Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2021/04/28 2:15 p.m.7 views

CVE-2021-29159

A cross-site scripting XSS vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application...

6.1CVSS5.8AI score
Exploits0References2
Cvelist
Cvelistadded 2020/12/17 1:53 a.m.15 views

CVE-2020-29436

Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0...

6.6AI score0.00512EPSS
Exploits0References1
Veracode
Veracodeadded 2020/04/17 2:10 a.m.32 views

Remote Code Execution

Sonatype nxrm is vulnerable to remote code execution. The vulnerability allows high privilege users such as administrators to run arbitrary code on the server with Nexus process privileges by injecting arbitrary Java Expression Language EL expressions...

8.8CVSS6.7AI score0.94379EPSS
Exploits10References6Affected Software2
Veracode
Veracodeadded 2020/04/17 1:50 a.m.16 views

Remote Code Execution

sonatype nxrm is vulnerable to remote code execution. The EL expression engine to process EL expressions is not wrapped by the standard delimiters $, allowing an attacker with any type of account on NXRM to execute arbitrary code by crafting a malicious request to NXRM...

7.2CVSS7.1AI score0.55841EPSS
Exploits3References3Affected Software1
FreeBSD
FreeBSDadded 2019/09/19 12:0 a.m.24 views

nexus2-oss -- Multiple vulerabilities

Sonatype reports: Several RCE vulnerabilities have been found and corrected in 2.14.15: CVE-2019-16530: An attacker with elevated privileges can upload a specially crafted file. That file can contain commands that will be executed on the system, with the same privileges as the user running the...

9CVSS4.9AI score0.796EPSS
Exploits5
CVE
CVEadded 2018/02/09 10:0 p.m.41 views

CVE-2018-5306

CVE-2018-5306 affects Sonatype Nexus Repository Manager (NXRM) 3.x prior to 3.8. An XSS flaw exists across multiple vectors: repoId/format in healthCheckFileDetail, File Upload in Staging Upload, username during user creation, and IQ Server URL field in IQ Server Connection. Exploitation could in...

6.1CVSS6AI score0.00329EPSS
Exploits3References3Affected Software1
Cvelist
Cvelistadded 2018/02/09 10:0 p.m.14 views

CVE-2018-5306

Multiple cross-site scripting XSS vulnerabilities in Sonatype Nexus Repository Manager aka NXRM 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via 1 the repoId or 2 format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; 3 the filename in...

6.1AI score0.00329EPSS
Exploits3References3
Rows per page
Query Builder