Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sonatype nexus vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2019-14469
In Nexus Repository Manager prior to 3.18.0, users with elevated privileges can create stored XSS.
Sonatype Nexus Repository Manager
668
VMScore
CVE-2019-9629
Sonatype Nexus Repository Manager prior to 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
Sonatype Nexus Repository Manager
445
VMScore
CVE-2019-9630
Sonatype Nexus Repository Manager prior to 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images.
Sonatype Nexus Repository Manager
383
VMScore
CVE-2018-5306
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x prior to 3.8 allow remote malicious users to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/...
Sonatype Nexus Repository Manager
383
VMScore
CVE-2018-5307
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x prior to 2.14.6 allow remote malicious users to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDeta...
Sonatype Nexus Repository Manager
383
VMScore
CVE-2020-15869
Sonatype Nexus Repository Manager OSS/Pro versions prior to 3.25.1 allow XSS (issue 1 of 2).
Sonatype Nexus Repository Manager 3
383
VMScore
CVE-2020-15870
Sonatype Nexus Repository Manager OSS/Pro versions prior to 3.25.1 allow XSS (Issue 2 of 2).
Sonatype Nexus Repository Manager 3
605
VMScore
CVE-2020-15871
Sonatype Nexus Repository Manager OSS/Pro version prior to 3.25.1 allows Remote Code Execution.
Sonatype Nexus Repository Manager 3
570
VMScore
CVE-2021-40143
Sonatype Nexus Repository 3.x up to and including 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance.
Sonatype Nexus Repository Manager 3
356
VMScore
CVE-2021-29158
Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »