CVE-2026-53917

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. OpenWire message...

CVE-2026-49877 Apache ActiveMQ: Authenticated web users retain admin access by default in the Web Console

Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-privilege Web Console user by default can access /admin/ paths in the Web Console. The default Jetty settings incorrectly did not limit those paths to only admins. This issue affects Apache ActiveMQ: before 5.19.8, from...

CVE-2026-49877

CVE-2026-49877 documents an Improper Authorization vulnerability in Apache ActiveMQ. An authenticated, low-privilege Web Console user can access "/admin/*" paths because Jetty default settings fail to restrict those paths to admins. Affected versions are before 5.19.8 and before 6.2.7 (i.e., 6.0....

CVE-2026-52760 Apache ActiveMQ, Apache ActiveMQ Web Console: Stored XSS via Unescaped values in ActiveMQ Web Console

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a message with a J...

CVE-2026-53916 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

EUVD-2026-40277

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. OpenWire message...

GSD-2022-1004999 xsk: Fix corrupted packets for XDP_SHARED_UMEM

xsk: Fix corrupted packets for XDPSHAREDUMEM This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.8 by commit...

PT-2022-33213 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.8 Description: The issue is related to a data-race condition for max midi devs access in the ALSA seq: oss component. The actual impact and attack plausibility have not yet been proven. Recommendations: Fo...

PT-2022-33228 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.8 Description: The issue concerns an out-of-bounds access in the Linux Kernel. It was introduced in version v5.9 and fixed in version v5.19.8. The actual impact and attack plausibility have not yet been...

PT-2022-33252 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.8 Description: A data-race issue exists around bpf jit limit. The actual impact and attack plausibility have not yet been proven. This issue was introduced in version v4.20 and is fixed in Linux Kernel...