BIT-ACTIVEMQ-2026-34197 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

GHSA-9Q5M-JFC4-WC92 Tinyauth has OAuth account confusion via shared mutable state on singleton service instances

Summary All three OAuth service implementations GenericOAuthService, GithubOAuthService, GoogleOAuthService store PKCE verifiers and access tokens as mutable struct fields on singleton instances shared across all concurrent requests. When two users initiate OAuth login for the same provider...

Authorization Bypass Through User-Controlled Key

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the IdentityBrokerService.performLogin endpoint. An...

CVE-2026-3009

A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider IdP even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the...

CVE-2025-55677 Windows Device Association Broker Service Elevation of Privilege Vulnerability

...

CVE-2025-55677

CVE-2025-55677 affects the Windows Device Association Broker service and is caused by an untrusted pointer dereference that enables local elevation of privileges for an authenticated user. Microsoft corresponding fix is in KB5066835 (OS builds 26200.6899 and 26100.6899); applying these updates re...

EUVD-2025-34429

Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally...

CVE-2025-50174

CVE-2025-50174 is a use-after-free in the Windows Device Association Broker service that enables a local attacker to escalate privileges. Affected platforms include Windows OS versions addressed by KB5066835 (OS builds 26200.6899 and 26100.6899). Root cause: use-after-free in the broker service; ...

Windows Device Association Broker Service Elevation of Privilege Vulnerability

Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally...

Windows Device Association Broker Service Elevation of Privilege Vulnerability

Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally...

CVE-2025-61779 Trustee's attestation-policy endpoint is not protected by admin autentication

Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated had the right key...

EUVD-2025-4908

Malicious code in bioql PyPI...

CVE-2024-37600

An issue was discovered in Mercedes Benz NTG New Telematics Generation 6 through 2021. A possible stack buffer overflow in the Service Broker service affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of the head unit base board is needed. With a static IP address,...

CVE-2024-37600

CVE-2024-37600 concerns Mercedes-Benz NTG (MBUX) head units (6 through 2021) with a stack buffer overflow in the Service Broker service (MoCCA). Exploitation requires physical access to the head unit’s base-board Ethernet pins and a static IP on the internal network; an attacker can send crafted ...

CVE-2024-37600

An issue was discovered in Mercedes Benz NTG New Telematics Generation 6 through 2021. A possible stack buffer overflow in the Service Broker service affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of the head unit base board is needed. With a static IP address,...

Mercedes-Benz NTG 安全漏洞

Mercedes-Benz NTG is an automobile from Mercedes-Benz Germany. A security vulnerability exists in Mercedes-Benz NTG 6 that originates from a stack buffer overflow in the Service Broker service. An attacker exploiting this vulnerability could cause the Service-Broker service to crash...

CVE-2024-8012

An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 10.19.0.0 allows a local authenticated attacker to escalate their privileges...

CVE-2024-8012

Ivanti Workspace Control is affected by CVE-2024-8012, an authentication bypass in the message broker service that enables local privilege escalation for a locally authenticated attacker. Affected versions are Ivanti Workspace Control up to 2025.2 (10.19.0.0); remediation is to upgrade to 2025.2 ...

Citrix Delivery Controllers generates Event ID 505 and Event ID 3602 continuously

Upgrading CVAD version to 2308 generates“Citrix ConfigSync Service” with "Event ID “505 ” and "Citrix High Availability Service" with "Event ID 3602" The Citrix Config Sync Service failed an import. Error details: Error importing configuration data into secondary Broker...

Cannot set StoreFront HTTP Port on DDC, if it was used for HTTPS before

Error when StoreFront HTTP port is set on DDC, if the same port was set for HTTPS previously. We start getting this event logged. Source: Citrix Broker Service ID: 2014 General: One of the XML ports is in use by another process. Unable to listen for XML requests on the Citrix Broker Service. To...