CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2 days ago•9 views

ROOT-APP-MAVEN-CVE-2026-27446 CVE-2026-27446 in io.root.org.apache.activemq:artemis-server - Patched by Root

Root has patched CVE-2026-27446 in the io.root.org.apache.activemq:artemis-server package for Root:Maven. Multiple fixed versions available...

9.8CVSS7.3AI score0.08341EPSS

Exploits1

OSV•added 4 days ago•8 views

ROOT-APP-MAVEN-CVE-2025-27391 CVE-2025-27391 in io.root.org.apache.activemq:artemis-project - Patched by Root

Root has patched CVE-2025-27391 in the io.root.org.apache.activemq:artemis-project package for Root:Maven. Multiple fixed versions available...

6.8CVSS5.6AI score0.00337EPSS

NVD•added 2026/06/11 7:16 a.m.•13 views

CVE-2026-41001

Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts...

5.3CVSS0.00094EPSS

CVE•added 2026/06/11 5:4 a.m.•43 views

CVE-2026-41001

CVE-2026-41001 affects Spring Boot’s ArtemisEmbeddedConfigurationFactory, which uses a fixed, static path for the embedded Artemis broker data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before appli...

EUVD•added 2026/06/11 5:4 a.m.•10 views

EUVD-2026-36211

Vulnrichment•added 2026/06/11 5:4 a.m.•8 views

CVE-2026-41001 Predictable Temp Directory in Artemis Auto-configuration

Cvelist•added 2026/06/11 5:4 a.m.•28 views

CVE-2026-41001 Predictable Temp Directory in Artemis Auto-configuration

5.3CVSS0.00094EPSS

Positive Technologies•added 2026/06/11 12:0 a.m.•11 views

PT-2026-48624

CNNVD•added 2026/06/11 12:0 a.m.•9 views

VMware Spring Boot 安全漏洞

VMware Spring Boot is an open-source framework developed by the American company VMware. There are security vulnerabilities in versions 4.0.0 to 4.0.6, 3.5.0 to 3.5.14, 3.4.0 to 3.4.16, 3.3.0 to 3.3.19, and 2.7.0 to 2.7.33 of VMware Spring Boot. These vulnerabilities stem from the use of fixed...

5.3CVSS5.3AI score0.00094EPSS

Snyk•added 2026/06/10 12:0 a.m.•4 views

Insecure Temporary File

Overview Affected versions of this package are vulnerable to Insecure Temporary File via the default data directory configuration in ArtemisEmbeddedConfigurationFactory. A local attacker can tamper with or redirect the embedded Artemis broker's data storage by pre-creating the predictable data...

5.3CVSS5.3AI score0.00094EPSS

RedhatCVE•added 2026/06/05 7:45 p.m.•8 views

CVE-2026-40914

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

4.3CVSS5.5AI score0.00372EPSS

Tenable Nessus•added 2026/05/29 12:0 a.m.•10 views

Apache Artemis 2.0.0 < 2.54.0 Incorrect Authorization (CVE-2026-40914)

The version of Apache Artemis formerly Apache ActiveMQ Artemis installed on the remote host is affected by a vulnerability: - A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an...

4.3CVSS5.8AI score0.00372EPSS

Snyk•added 2026/05/28 2:42 p.m.•6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the updateAddressInfo and createAddress methods. A user with consume or send permssions can modify the routing-type of an address - e.g. from ANYCAST to MULTICAST. Remediation Upgrade...

5.4CVSS5.8AI score0.00372EPSS

vulnersOsv•added 2026/05/28 2:42 p.m.•6 views

org.apache.artemis:apache-artemis (>=2.50.0 <=2.53.0), org.apache.artemis:artemis-features (>=2.50.0 <=2.53.0) +1 more potentially affected by CVE-2026-40914 via org.apache.artemis:artemis-stomp-protocol (>=2.50.0 <=2.53.0)

org.apache.artemis:artemis-stomp-protocol MAVEN version =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.53.0 Source cves: CVE-2026-40914 Source advisory: SNYK:JAVA-ORGAPACHEARTEMIS-17116516...

4.3CVSS5.4AI score0.00372EPSS

vulnersOsv•added 2026/05/28 2:42 p.m.•4 views

com.io7m.jsay:com.io7m.jsay (>=0.0.2 <=1.0.0), com.jkoolcloud.tnt4j.streams:tnt4j-streams-jms (>=1.14.2 <=2.3.0) +6 more potentially affected by CVE-2026-40914 via org.apache.activemq:artemis-stomp-protocol (>=2.0.0 <=2.4.0)

org.apache.activemq:artemis-stomp-protocol MAVEN version =2.0.0, =0.0.2, =1.14.2, =4.2.8, =2.0.0, =2.0.0, =2.31.1, =2.29.0, =2.44.0 Source cves: CVE-2026-40914 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-17116517...

4.3CVSS5.4AI score0.00372EPSS

NVD•added 2026/05/28 1:16 p.m.•11 views

CVE-2026-40914

4.3CVSS0.00372EPSS

Vulnrichment•added 2026/05/28 12:28 p.m.•8 views

CVE-2026-40914 Apache Artemis Stomp Protocol, Apache ActiveMQ Artemis Stomp Protocol: Address routing-type can be updated by STOMP protocol user without the createAddress permission

5.8AI score0.00372EPSS