12374 matches found
PT-2026-35657
CVE-2026-42510 OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface. https://t.co/7WlPP7580G...
OpenStack Ironic 安全漏洞
OpenStack Ironic is an integrated OpenStack application developed under the OpenStack open source framework. It is used to configure bare machines rather than virtual machines. Versions of OpenStack Ironic prior to 35.0.1 contained a security vulnerability, which was due to allowing ipmitool to b...
runc: container escape with malicious config due to /dev/console mount and related races
A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount to /dev/pts/$n, if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount...
CVE-2026-7041 666ghj MiroFish Werkzeug Debugger PIN console information disclosure
A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack...
EUVD-2026-25717
A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack...
CVE-2026-39920 BridgeHead FileStore < 24A Apache Axis2 Default Credentials RCE
BridgeHead FileStore versions prior to 24A released in early 2024 expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console...
Apache ActiveMQ Vulnerable to Cross-site Scripting
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML instead of XML and by injecting...
GHSA-MR6M-XJ7V-3CV3 Apache ActiveMQ Vulnerable to Code Injection
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...
org.apache.activemq:activemq-osgi (>=6.0.0 <=6.2.3), org.apache.activemq:activemq-web-console (>=6.0.0 <=6.2.3) +2 more potentially affected by CVE-2026-41043 via org.apache.activemq:activemq-web (>=6.0.0 <=6.2.3)
org.apache.activemq:activemq-web MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.3 Source cves: CVE-2026-41043 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-16323116...
Cross-site Scripting (XSS)
Overview org.apache.activemq:activemq-web is a message broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the JMS selector field in the web console. An attacker can display malicious content in the browser by injecting HTML and...
CVE-2026-41043
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML instead of XML and by injecting...
CVE-2026-41044
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...
CVE-2026-41044
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...
CVE-2026-41043
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML instead of XML and by injecting...
CVE-2026-41043
CVE-2026-41043 describes an XSS vulnerability in Apache ActiveMQ and Apache ActiveMQ Web. An authenticated attacker can cause the web console queues page to render HTML content by overriding the content type from XML to HTML and injecting HTML into a JMS selector field, leading to basic HTML/scri...
CVE-2026-41043 Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML instead of XML and by injecting...
CVE-2026-41043 Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML instead of XML and by injecting...
CVE-2026-27843
A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network settings, an attacker can...
SenseLive X3050 访问控制错误漏洞
The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a access control vulnerability. This vulnerability stems from the Web management interface, which allows modification of critical configuration...
Apache ActiveMQ和Apache ActiveMQ Web 跨站脚本漏洞
Apache ActiveMQ and Apache ActiveMQ Web are products of the Apache Foundation in the United States. Apache ActiveMQ is an open-source messaging middleware that supports Java Message Service, clustering, Spring Framework, etc. Apache ActiveMQ Web is a web-based control component that provides...