CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

53 matches found

OSV•added 2026/06/01 9:16 a.m.•7 views

UBUNTU-CVE-2026-45505

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

8.8CVSS6.6AI score0.87048EPSS

Exploits12References5

vulnersOsv•added 2026/04/24 12:30 p.m.•5 views

be.yildiz-games:module-messaging-activemq (=2.0.0), com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.108.0) +102 more potentially affected by CVE-2026-41043 via org.apache.activemq:activemq-broker (>=6.0.0 <=6.2.4)

org.apache.activemq:activemq-broker MAVEN version =6.0.0, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =0.2.2, =1.4.0, =2.2.0 and more Source cves: CVE-2026-41043 Source advisory: OSV:GHSA-2JP3-2923-9H52...

6.5CVSS5.4AI score0.00427EPSS

Exploits0

Github Security Blog•added 2026/04/24 12:30 p.m.•7 views

Apache ActiveMQ Vulnerable to Improper Input Validation and Code Injection

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

8.8CVSS7.9AI score0.87048EPSS

Exploits12References3Affected Software3

vulnersOsv•added 2026/04/24 11:18 a.m.•5 views

at.chrl:chrl-jms (=1.1.0), at.researchstudio.sat:won-core (>=0.2 <=0.9) +1035 more potentially affected by CVE-2026-41044 via org.apache.activemq:activemq-broker (>=5.10.0 <=5.19.4)

org.apache.activemq:activemq-broker MAVEN version =5.10.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 - at.researchstudio.sat:won-owner =0.3 - at.researchstudio.sat:won-owner-webapp =0.3 and more Source cves: CVE-2026-41044 Source advisory:...

8.8CVSS5.8AI score0.0069EPSS

Exploits0

Debian CVE•added 2026/04/24 10:15 a.m.•3 views

CVE-2026-40466

8.8CVSS6.6AI score0.04169EPSS

Exploits12

CVE•added 2026/04/24 10:15 a.m.•60 views

CVE-2026-40466

CVE-2026-40466 affects Apache ActiveMQ components (Broker, All, and ActiveMQ) with vulnerable versions prior to 5.19.6 and 6.0.0–6.2.4/6.2.5 before patch. The issue is due to improper input validation and code injection: an authenticated attacker can bypass CVE-34197 by adding a network connector...

8.8CVSS8.6AI score0.87048EPSS

In wildExploits12References1Affected Software1

OSV•added 2026/04/07 9:31 a.m.•3 views

GHSA-RXPJ-7QVF-XV32 Authenticated Apache ActiveMQ Broker and Apache ActiveMQ users could perform RCE via Jolokia MBeans

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

8.8CVSS7.8AI score0.87048EPSS

Exploits12References5

NVD•added 2026/04/07 9:16 a.m.•4 views

CVE-2026-34197

8.8CVSS0.87048EPSS

Exploits12References3

Positive Technologies•added 2026/04/07 12:0 a.m.•3 views

PT-2026-30805

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.7 Apache ActiveMQ Broker versions 6.0.0 through 6.2.5 Apache ActiveMQ All versions prior to 5.19.7 Apache ActiveMQ All versions 6.0.0 through 6.2.5 Apache ActiveMQ versions prior to 5.19.7 Apache...

9CVSS7AI score0.87048EPSS

Exploits12References234

Snyk•added 2026/03/04 9:31 a.m.•4 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the Core protocol implementation. A malicious broker can force a broker to establish an outbound Core federation connection to it, and use it to inject or exfiltrate messages from the...

9.8CVSS5.8AI score0.08341EPSS

Exploits1References2

RedhatCVE•added 2026/01/09 9:59 a.m.•8 views

CVE-2020-7650

All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json...

6.5CVSS6.9AI score0.0113EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:58 a.m.•8 views

CVE-2020-7654

All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG...

7.5CVSS6.8AI score0.01122EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:58 a.m.•6 views

CVE-2023-45851

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI devi...

8.8CVSS6.8AI score0.00447EPSS

Exploits0References1