Lucene search
K

28 matches found

OSV
OSV
added 2026/06/24 1:12 p.m.6 views

OESA-2026-2723 activemq security update

The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies...

8.8CVSS6.5AI score0.01107EPSS
Exploits2References7
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.13 views

CVE-2026-45505

A flaw was found in Apache ActiveMQ. This vulnerability allows an authenticated attacker to bypass a previous fix for CVE-2026-34197 by using non-parenthesized discovery wrappers. By crafting a malicious discovery URI, the attacker can trigger the VM transport's brokerConfig parameter to load a...

8.8CVSS6.3AI score0.00577EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.11 views

CVE-2026-42588

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

8.1CVSS6.2AI score0.00546EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2026/06/06 5:47 a.m.105 views

Exploit for Improper Input Validation in Apache Activemq

CVE-2026-42588 – Apache ActiveMQ Jolokia Remote Code Execution...

8.1CVSS6.8AI score0.00546EPSS
Exploits2
OSV
OSV
added 2026/06/05 5:38 a.m.10 views

BIT-ACTIVEMQ-2026-42588 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

8.1CVSS6.2AI score0.00546EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-42588

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ...

8.1CVSS6.5AI score0.00546EPSS
Exploits2References3
Snyk
Snyk
added 2026/06/01 10:29 a.m.7 views

Improper Input Validation

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Improper Input Validation through the addNetworkConnector function exposed via the Jolokia JMX-HTTP bridge. An attacker can achieve arbitrary code...

8.6CVSS6.2AI score0.00546EPSS
Exploits2References2
NVD
NVD
added 2026/06/01 9:16 a.m.52 views

CVE-2026-42588

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

8.1CVSS0.00546EPSS
Exploits2References2
NVD
NVD
added 2026/06/01 9:16 a.m.18 views

CVE-2026-45505

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

8.8CVSS0.00577EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 9:16 a.m.22 views

UBUNTU-CVE-2026-45505

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

8.8CVSS6.6AI score0.96666EPSS
Exploits13References5
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:23 a.m.12 views

CVE-2026-42588

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

6.4AI score0.00546EPSS
Exploits2References2Affected Software3
OSV
OSV
added 2026/06/01 7:23 a.m.4 views

CVE-2026-42588 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

8.1CVSS7.8AI score0.00546EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:22 a.m.15 views

CVE-2026-45505

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

8.8CVSS7.2AI score0.96666EPSS
Exploits13References3Affected Software3
EUVD
EUVD
added 2026/06/01 7:22 a.m.21 views

EUVD-2026-33576

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

8.8CVSS7.2AI score0.96666EPSS
Exploits13References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

Apache ActiveMQ 安全漏洞

Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a security vulnerability in Apache ActiveMQ. This vulnerability stems from the default access policy of the...

8.1CVSS6.2AI score0.00546EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.19 views

PT-2026-45376

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.7 Apache ActiveMQ Broker versions 6.0.0 through 6.2.5 Apache ActiveMQ All versions prior to 5.19.7 Apache ActiveMQ All versions 6.0.0 through 6.2.5 Apache ActiveMQ versions prior to 5.19.7 Apache...

8.8CVSS6AI score0.00577EPSS
Exploits0References23
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.19 views

PT-2026-45373

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.7 Apache ActiveMQ Broker versions 6.0.0 through 6.2.5 Apache ActiveMQ All versions prior to 5.19.7 Apache ActiveMQ All versions 6.0.0 through 6.2.5 Apache ActiveMQ versions prior to 5.19.7 Apache...

8.5CVSS7.5AI score0.00546EPSS
Exploits2References24
GithubExploit
GithubExploit
added 2026/05/18 3:30 a.m.110 views

Exploit for Improper Input Validation in Apache Activemq

CVE-2026-34197 Description \ Improper Input Validation, Imp...

8.8CVSS7.6AI score0.96666EPSS
Exploits13
VulnCheck KEV
VulnCheck KEV
added 2026/04/13 12:0 a.m.33 views

VulnCheck KEV: CVE-2026-34197

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

8.8CVSS7.8AI score0.96666EPSS
In wildExploits13References26
OSV
OSV
added 2026/04/09 8:36 a.m.7 views

BIT-ACTIVEMQ-2026-34197 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

8.8CVSS6.4AI score0.96666EPSS
Exploits13References7
Rows per page
Query Builder