Lucene search
K

32 matches found

NVD
NVD
added 2026/06/30 11:16 a.m.8 views

CVE-2026-50734

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The value is not validate and causes t...

7.5CVSS0.00796EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/03 9:33 p.m.7 views

CocoaMQTT: Denial of Service via Reachable Assertion in `PUBLISH` Packet Parsing

A vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker or a compromised/malicious MQTT broker to remotely crash the host iOS/macOS/tvOS application. The vulnerability is located in Source/FramePublish.swift during the extraction of the Topic string from the incomi...

6.5CVSS5.9AI score0.00318EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/03/04 10:16 p.m.6 views

CVE-2026-22040

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter, it is possible to reliably trigger heap memory...

5.3CVSS0.00222EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/04 9:55 p.m.4 views

CVE-2026-22040 NanoMQ 0.24.6 Use-After-Free Leading to Heap Corruption and Broker Crash

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter, it is possible to reliably trigger heap memory...

5.3CVSS5.9AI score0.00222EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/04 9:55 p.m.6 views

EUVD-2026-9497

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter, it is possible to reliably trigger heap memory...

5.3CVSS5.9AI score0.00222EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/04 9:55 p.m.22 views

CVE-2026-22040 NanoMQ 0.24.6 Use-After-Free Leading to Heap Corruption and Broker Crash

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter, it is possible to reliably trigger heap memory...

5.3CVSS0.00222EPSS
Exploits1References1
CVE
CVE
added 2026/03/04 9:55 p.m.21 views

CVE-2026-22040

The vulnerability CVE-2026-22040 affects NanoMQ (NanoMQ) Broker version 0.24.6. A crafted traffic pattern—high-frequency publishes with rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter—can reliably trigger a heap memory corruption in the Broker process, ca...

5.3CVSS5.9AI score0.00222EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/04 9:55 p.m.5 views

CVE-2026-22040 NanoMQ 0.24.6 Use-After-Free Leading to Heap Corruption and Broker Crash

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter, it is possible to reliably trigger heap memory...

5.3CVSS5.8AI score0.00222EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-0541

Malware in sbrugna...

7.5CVSS7.6AI score0.03977EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.18 views

EUVD-2010-3684

Malware in sbrugna...

4CVSS6.2AI score0.01504EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-32502

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.00761EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 8:22 a.m.8 views

CVE-2019-5432

A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding...

7.5CVSS6.8AI score0.01586EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2024-3935

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection...

6.5CVSS6.4AI score0.00761EPSS
Exploits1References2
Debian
Debian
added 2025/02/20 10:43 a.m.15 views

[SECURITY] [DLA 4059-1] mosquitto security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4059-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA February 20, 2025 https://wiki.debian.org/LTS -...

9.8CVSS7.1AI score0.579EPSS
Exploits2
OSV
OSV
added 2024/11/08 3:7 p.m.5 views

OESA-2024-2345 mosquitto security update

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...

9.8CVSS6.8AI score0.579EPSS
Exploits2References3
OSV
OSV
added 2024/11/08 3:7 p.m.4 views

OESA-2024-2344 mosquitto security update

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...

9.8CVSS6.8AI score0.579EPSS
Exploits2References3
NVD
NVD
added 2024/10/30 12:15 p.m.18 views

CVE-2024-3935

In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the...

6.5CVSS0.00761EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2024/05/29 5:16 p.m.7 views

CVE-2024-35512

hmq v1.5.5 is vulnerable to Denial of Service DoS due to a Null Pointer Exception. A remote attacker can trigger a broker crash by sending a specially crafted MQTT UNSUBSCRIBE packet with an illegal control character Topic. The failure to properly validate this field leads to a null pointer...

5.3CVSS5.8AI score0.00464EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/17 5:35 a.m.25 views

Denial of Service in Apache ActiveMQ

Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service file-descriptor exhaustion and broker crash or hang by sending many openwire failover:tcp:// connection requests...

5CVSS5.2AI score0.08984EPSS
Exploits1References11Affected Software1
OSV
OSV
added 2022/05/17 5:35 a.m.32 views

GHSA-9WCX-326R-7J7W Denial of Service in Apache ActiveMQ

Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service file-descriptor exhaustion and broker crash or hang by sending many openwire failover:tcp:// connection requests...

5CVSS6.9AI score0.08984EPSS
Exploits1References11
Rows per page
Query Builder