Lucene search
K

1045 matches found

Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-57216 RabbitMQ: AMQP 1.0, AMQP 0-9-1, Stream Protocol loopback enforcement can lead to remote guest sessions due to listener-address loopback checks

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication can allow a loopback-restricted user such as guest to connect remotely when traffic is accepted through a trusted PROXY-protocol path and the backend...

6.8CVSS0.00341EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-15318

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago15 views

PT-2026-56582

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.3 NATS Server versions prior to 2.12.12 Description A WebSocket listener may route requests for the MQTT-over-WebSocket path to MQTT handling processes even if MQTT is not configured. This allows an...

7.5CVSS6.1AI score0.00593EPSS
Exploits0References10
OSV
OSV
added 2026/07/07 11:45 a.m.3 views

PYSEC-2026-1131 Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...

7.5CVSS7AI score0.01203EPSS
Exploits0References7
Fedora
Fedora
added 2026/06/17 8:44 a.m.11 views

[SECURITY] Fedora 44 Update: librabbitmq-0.16.0-1.fc44

This is a C-language AMQP client library for use with AMQP servers speaking protocol versions 0-9-1...

5.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.11 views

CVE-2026-44838

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

8.1CVSS5.5AI score0.0025EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 3:36 a.m.13 views

EUVD-2026-34200

The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...

9.8CVSS5.8AI score0.0032EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 8:38 a.m.9 views

CVE-2026-49199 Predator Connect W6x: RCE via MQTT

Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device...

10CVSS6.2AI score0.01338EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 3:3 p.m.9 views

CVE-2026-44838 RabbitMQ MQTT Topic Permission Authorization Bypass

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

5.3CVSS5.8AI score0.0025EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/15 12:0 a.m.12 views

Security Analysis of a Communication Protocol: MQTT

This paper analyzes the security of the Message Queuing Telemetry Transport MQTT protocol in the context of the Internet of Things IoT. The main objective consists of identifying vulnerabilities and proposing security improvements. Adopting a hybrid methodology, a theoretical review was combined...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.13 views

CVE-2026-33838

Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally...

7.8CVSS7.1AI score0.00398EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.13 views

CVE-2026-34329

Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network...

8.8CVSS6.1AI score0.00461EPSS
Exploits0References1
OSV
OSV
added 2026/05/13 7:17 p.m.11 views

DEBIAN-CVE-2026-44248

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader method is called before the...

7.5CVSS5.9AI score0.00455EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.10 views

PT-2026-40614

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2026.1.21 and 2026.2.5 Microsoft Message Queuing versions prior to Windows Server 2025 Description Devolutions Server contains improper access control in PAM account discovery, which allows an authenticated user to...

4.3CVSS6.5AI score0.00162EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/12 6:30 p.m.9 views

EUVD-2026-29584

Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally...

7.8CVSS7.1AI score0.00398EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.9 views

EUVD-2026-29588

Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network...

8.8CVSS6.1AI score0.00461EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 6:17 p.m.16 views

CVE-2026-34329

Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network...

8.8CVSS0.00461EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 6:17 p.m.10 views

CVE-2026-33838

Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00398EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 4:59 p.m.31 views

CVE-2026-33838 Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability

...

7.8CVSS0.00398EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 4:59 p.m.12 views

CVE-2026-33838 Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability

...

7.8CVSS7.1AI score0.00398EPSS
Exploits0References1
Rows per page
Query Builder