Lucene search
K

435 matches found

RedhatCVE
RedhatCVE
added 2026/07/01 3:46 p.m.19 views

CVE-2026-41001

A flaw was found in Spring Boot. The ArtemisEmbeddedConfigurationFactory component uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can exploit this by pre-creating this predictable directory ...

5.3CVSS5.6AI score0.00094EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2026/07/01 7:29 a.m.6 views

K000162017: Apache Artemis vulnerability CVE-2026-27446

Security Advisory Description Missing Authentication for Critical Function CWE-306 vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an...

9.8CVSS7.2AI score0.10629EPSS
Exploits1
OSV
OSV
added 2026/06/23 7:3 a.m.9 views

ROOT-APP-MAVEN-CVE-2025-27427 CVE-2025-27427 in io.root.org.apache.activemq:artemis-server - Patched by Root

Root has patched CVE-2025-27427 in the io.root.org.apache.activemq:artemis-server package for Root:Maven. Multiple fixed versions available...

4.3CVSS5.9AI score0.0058EPSS
Exploits0
OSV
OSV
added 2026/06/23 7:3 a.m.15 views

ROOT-APP-MAVEN-CVE-2026-27446 CVE-2026-27446 in io.root.org.apache.activemq:artemis-server - Patched by Root

Root has patched CVE-2026-27446 in the io.root.org.apache.activemq:artemis-server package for Root:Maven. Multiple fixed versions available...

9.8CVSS7.3AI score0.10629EPSS
Exploits1
OSV
OSV
added 2026/06/21 8:20 a.m.10 views

ROOT-APP-MAVEN-CVE-2025-27391 CVE-2025-27391 in io.root.org.apache.activemq:artemis-project - Patched by Root

Root has patched CVE-2025-27391 in the io.root.org.apache.activemq:artemis-project package for Root:Maven. Multiple fixed versions available...

6.8CVSS5.6AI score0.00384EPSS
Exploits0
NVD
NVD
added 2026/06/11 7:16 a.m.16 views

CVE-2026-41001

Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts...

5.3CVSS0.00094EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 5:4 a.m.10 views

CVE-2026-41001 Predictable Temp Directory in Artemis Auto-configuration

Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts...

5.3CVSS5.5AI score0.00094EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 5:4 a.m.12 views

EUVD-2026-36211

Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts...

5.3CVSS5.5AI score0.00094EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 5:4 a.m.63 views

CVE-2026-41001

CVE-2026-41001 affects Spring Boot’s ArtemisEmbeddedConfigurationFactory, which uses a fixed, static path for the embedded Artemis broker data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before appli...

5.3CVSS5.5AI score0.00094EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 5:4 a.m.40 views

CVE-2026-41001 Predictable Temp Directory in Artemis Auto-configuration

Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts...

5.3CVSS0.00094EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.18 views

PT-2026-48624

Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts...

5.3CVSS5.5AI score0.00094EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

VMware Spring Boot 安全漏洞

VMware Spring Boot is an open-source framework developed by the American company VMware. There are security vulnerabilities in versions 4.0.0 to 4.0.6, 3.5.0 to 3.5.14, 3.4.0 to 3.4.16, 3.3.0 to 3.3.19, and 2.7.0 to 2.7.33 of VMware Spring Boot. These vulnerabilities stem from the use of fixed...

5.3CVSS5.3AI score0.00094EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.10 views

cve-2026-41001 - MEDIUM - Predictable Temp Directory in Artemis Auto-configuration

cve-2026-41001 - MEDIUM - Predictable Temp Directory in Artemis Auto-configuration...

5.3CVSS6.1AI score0.00094EPSS
Exploits0
Snyk
Snyk
added 2026/06/10 12:0 a.m.11 views

Insecure Temporary File

Overview Affected versions of this package are vulnerable to Insecure Temporary File via the default data directory configuration in ArtemisEmbeddedConfigurationFactory. A local attacker can tamper with or redirect the embedded Artemis broker's data storage by pre-creating the predictable data...

5.3CVSS5.3AI score0.00094EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.11 views

CVE-2026-40914

A flaw was found in Apache ActiveMQ Artemis. An authenticated user, with existing permissions to send or consume messages via the STOMP protocol, could bypass intended access controls. This vulnerability allows the user to modify the routing-type of an address, even without the necessary...

4.3CVSS5.8AI score0.00372EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.15 views

Apache Artemis 2.0.0 < 2.54.0 Incorrect Authorization (CVE-2026-40914)

The version of Apache Artemis formerly Apache ActiveMQ Artemis installed on the remote host is affected by a vulnerability: - A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an...

4.3CVSS5.8AI score0.00372EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 3:39 p.m.4 views

GHSA-RF99-F9J2-GV3F Apache Artemis has an Incorrect Authorization issue

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

4.3CVSS5.7AI score0.00372EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2026/05/28 2:42 p.m.6 views

com.io7m.jsay:com.io7m.jsay (>=0.0.2 <=1.0.0), com.jkoolcloud.tnt4j.streams:tnt4j-streams-jms (>=1.14.2 <=2.3.0) +6 more potentially affected by CVE-2026-40914 via org.apache.activemq:artemis-stomp-protocol (>=2.0.0 <=2.4.0)

org.apache.activemq:artemis-stomp-protocol MAVEN version =2.0.0, =0.0.2, =1.14.2, =4.2.8, =2.0.0, =2.0.0, =2.31.1, =2.29.0, =2.44.0 Source cves: CVE-2026-40914 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-17116517...

4.3CVSS5.4AI score0.00372EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/28 2:42 p.m.7 views

org.apache.artemis:apache-artemis (>=2.50.0 <=2.53.0), org.apache.artemis:artemis-features (>=2.50.0 <=2.53.0) +1 more potentially affected by CVE-2026-40914 via org.apache.artemis:artemis-stomp-protocol (>=2.50.0 <=2.53.0)

org.apache.artemis:artemis-stomp-protocol MAVEN version =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.53.0 Source cves: CVE-2026-40914 Source advisory: SNYK:JAVA-ORGAPACHEARTEMIS-17116516...

4.3CVSS5.4AI score0.00372EPSS
Exploits0
Snyk
Snyk
added 2026/05/28 2:42 p.m.7 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the updateAddressInfo and createAddress methods. A user with consume or send permssions can modify the routing-type of an address - e.g. from ANYCAST to MULTICAST. Remediation Upgrade...

5.4CVSS5.8AI score0.00372EPSS
Exploits0References2
Rows per page
Query Builder