ROOT-APP-MAVEN-CVE-2026-34197 CVE-2026-34197 in io.root.org.apache.activemq:activemq-broker - Patched by Root

Root has patched CVE-2026-34197 in the io.root.org.apache.activemq:activemq-broker package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-41043 CVE-2026-41043 in io.root.org.apache.activemq:activemq-broker - Patched by Root

Root has patched CVE-2026-41043 in the io.root.org.apache.activemq:activemq-broker package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-41044 CVE-2026-41044 in io.root.org.apache.activemq:activemq-broker - Patched by Root

Root has patched CVE-2026-41044 in the io.root.org.apache.activemq:activemq-broker package for Root:Maven. Multiple fixed versions available...

GHSA-PHWJ-RPRQ-35PP vulnerabilities

Vulnerabilities for packages: pact-broker-docker, ruby3.2-rails, ruby4.0-rails, pact-broker-docker-fips, ruby3.3-rails, logstash, ruby3.4-rails, logstash-fips, kube-logging-operator...

GHSA-P67V-3W7G-WJG7 vulnerabilities

Vulnerabilities for packages: pact-broker-docker, ruby3.2-rails, ruby4.0-rails, pact-broker-docker-fips, ruby3.3-rails, logstash, ruby3.4-rails, logstash-fips, kube-logging-operator...

GHSA-8678-W3JW-XFC2 vulnerabilities

Vulnerabilities for packages: pact-broker-docker, ruby3.2-rails, ruby4.0-rails, pact-broker-docker-fips, ruby3.3-rails, logstash, ruby3.4-rails, logstash-fips, kube-logging-operator...

GHSA-5V8H-3H3Q-446P vulnerabilities

Vulnerabilities for packages: pact-broker-docker, ruby3.2-rails, ruby4.0-rails, pact-broker-docker-fips, ruby3.3-rails, logstash, ruby3.4-rails, logstash-fips, kube-logging-operator...

GHSA-WJV4-X9W8-WM3H vulnerabilities

Vulnerabilities for packages: pact-broker-docker, ruby3.2-rails, ruby4.0-rails, pact-broker-docker-fips, ruby3.3-rails, logstash, ruby3.4-rails, logstash-fips, kube-logging-operator...

GHSA-5PRR-V3J2-97MH vulnerabilities

Vulnerabilities for packages: pact-broker-docker, ruby3.2-rails, ruby4.0-rails, pact-broker-docker-fips, ruby3.3-rails, logstash, ruby3.4-rails, logstash-fips, kube-logging-operator...

GHSA-WFPW-MMFH-QQ69 vulnerabilities

Vulnerabilities for packages: pact-broker-docker, ruby3.2-rails, ruby4.0-rails, pact-broker-docker-fips, ruby3.3-rails, logstash, ruby3.4-rails, logstash-fips, kube-logging-operator...

GHSA-9CV2-CFXC-V4V2 vulnerabilities

Vulnerabilities for packages: pact-broker-docker, ruby3.2-rails, ruby4.0-rails, pact-broker-docker-fips, ruby3.3-rails, logstash, ruby3.4-rails, logstash-fips, kube-logging-operator...

Apache ActiveMQ 6.x < 6.1.2 - Broken Access Control

Apache ActiveMQ 6.x contains an unauthenticated API web context caused by default configuration lacking security measures in the Jetty server, letting anyone interact with broker APIs and messaging layers, exploit requires no authentication. id: CVE-2024-32114 info: name: Apache ActiveMQ 6.x 6.1....

CVE-2026-34023

The CVE-2026-34023 issue affects Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) and is caused by an incorrect authorization in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with low-privilege branch credentials can manipulat...

CVE-2026-54412

CVE-2026-54412 affects LiamBindle MQTT-C up to v1.1.6. The vulnerability is a heap-based out-of-bounds read and integer underflow in mqtt_unpack_publish_response() (src/mqtt.c). A broker-controlled or injected PUBLISH packet can allow a remote unauthenticated attacker to crash a subscribed MQTT-C...

GHSA-H2QV-FJ59-J46J vulnerabilities

Vulnerabilities for packages: apache-hop, apache-hop-fips, hono, management-api-for-apache-cassandra-5.0, knative-kafka-broker-fips, thingsboard, zipkin, apicurio-registry, pinot, keycloak-fips, pinot-fips, celeborn, apache-activemq-artemis, neo4j, knative-kafka-broker, request-9047-keycloak-fips...

CVE-2026-48059 vulnerabilities

Vulnerabilities for packages: apache-hop, apache-hop-fips, hono, management-api-for-apache-cassandra-5.0, knative-kafka-broker-fips, thingsboard, zipkin, apicurio-registry, pinot, keycloak-fips, pinot-fips, celeborn, apache-activemq-artemis, neo4j, knative-kafka-broker, request-9047-keycloak-fips...

CVE-2026-10142

A flaw was found in kafka-python. A malicious broker or a machine-in-the-middle attacker can exploit a denial-of-service vulnerability in the protocol parser. By sending a specially crafted 4-byte frame length value without proper bounds validation, an attacker can trigger excessive memory...

CVE-2026-50085

The Aqara Board service op-test.aqara.com accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS...

CVE-2026-10557

The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are readily extractable via APK decompilation. The credentials provide access to cloud MQTT brokers...

EUVD-2026-36475

The Aqara Board service op-test.aqara.com accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS...