org.sonatype.nexus.assemblies:nexus-base-feature (>=3.4.0-02 <=3.70.1-02), org.sonatype.nexus.assemblies:nexus-base-overlay (>=3.60.0-02 <=3.70.1-02) +3 more potentially affected by CVE-2026-5189 via org.sonatype.nexus:nexus-base (>=3.10.0-04 <=3.70.1-02)

org.sonatype.nexus:nexus-base MAVEN version =3.10.0-04, =3.4.0-02, =3.60.0-02, =3.4.0-02, =0.1.6, =3.48.0-01, =3.70.1-02 Source cves: CVE-2026-5189 Source advisory: SNYK:JAVA-ORGSONATYPENEXUS-16427423...

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials when the nexus.orient.binaryListenerEnabled configuration is set to true. This option is set by default in legacy HA-C mode, but not in standalone deployments, including HA deployments. An attacker can gain...

com.tencent.devops:devops-boot-starter-plugin (=1.0.0), com.tencent.devops:devops-plugin-core (=1.0.0) +128 more potentially affected by CVE-2024-38807 via org.springframework.boot:spring-boot-loader (>=3.3.1 <=3.3.2)

org.springframework.boot:spring-boot-loader MAVEN version =3.3.1, =0.4.15, =4.7.0, =8.2.0, =8.2.0, =3.87.0-03, =3.87.0-03, =3.87.0-03, =3.87.0-03, =3.89.0-09, =3.89.0-09, =3.89.0-09, =3.89.0-09, =3.89.0-09, =3.90.3-03 and more Source cves: CVE-2024-38807https://vulners.com/cve/CVE-2024-38807...

org.eclipse.tycho.nexus:unzip-repository-plugin (=0.12.0), org.sonatype.nexus.assemblies:nexus-base-template (>=3.10.0-04 <=3.21.1-01) +27 more potentially affected by CVE-2020-10204 via org.sonatype.nexus:nexus-core (>=2.4.0-1 <=3.21.1-01)

org.sonatype.nexus:nexus-core MAVEN version =2.4.0-1, =3.10.0-04, =3.0.0-03, =2.2.1, =2.2.1, =2.4.0-1, =2.4.0-1, =2.6.0-01, =2.6.0-01, =2.4.0-1, =2.6.0-01, =2.4.0-1, =2.6.0-01, =2.5.0-01, =2.4.0-1, =2.7.0-m1 and more Source cves: CVE-2020-10204 Source advisory:...