Lucene search
K

232 matches found

Nuclei
Nuclei
added yesterday44 views

Jolokia 1.3.7 - Cross-Site Scripting

Jolokia 1.3.7 is vulnerable to cross-site scripting in the HTTP servlet and allows an attacker to execute malicious JavaScript in the victim's browser. id: CVE-2018-1000129 info: name: Jolokia 1.3.7 - Cross-Site Scripting author: mavericknerd,0h1in9e,daffainfo severity: medium description: |...

6.1CVSS6.7AI score0.25459EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday20 views

Apache ActiveMQ - Remote Code Execution via HTTP Discovery Transport Bypass

Apache ActiveMQ before 5.19.6 and 6.0.0 through 6.2.4 is vulnerable to remote code execution via a bypass of the CVE-2026-34197 security fix. The original fix blocked the "vm://" transport scheme in BrokerView.addNetworkConnector and BrokerView.addConnector to prevent authenticated attackers from...

8.8CVSS7.2AI score0.96666EPSS
Exploits13References4
Nuclei
Nuclei
added yesterday23 views

Apache ActiveMQ < 5.16.5/5.17.3 - Remote Code Execution

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

8.8CVSS7.1AI score0.8581EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday177 views

Jolokia Agent - JNDI Code Injection

Jolokia agent is vulnerable to a JNDI injection vulnerability that allows a remote attacker to run arbitrary Java code on the server when the agent is in proxy mode. id: CVE-2018-1000130 info: name: Jolokia Agent - JNDI Code Injection author: milo2012 severity: high description: | Jolokia agent i...

8.1CVSS7.2AI score0.73566EPSS
Exploits1References5
Nuclei
Nuclei
added 3 days ago26 views

Apache ActiveMQ - Remote Code Execution

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

8.8CVSS7.2AI score0.96666EPSS
Exploits13References3
OSV
OSV
added 2026/06/24 1:12 p.m.4 views

OESA-2026-2724 activemq security update

The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies...

8.8CVSS6.5AI score0.01107EPSS
Exploits2References7
OSV
OSV
added 2026/06/24 1:12 p.m.6 views

OESA-2026-2723 activemq security update

The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies...

8.8CVSS6.5AI score0.01107EPSS
Exploits2References7
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.11 views

CVE-2026-49157

A flaw was found in Apache ActiveMQ. The default authorization settings for Jolokia, a management interface, incorrectly allowed non-administrative web-login accounts to access and execute critical broker management operations. This could enable a low-privilege attacker to perform actions typical...

8.8CVSS5.7AI score0.00424EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.13 views

CVE-2026-45505

A flaw was found in Apache ActiveMQ. This vulnerability allows an authenticated attacker to bypass a previous fix for CVE-2026-34197 by using non-parenthesized discovery wrappers. By crafting a malicious discovery URI, the attacker can trigger the VM transport's brokerConfig parameter to load a...

8.8CVSS6.3AI score0.00577EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.11 views

CVE-2026-42588

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

8.1CVSS6.2AI score0.00546EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2026/06/06 12:39 p.m.78 views

Exploit for Improper Input Validation in Apache Activemq

CVE-2026-34197 - Apache ActiveMQ RCE via Jolokia 1. Overvi...

8.8CVSS6.4AI score0.96666EPSS
Exploits13
GithubExploit
GithubExploit
added 2026/06/06 5:47 a.m.104 views

Exploit for Improper Input Validation in Apache Activemq

CVE-2026-42588 – Apache ActiveMQ Jolokia Remote Code Execution...

8.1CVSS6.8AI score0.00546EPSS
Exploits2
Rapid7 Blog
Rapid7 Blog
added 2026/06/05 5:1 p.m.15 views

Weekly Metasploit Update: Apache ActiveMQ RCE, Gogs Rebase RCE, and Windows Kernel Pointer Enum

When Open Source is a bit too Open Several fun modules landed this week, including an Apache RCE, Windows Kernel pointer collection, and Gogs RCE via naming. Leading off is Gogs' RCE that allows an attacker to execute commands by naming their branch --exec and requesting a rebase. Another useful...

8.8CVSS7.5AI score0.96666EPSS
Exploits13
OSV
OSV
added 2026/06/05 5:38 a.m.13 views

BIT-ACTIVEMQ-2026-49157 Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default

Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...

8.8CVSS5.4AI score0.00424EPSS
Exploits0References3
OSV
OSV
added 2026/06/05 5:38 a.m.13 views

BIT-ACTIVEMQ-2026-45505 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

8.8CVSS6.3AI score0.96666EPSS
Exploits13References3
OSV
OSV
added 2026/06/05 5:38 a.m.10 views

BIT-ACTIVEMQ-2026-42588 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

8.1CVSS6.2AI score0.00546EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.11 views

Apache ActiveMQ < 5.19.7 / 6.x < 6.2.6 Multiple Vulnerabilities

The version of Apache ActiveMQ running on the remote host is prior to 5.19.7 or 6.x prior to 6.2.6. It is, therefore, affected by multiple vulnerabilities: - Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ...

8.8CVSS7.3AI score0.96666EPSS
Exploits13References6
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-45505

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ...

8.8CVSS7.2AI score0.96666EPSS
Exploits13References4
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-42588

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ...

8.1CVSS6.5AI score0.00546EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-49157

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia...

8.8CVSS6AI score0.00424EPSS
Exploits0References4
Rows per page
Query Builder