Lucene search
K

25 matches found

NVD
NVD
added yesterday8 views

CVE-2026-49432

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...

7.5CVSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-49432

CVE-2026-49432 affects Apache ActiveMQ, including ActiveMQ All and ActiveMQ Stomp, due to improper input validation on STOMP exposure. A remote unauthenticated attacker can trigger denial-of-service by sending a negative content-length to an exposed STOMP connector. On the NIO STOMP transport, an...

7.5CVSS6AI score
Exploits0References2
Cvelist
Cvelist
added yesterday18 views

CVE-2026-49432 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: STOMP negative content-length enables denial of service

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...

Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-40284

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...

7.5CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added yesterday22 views

CVE-2026-53916 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.9 views

CVE-2026-40914

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

4.3CVSS5.5AI score0.00372EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.11 views

Apache Artemis 2.0.0 < 2.54.0 Incorrect Authorization (CVE-2026-40914)

The version of Apache Artemis formerly Apache ActiveMQ Artemis installed on the remote host is affected by a vulnerability: - A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an...

4.3CVSS5.8AI score0.00372EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/28 2:42 p.m.5 views

com.io7m.jsay:com.io7m.jsay (>=0.0.2 <=1.0.0), com.jkoolcloud.tnt4j.streams:tnt4j-streams-jms (>=1.14.2 <=2.3.0) +6 more potentially affected by CVE-2026-40914 via org.apache.activemq:artemis-stomp-protocol (>=2.0.0 <=2.4.0)

org.apache.activemq:artemis-stomp-protocol MAVEN version =2.0.0, =0.0.2, =1.14.2, =4.2.8, =2.0.0, =2.0.0, =2.31.1, =2.29.0, =2.44.0 Source cves: CVE-2026-40914 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-17116517...

4.3CVSS5.4AI score0.00372EPSS
Exploits0
Snyk
Snyk
added 2026/05/28 2:42 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the updateAddressInfo and createAddress methods. A user with consume or send permssions can modify the routing-type of an address - e.g. from ANYCAST to MULTICAST. Remediation Upgrade...

5.4CVSS5.8AI score0.00372EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/28 2:42 p.m.7 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the updateAddressInfo and createAddress methods. A user with consume or send permssions can modify the routing-type of an address - e.g. from ANYCAST to MULTICAST. Remediation Upgrade...

5.4CVSS5.8AI score0.00372EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/28 2:42 p.m.6 views

org.apache.artemis:apache-artemis (>=2.50.0 <=2.53.0), org.apache.artemis:artemis-features (>=2.50.0 <=2.53.0) +1 more potentially affected by CVE-2026-40914 via org.apache.artemis:artemis-stomp-protocol (>=2.50.0 <=2.53.0)

org.apache.artemis:artemis-stomp-protocol MAVEN version =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.53.0 Source cves: CVE-2026-40914 Source advisory: SNYK:JAVA-ORGAPACHEARTEMIS-17116516...

4.3CVSS5.4AI score0.00372EPSS
Exploits0
NVD
NVD
added 2026/05/28 1:16 p.m.12 views

CVE-2026-40914

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

4.3CVSS0.00372EPSS
Exploits0References2
CVE
CVE
added 2026/05/28 12:28 p.m.26 views

CVE-2026-40914

CVE-2026-40914 describes a vulnerability in Apache Artemis (and Apache ActiveMQ Artemis) where a STOMP-authenticated user with either consume or send permission on an address can augment the address routing-type without having createAddress permission for that address. This allows sending or cons...

4.3CVSS5.8AI score0.00372EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/28 12:28 p.m.29 views

CVE-2026-40914 Apache Artemis Stomp Protocol, Apache ActiveMQ Artemis Stomp Protocol: Address routing-type can be updated by STOMP protocol user without the createAddress permission

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

0.00372EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 12:28 p.m.5 views

CVE-2026-40914

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

5.8AI score0.00372EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/05/28 12:28 p.m.13 views

EUVD-2026-32894

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

5.8AI score0.00372EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 12:28 p.m.8 views

CVE-2026-40914 Apache Artemis Stomp Protocol, Apache ActiveMQ Artemis Stomp Protocol: Address routing-type can be updated by STOMP protocol user without the createAddress permission

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

5.8AI score0.00372EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/07 9:31 a.m.3 views

Directory Traversal

Overview org.apache.activemq:activemq-client is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a...

5.3CVSS6.3AI score0.00419EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/10/24 12:0 a.m.3 views

VMware Spring Framework < 5.3.46, 6.0.x < 6.1.24, 6.2.x < 6.2.12 CSRF Vulnerability - Linux

The VMware Spring Framework is prone to a STOMP cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

4.3CVSS7AI score0.00286EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2018-1257

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSock...

6.5CVSS6.8AI score0.03279EPSS
Exploits0References2
Rows per page
Query Builder