Lucene search
K

2649 matches found

Nuclei
Nuclei
added yesterday15 views

Apache ActiveMQ 6.x < 6.1.2 - Broken Access Control

Apache ActiveMQ 6.x contains an unauthenticated API web context caused by default configuration lacking security measures in the Jetty server, letting anyone interact with broker APIs and messaging layers, exploit requires no authentication. id: CVE-2024-32114 info: name: Apache ActiveMQ 6.x 6.1....

8.8CVSS7AI score0.0692EPSS
Exploits1References4
NVD
NVD
added 5 days ago6 views

CVE-2026-0276

A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user...

4.8CVSS0.00137EPSS
Exploits0References1
CVE
CVE
added 5 days ago6 views

CVE-2026-0276

CVE-2026-0276 describes a privilege escalation in Palo Alto Networks Cortex XDR Broker VM, enabling a locally authenticated user to perform actions as root. Public details in the provided documents are limited to the existence of a local-privilege escalation with low attack complexity and low imp...

4.8CVSS6AI score0.00137EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42690

A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user...

4.8CVSS6AI score0.00137EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-0276

A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user...

4.8CVSS6AI score0.00137EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-0276 Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability

A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user...

4.8CVSS0.00137EPSS
Exploits0References1
Fedora
Fedora
added 2026/07/06 3:10 p.m.17 views

[SECURITY] Fedora 43 Update: rust-busd-0.5.0-3.fc43

A D-Bus bus broker implementation...

5.9AI score
Exploits0
Fedora
Fedora
added 2026/07/06 2:55 p.m.10 views

[SECURITY] Fedora 44 Update: rust-busd-0.5.0-3.fc44

A D-Bus bus broker implementation...

5.9AI score
Exploits0
OSV
OSV
added 2026/07/06 5:47 a.m.4 views

BIT-ACTIVEMQ-2026-50750 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...

7.5CVSS5.9AI score0.00707EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 5:47 a.m.4 views

BIT-ACTIVEMQ-2026-49434 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: LdapNetworkConnector instantiates denied transports and a remote-properties broker

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS5.9AI score0.00659EPSS
Exploits0References3
NVD
NVD
added 2026/07/05 7:16 a.m.11 views

CVE-2026-14781

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS0.00196EPSS
Exploits0References2
CVE
CVE
added 2026/07/05 6:55 a.m.21 views

CVE-2026-14781

A flaw in Keycloak’s OIDC broker (org.keycloak.broker.oidc) causes incorrect synchronization of the email_verified claim. When trustEmail=true and the userinfo endpoint is enabled, Keycloak uses email from userinfo but takes email_verified from the id_token without validating that it corresponds ...

4.8CVSS6.1AI score0.00196EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/05 6:55 a.m.12 views

CVE-2026-14781

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS6.1AI score0.00196EPSS
Exploits0References3
NVD
NVD
added 2026/07/04 9:16 a.m.9 views

CVE-2026-14621

A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument...

3.1CVSS0.00299EPSS
Exploits0References7
CVE
CVE
added 2026/07/04 8:15 a.m.22 views

CVE-2026-14621

CVE-2026-14621 affects FederatedAI FATE (OSX Broker) up to 2.2.0. The vulnerability resides in QueuePushReqStreamObserver.initEggroll (file path java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java) where manipulation of rollSiteSessionId, dstRole, or dstPar...

3.1CVSS5.1AI score0.00299EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/04 8:15 a.m.34 views

CVE-2026-14621 FederatedAI FATE OSX Broker QueuePushReqStreamObserver.java QueuePushReqStreamObserver.initEggroll wrong session

A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument...

3.1CVSS0.00299EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.10 views

Apache ActiveMQ 5.19.7 < 5.19.8 / 6.2.6 < 6.2.7 DoS

The version of Apache ActiveMQ running on the remote host is 5.19.7 prior to 5.19.8 or 6.2.6 prior to 6.2.7. It is, therefore, affected by a denial of service vulnerability. - Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All...

7.5CVSS6AI score0.00707EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 8:42 p.m.25 views

EUVD-2026-12688

Keycloak: Unauthorized access via improper validation of encrypted SAML assertions...

7.7CVSS5.8AI score0.00241EPSS
Exploits0References11
F5 Networks
F5 Networks
added 2026/07/01 7:29 a.m.6 views

K000162017: Apache Artemis vulnerability CVE-2026-27446

Security Advisory Description Missing Authentication for Critical Function CWE-306 vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an...

9.8CVSS7.2AI score0.10629EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-53917

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An...

7.5CVSS6AI score0.00796EPSS
Exploits0References4
Rows per page
Query Builder