CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

37 matches found

CVE-2026-42588

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

8.1CVSS0.00056EPSS

Exploits0References2

OSV•added 2 days ago•4 views

UBUNTU-CVE-2026-42588

8.1CVSS6.4AI score0.00056EPSS

Exploits0References5

Cvelist•added 2 days ago•25 views

CVE-2026-42588 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector

0.00056EPSS

Exploits0References1

EUVD•added 2 days ago•7 views

EUVD-2026-33577

8.1CVSS6.4AI score0.00056EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•6 views

CVE-2026-42588

6.4AI score0.00056EPSS

Exploits0References2Affected Software3

Vulnrichment•added 2 days ago•5 views

CVE-2026-45505 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

6.4AI score0.001EPSS

Exploits0References2

Metasploit•added 5 days ago•52 views

Apache ActiveMQ RCE via Jolokia addNetworkConnector

Apache ActiveMQ exposes a Jolokia JMX-over-HTTP API at /api/jolokia/. An authenticated attacker can invoke the addNetworkConnector MBean operation with a crafted URI that causes the broker to fetch a remote Spring XML configuration over HTTP. The Spring XML instantiates a ProcessBuilder bean that...

8.8CVSS6AI score0.83461EPSS

Exploits11

Packet Storm•added 5 days ago•30 views

📄 Apache ActiveMQ Jolokia AddNetworkConnector Remote Code Execution

8.8CVSS6.7AI score0.83461EPSS

Exploits11

RedhatCVE•added 2026/05/04 9:24 a.m.•4 views

CVE-2026-41044

A flaw was found in Apache ActiveMQ. An authenticated attacker can exploit an improper input validation vulnerability in the admin web console to craft a malicious broker name. This malicious name, containing an xbean binding, can be used by a virtual machine VM transport to load a remote Spring...

8.8CVSS6.2AI score0.00073EPSS

Exploits0References5

Tenable Nessus•added 2026/04/30 12:0 a.m.•3 views

Apache ActiveMQ < 5.19.6 / 6.x < 6.2.5 Multiple Vulnerabilities

The version of Apache ActiveMQ running on the remote host is prior to 5.19.6 or 6.x prior to 6.2.5. It is, therefore, affected by multiple vulnerabilities: - An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport via...

8.8CVSS7.8AI score0.83461EPSS

Exploits11References6

OSV•added 2026/04/28 8:37 a.m.•0 views

BIT-ACTIVEMQ-2026-41044 Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...

8.8CVSS6.6AI score0.00073EPSS

Exploits0References3

OSV•added 2026/04/24 12:30 p.m.•1 views

GHSA-W3W2-MPP5-92GM Apache ActiveMQ Vulnerable to Improper Input Validation and Code Injection

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

8.8CVSS7.9AI score0.83461EPSS

Exploits11References3

Github Security Blog•added 2026/04/24 12:30 p.m.•3 views

Apache ActiveMQ Vulnerable to Code Injection

8.8CVSS6.4AI score0.00073EPSS

Exploits0References4Affected Software3

NVD•added 2026/04/24 11:16 a.m.•2 views

CVE-2026-41044

8.8CVSS0.00073EPSS

Exploits0References2

Vulnrichment•added 2026/04/24 10:16 a.m.•0 views

CVE-2026-41044 Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia

6.5AI score0.00073EPSS

Exploits0References1

EUVD•added 2026/04/24 10:16 a.m.•0 views

EUVD-2026-25412

8.8CVSS6.5AI score0.00073EPSS

Exploits0References1

ATTACKERKB•added 2026/04/24 10:16 a.m.•1 views

CVE-2026-41044

6.5AI score0.00073EPSS

Exploits0References2Affected Software3

Debian CVE•added 2026/04/24 10:16 a.m.•2 views

CVE-2026-41044

8.8CVSS6.6AI score0.00073EPSS

Exploits0

CVE•added 2026/04/24 10:16 a.m.•4 views

CVE-2026-41044

The CVE describes an authenticated RCE/Code Injection in Apache ActiveMQ (Classic) and related brokers via the admin web console. An attacker can craft a malicious broker name (bypassing validation) that embeds an xbean binding, which a VM transport can later load through a DestinationView MBean ...

8.8CVSS6.5AI score0.00073EPSS

Exploits0References2Affected Software2

Cvelist•added 2026/04/24 10:16 a.m.•23 views

CVE-2026-41044 Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia

0.00073EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by