77 matches found
OESA-2026-2724 activemq security update
The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies...
CVE-2026-49157
A flaw was found in Apache ActiveMQ. The default authorization settings for Jolokia, a management interface, incorrectly allowed non-administrative web-login accounts to access and execute critical broker management operations. This could enable a low-privilege attacker to perform actions typical...
CVE-2026-46605
A flaw was found in Apache ActiveMQ server. An authenticated attacker with proper permissions could exploit an incomplete authorization vulnerability to remove existing destinations. This could lead to a Denial of Service DoS by disrupting message delivery and processing. Mitigation Mitigation fo...
Linux Distros Unpatched Vulnerability : CVE-2026-49157
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia...
Improper Authorization
Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Improper Authorization due to incomplete authorization checks in the destination removal process. An attacker can...
CVE-2026-49157
Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...
UBUNTU-CVE-2026-42253
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...
CVE-2026-42253
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...
CVE-2026-42253 Apache ActiveMQ, Apache ActiveMQ Web: HTTP Response Header Injection via JMS Message Properties
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...
CVE-2026-45505 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...
CVE-2026-46605
CVE-2026-46605 affects Apache ActiveMQ brokers. Insecure authorization allows authenticated users to remove existing destinations when permissions exist, before versions 6.2.6 (and 5.19.7) were released. Affected ranges include: Apache ActiveMQ Broker: before 5.19.7; from 6.0.0 before 6.2.6; Apac...
EUVD-2026-33574
Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...
Apache ActiveMQ 安全漏洞
Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a security vulnerability in Apache ActiveMQ. This vulnerability arises when the network connector...
Apache ActiveMQ 权限许可和访问控制问题漏洞
Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a security vulnerability in Apache ActiveMQ, which stems from improper default Jolokia authorization...
Apache ActiveMQ 安全漏洞
Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a security vulnerability in Apache ActiveMQ, which stems from improper input validation and inadequate code...
Apache ActiveMQ 安全漏洞
Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a security vulnerability in Apache ActiveMQ. This vulnerability stems from the MessageServlet in the web...
PT-2026-45369
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.7 Apache ActiveMQ versions 6.0.0 through 6.2.5 Apache ActiveMQ Web versions prior to 5.19.7 Apache ActiveMQ Web versions 6.0.0 through 6.2.5 Description An improper neutralization of input during web page...
Unity Linux 20.1070e Security Update: redis6 (UTSA-2026-017799)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017799 advisory. Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debuggers...
Unity Linux 20.1070e Security Update: redis6 (UTSA-2026-017741)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017741 advisory. Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua...
Unity Linux 20.1060e / 20.1070e Security Update: redis (UTSA-2026-017593)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017593 advisory. Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debuggers...