Lucene search
K

14 matches found

OSV
OSV
added 2026/07/06 5:47 a.m.4 views

BIT-ACTIVEMQ-2026-50750 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...

7.5CVSS5.9AI score0.00707EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:16 a.m.5 views

UBUNTU-CVE-2026-50750

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...

7.5CVSS5.8AI score0.00707EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/30 9:51 a.m.7 views

EUVD-2026-40280

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...

7.5CVSS5.8AI score0.00707EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 9:51 a.m.7 views

CVE-2026-50750

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...

5.8AI score0.00707EPSS
Exploits0References2Affected Software3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-53842

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions 5.19.7 through 5.19.7 Apache ActiveMQ Broker versions 6.2.6 through 6.2.6 Apache ActiveMQ versions 5.19.7 through 5.19.7 Apache ActiveMQ versions 6.2.6 through 6.2.6 Apache ActiveMQ All versions 5.19.7 through...

7.5CVSS5.9AI score0.00707EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.11 views

CVE-2026-49270

A flaw was found in Apache ActiveMQ. An unauthenticated attacker can exploit this vulnerability when brokers are configured with a network connector with syncDurableSubs set to true. By sending a BrokerInfo command, the attacker can receive a list of all durable topic subscriptions, including...

7.5CVSS5.6AI score0.00328EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/01 10:26 a.m.9 views

Exposure of Sensitive Information Through Metadata

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata in the BrokerInfo component. An attacker can obtain sensitive metadata, including client...

8.2CVSS5.5AI score0.00328EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 9:16 a.m.27 views

CVE-2026-49270

Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurableSubs set to true, are vulnerable to an unauthenticated attacker who can receive a list of all...

5.9CVSS0.00328EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/01 7:19 a.m.20 views

CVE-2026-49270 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire)

Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurableSubs set to true, are vulnerable to an unauthenticated attacker who can receive a list of all...

5.8AI score0.00328EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 7:19 a.m.14 views

EUVD-2026-33573

Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurableSubs set to true, are vulnerable to an unauthenticated attacker who can receive a list of all...

5.9CVSS5.8AI score0.00328EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 7:19 a.m.46 views

CVE-2026-49270

Issue summary: CVE-2026-49270 in Apache ActiveMQ components exposes sensitive subscription metadata when a broker with a network connector using syncDurableSubs=true answers a BrokerInfo command without authenticating the connection. Affected products/versions (per sources): Apache ActiveMQ Broke...

5.9CVSS5.8AI score0.00328EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/06/01 7:19 a.m.56 views

CVE-2026-49270 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire)

Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurableSubs set to true, are vulnerable to an unauthenticated attacker who can receive a list of all...

0.00328EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 7:19 a.m.3 views

CVE-2026-49270 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire)

Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurableSubs set to true, are vulnerable to an unauthenticated attacker who can receive a list of all...

5.9CVSS6AI score0.00328EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

Apache ActiveMQ 安全漏洞

Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a security vulnerability in Apache ActiveMQ. This vulnerability arises when the network connector...

5.9CVSS5.3AI score0.00328EPSS
Exploits0References3
Rows per page
Query Builder