Ghostwire
Home / Vulnerabilities / CVE-2026-3329

CVE-2026-3329: [CNNVD CNNVD-202606-2993] Sonatype Nexus Repository 安全漏洞

MEDIUM CVSS 5.0 EPSS 0.15%

Published: June 11, 2026 | Last Modified: June 12, 2026

Description

[CNNVD CNNVD-202606-2993] Sonatype Nexus Repository 安全漏洞

Ghostwire Analysis — What This Means Practically

Exploitation Probability (EPSS): Low — 0.15% (36th percentile)

Low exploitation probability based on current threat landscape data. Standard patching timeline is appropriate.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (15 articles)

Tenable CVEs
CVE-2026-3329
 CVE Feed
CVE-2026-33290 - WPGraphQL Repo's updateComment allows low-privileged authenticated users to change comment moderation status (comment_approved) without moderate_comments permission
 Tenable CVEs
CVE-2026-33298
 Tenable CVEs
CVE-2026-33290
 CVE Feed
CVE-2026-33297 - AVideo has an IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php
 Tenable CVEs
CVE-2026-33297
 CVE Feed
CVE-2026-33296 - AVideo has an Open Redirect via Unvalidated redirectUri in userLogin.php
 Tenable CVEs
CVE-2026-33295
 Tenable CVEs
CVE-2026-33296
 CVE Feed
CVE-2026-33294 - AVideo has SSRF in BulkEmbed Thumbnail Fetch that Allows Reading Internal Network Resources
 Tenable CVEs
CVE-2026-33294
 CVE Feed
CVE-2026-33293 - AVideo Affected by Arbitrary File Deletion via Path Traversal in CloneSite deleteDump Parameter
 Tenable CVEs
CVE-2026-33293
 Tenable CVEs
CVE-2026-33292
 CVE Feed
CVE-2026-33292 - AVideo has Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid Videos

References