CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2 days ago•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-49157

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia...

OSV•added 3 days ago•3 views

Exploits0References3

UBUNTU-CVE-2026-49157

Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...

ATTACKERKB•added 3 days ago•6 views

Exploits0References5

CVE-2026-49157

5.8AI score0.0007EPSS

Exploits0References2Affected Software1

Cvelist•added 3 days ago•32 views

CVE-2026-49157 Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default

0.0007EPSS

Debian CVE•added 3 days ago•9 views

CVE-2026-49157

Vulnrichment•added 3 days ago•4 views

Exploits0

CVE-2026-49157 Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default

5.8AI score0.0007EPSS

CVE•added 3 days ago•14 views

CVE-2026-49157

CVE-2026-49157 affects Apache ActiveMQ prior to 5.19.7 and prior to 6.2.6 for 6.x. The vulnerability arises from default Jolokia authorization settings that grant non-admin (low-privilege) web-login accounts access to broker-management operations (e.g., addQueue, removeQueue). This can impact con...

Exploits0References2Affected Software1

Positive Technologies•added 3 days ago•6 views

PT-2026-45381

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.7 Apache ActiveMQ versions 6.0.0 through 6.2.5 Description Incorrect default permissions in Jolokia authorization settings allow authenticated low-privilege web-login accounts to access operations intende...

8.8CVSS5.9AI score0.0007EPSS

Exploits0References7

Snyk•added last week•2 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to insecure default permissions that grant regular users elevated privileges. An attacker can gain unauthorized access to host files and execute code with root-level privileges by leveraging authenticat...

Snyk•added last week•3 views

Incorrect Default Permissions

Snyk•added last week•2 views

Incorrect Default Permissions

Snyk•added last week•3 views

Incorrect Default Permissions

Vulnrichment•added last week•5 views

CVE-2026-33590 Insecure default permissions in Portainer CE

Insecure default settings of Portainer CE grant regular non-admin users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent access on the...

9.4CVSS5.9AI score0.00056EPSS

Exploits0References3

Cvelist•added last week•25 views

CVE-2026-33590 Insecure default permissions in Portainer CE

9.4CVSS0.00056EPSS

Exploits0References3

Vulnrichment•added 2026/05/26 6:39 a.m.•6 views

CVE-2026-44469 Incorrect Default Permissions in CODESYS Development System

The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before...

8.5CVSS5.8AI score0.00011EPSS

CVE•added 2026/05/26 6:39 a.m.•8 views

CVE-2026-44469

The CVE-2026-44469 entry concerns CODESYS Development System. During administrative installation, installation files are extracted to a temporary directory with incorrect default permissions. A low-privileged local attacker could exploit a TOCTOU race condition within a practical time window to r...

8.5CVSS5.8AI score0.00011EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/26 6:37 a.m.•35 views

CVE-2026-44468 Incorrect Default Permissions in CODESYS Development System

The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary...

8.5CVSS0.00011EPSS

Tenable Nessus•added 2026/05/22 12:0 a.m.•4 views

Progress MOVEit Automation 2025.0.x < 2025.0.11 / 2025.1.x < 2025.1.7 Multiple Vulnerabilities

The version of Progress MOVEit Automation installed on the remote host is 2025.0.x prior to 2025.0.11 or 2025.1.x prior to 2025.1.7. It is, therefore, affected by multiple vulnerabilities: - Uncontrolled Memory Allocation vulnerability allows excessive allocation. CVE-2026-8485 - Allocation of...

7.5CVSS5.8AI score0.00208EPSS

Exploits0References5

NVD•added 2026/05/20 4:16 p.m.•6 views

CVE-2026-8487

Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7...

7.5CVSS0.00109EPSS