CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

CVE-2026-42588

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

8.1CVSS0.00056EPSS

Exploits0References2

OSV•added 3 days ago•6 views

UBUNTU-CVE-2026-42588

8.1CVSS6.4AI score0.00056EPSS

Exploits0References5

EUVD•added 3 days ago•7 views

EUVD-2026-33577

8.1CVSS6.4AI score0.00056EPSS

Exploits0References1

ATTACKERKB•added 3 days ago•6 views

CVE-2026-42588

6.4AI score0.00056EPSS

Exploits0References2Affected Software3

Vulnrichment•added 3 days ago•6 views

CVE-2026-45505 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

6.4AI score0.001EPSS

Exploits0References2

Tenable Nessus•added 2026/04/30 12:0 a.m.•3 views

Apache ActiveMQ < 5.19.6 / 6.x < 6.2.5 Multiple Vulnerabilities

The version of Apache ActiveMQ running on the remote host is prior to 5.19.6 or 6.x prior to 6.2.5. It is, therefore, affected by multiple vulnerabilities: - An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport via...

8.8CVSS7.8AI score0.83461EPSS

Exploits11References6

OSV•added 2026/04/28 8:37 a.m.•0 views

BIT-ACTIVEMQ-2026-41044 Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...

8.8CVSS6.6AI score0.00073EPSS

Exploits0References3

NVD•added 2026/04/24 11:16 a.m.•2 views

CVE-2026-41044

8.8CVSS0.00073EPSS

Exploits0References2

Vulnrichment•added 2026/04/24 10:16 a.m.•1 views

CVE-2026-41044 Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia

6.5AI score0.00073EPSS

Exploits0References1

EUVD•added 2026/04/24 10:16 a.m.•0 views

EUVD-2026-25412

8.8CVSS6.5AI score0.00073EPSS

Exploits0References1

CVE•added 2026/04/24 10:16 a.m.•5 views

CVE-2026-41044

The CVE describes an authenticated RCE/Code Injection in Apache ActiveMQ (Classic) and related brokers via the admin web console. An attacker can craft a malicious broker name (bypassing validation) that embeds an xbean binding, which a VM transport can later load through a DestinationView MBean ...

8.8CVSS6.5AI score0.00073EPSS

Exploits0References2Affected Software2

ATTACKERKB•added 2026/04/24 10:15 a.m.•2 views

CVE-2026-40466

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

8.8CVSS8.6AI score0.83461EPSS

Exploits11References2Affected Software3

CVE•added 2026/04/24 10:15 a.m.•25 views

CVE-2026-40466

CVE-2026-40466 affects Apache ActiveMQ components (Broker, All, and ActiveMQ) with vulnerable versions prior to 5.19.6 and 6.0.0–6.2.4/6.2.5 before patch. The issue is due to improper input validation and code injection: an authenticated attacker can bypass CVE-34197 by adding a network connector...

8.8CVSS8.6AI score0.18014EPSS

In wildExploits0References1Affected Software1

Github Security Blog•added 2026/04/07 9:31 a.m.•6 views

Authenticated Apache ActiveMQ Broker and Apache ActiveMQ users could perform RCE via Jolokia MBeans

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

8.8CVSS7.8AI score0.83461EPSS

Exploits11References5Affected Software2

OSV•added 2026/04/07 9:16 a.m.•1 views

UBUNTU-CVE-2026-34197

8.8CVSS7.8AI score0.83461EPSS

Exploits11References5

Cvelist•added 2026/04/07 7:50 a.m.•26 views

CVE-2026-34197 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans

0.83461EPSS

Exploits11References1

Debian CVE•added 2026/04/07 7:50 a.m.•3 views

CVE-2026-34197

8.8CVSS8.7AI score0.83461EPSS

Exploits11

CVE•added 2026/04/07 7:50 a.m.•43 views

CVE-2026-34197

The CVE-2026-34197 issue affects Apache ActiveMQ products (Broker, All, and Core) before 5.19.4 and before 6.2.3 (6.0.0–6.2.3 range). The root cause is improper input validation and insecure control of code generation via the Jolokia JMX-HTTP bridge, which can be abused to load a remote Spring XM...

8.8CVSS6.6AI score0.83461EPSS

In wildExploits11References3Affected Software2

UbuntuCve•added 2026/04/07 12:0 a.m.•1 views

CVE-2026-34197

8.8CVSS7.4AI score0.83461EPSS

Exploits11References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by