70 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-50734
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker c...
EUVD-2026-40282
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The value is not validate and causes t...
CVE-2026-50734
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, and Apache ActiveMQ All allows an unauthenticated network attacker to cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The broker may allocate memor...
ROOT-APP-MAVEN-CVE-2026-33227 CVE-2026-33227 in io.root.org.apache.activemq:activemq-client - Patched by Root
Root has patched CVE-2026-33227 in the io.root.org.apache.activemq:activemq-client package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-39304 CVE-2026-39304 in io.root.org.apache.activemq:activemq-client - Patched by Root
Root has patched CVE-2026-39304 in the io.root.org.apache.activemq:activemq-client package for Root:Maven. Multiple fixed versions available...
OESA-2026-2126 activemq security update
The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: 'Severity: low \n\nAffected versions:\n\n- Apache ActiveMQ Client org.apache.activemq:activemq-client before 5.19.3\n- Apache ActiveMQ Client org.apache.activemq:activemq-client 6.0.0 before...
OESA-2026-2124 activemq security update
The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: 'Severity: low \n\nAffected versions:\n\n- Apache ActiveMQ Client org.apache.activemq:activemq-client before 5.19.3\n- Apache ActiveMQ Client org.apache.activemq:activemq-client 6.0.0 before...
BIT-ACTIVEMQ-2026-39304 Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incorrect handling of TLSv1.3 KeyUpdate can be exploited to cause DoS via OOM
Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes...
Allocation of Resources Without Limits or Throttling
Overview org.apache.activemq:activemq-client is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in NIO SSL transport processing. An attacker can cause the...
be.yildiz-games:module-messaging-activemq (=2.0.0), cn.hutool.v7:hutool-extra (>=7.0.0-M2 <=7.0.0-M5) +168 more potentially affected by CVE-2026-39304 via org.apache.activemq:activemq-client (>=6.0.0 <=6.2.3)
org.apache.activemq:activemq-client MAVEN version =6.0.0, =7.0.0-M2, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =7.0.0, =7.0.0, =7.0.1 and more Source cves: CVE-2026-39304 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15992454...
be.yildiz-games:module-messaging-activemq (=2.0.0), cn.hutool.v7:hutool-extra (>=7.0.0-M2 <=7.0.0-M5) +168 more potentially affected by CVE-2026-39304 via org.apache.activemq:activemq-client (>=6.0.0 <=6.2.3)
org.apache.activemq:activemq-client MAVEN version =6.0.0, =7.0.0-M2, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =7.0.0, =7.0.0, =7.0.1 and more Source cves: CVE-2026-39304 Source advisory: OSV:GHSA-5568-6QCG-G7FX...
Apache ActiveMQ: Denial of Service via Out of Memory vulnerability
Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes...
CVE-2026-39304
Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes...
CVE-2026-39304 Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incorrect handling of TLSv1.3 KeyUpdate can be exploited to cause DoS via OOM
Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes...
CVE-2026-39304
Summary: CVE-2026-39304 describes a DoS via Out-of-Memory in Apache ActiveMQ components caused by TLSv1.3 KeyUpdate handling in NIO SSL transports. The broker and clients are affected for multiple versions prior to 6.2.4 or 5.19.4, with the recommended fixes being 6.2.4 or 5.19.5. The issue arise...
Linux Distros Unpatched Vulnerability : CVE-2026-39304
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correct...
PT-2026-31892
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Client versions before 5.19.4, from 6.0.0 through 6.2.3 Apache ActiveMQ Broker versions before 5.19.4, from 6.0.0 through 6.2.3 Apache ActiveMQ versions before 5.19.4, from 6.0.0 through 6.2.3 Description A denial of service...
BIT-ACTIVEMQ-2026-33227 Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory
Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...
EUVD-2026-19586
Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated user provided "key" value could be...
be.yildiz-games:module-messaging-activemq (=2.0.0), cn.hutool.v7:hutool-extra (>=7.0.0-M2 <=7.0.0-M5) +167 more potentially affected by CVE-2026-33227 via org.apache.activemq:activemq-client (>=6.0.0 <=6.2.1)
org.apache.activemq:activemq-client MAVEN version =6.0.0, =7.0.0-M2, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =7.0.0, =7.0.0, =7.0.1 and more Source cves: CVE-2026-33227 Source advisory: OSV:GHSA-H2H4-5M64-M273...