iamnoooob,pdresearch severity: high description: Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection impact: |...

9CVSS7.3AI score0.99064EPSS

Exploits10References5

NVD•added 6 days ago•7 views

CVE-2026-10741

Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials...

5.9CVSS0.0026EPSS

Exploits0References2

EUVD•added 6 days ago•9 views

EUVD-2026-37783

5.9CVSS5.2AI score0.0026EPSS

Exploits0References2

CVE•added 6 days ago•11 views

CVE-2026-10741

Sonatype Nexus Repository Manager prior to 3.93.0 contains an authorization flaw in the proxy repository configuration that lets a delegated repository administrator disclose stored upstream proxy credentials. This affects confidentiality (credentials exposure) with a CVSS base score of 5.9 (MEDI...

5.9CVSS5.3AI score0.0026EPSS

Exploits0References2

Positive Technologies•added 6 days ago•12 views

PT-2026-50525

Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository Manager versions prior to 3.93.0 Description An authorization bypass exists in the proxy repository configuration. This issue allows a delegated repository administrator to disclose stored upstream proxy credentials...

5.9CVSS5.2AI score0.0026EPSS

Exploits0References4

NVD•added last week•10 views

CVE-2026-10748

An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0...

8.6CVSS0.00296EPSS

Exploits0References2

CVE•added 2026/06/16 5:42 p.m.•17 views

CVE-2026-10748

Nexus Repository 3 is affected by CVE-2026-10748: an authenticated user with nx-licensing-create can upload a crafted license file to trigger remote code execution as the Nexus process user. Vulnerable in versions before 3.92.0. Remediation: upgrade to 3.92.0 or later according to Sonatype releas...

8.6CVSS5.9AI score0.00296EPSS

Exploits0References2

NVD•added 2026/06/11 6:16 p.m.•11 views

CVE-2026-3329

A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...

8.7CVSS0.00503EPSS

Exploits0References2

Cvelist•added 2026/06/11 5:0 p.m.•25 views

CVE-2026-3329 Nexus Repository Manager - Improper Restriction of Excessive Authentication Attempts

A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...

8.7CVSS0.00503EPSS

Exploits0References2

Vulnrichment•added 2026/06/11 5:0 p.m.•7 views

CVE-2026-3329 Nexus Repository Manager - Improper Restriction of Excessive Authentication Attempts

A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...

8.7CVSS5.5AI score0.00503EPSS

Exploits0References2

CVE•added 2026/06/11 5:0 p.m.•14 views

CVE-2026-3329

CVE-2026-3329 affects Sonatype Nexus Repository. A remote unauthenticated attacker can perform credential-guessing attacks via authentication endpoints, with a CVSS v4.0 base score 8.7 (HIGH) and network exposure. The vulnerability is characterized by a lack of authentication requirements for gue...

8.7CVSS5.5AI score0.00503EPSS

Exploits0References2

EUVD•added 2026/06/11 5:0 p.m.•7 views

EUVD-2026-36268

A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...

8.7CVSS5.5AI score0.00503EPSS

Exploits0References2

CNNVD•added 2026/06/11 12:0 a.m.•9 views

Sonatype Nexus Repository 安全漏洞

Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software. There are security vulnerabilities in Sonatype Nexus Repository. These vulnerabilities stem from authentication endpoint issue...

8.7CVSS5.4AI score0.00503EPSS

Exploits0References1

Positive Technologies•added 2026/06/11 12:0 a.m.•10 views

PT-2026-48696

A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...

8.7CVSS5.5AI score0.00503EPSS

Exploits0References3

RedhatCVE•added 2026/06/05 7:39 p.m.•5 views

CVE-2026-7308

An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions before 3.92.0. Th...

5.1CVSS5.7AI score0.00266EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:37 p.m.•6 views

CVE-2026-3048

An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server...

5.1CVSS5.4AI score0.00257EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by