Lucene search
K

40 matches found

NVD
NVD
added 2026/06/30 11:16 a.m.8 views

CVE-2026-53917

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. OpenWire message...

7.5CVSS0.00796EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:16 a.m.5 views

UBUNTU-CVE-2026-50734

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The value is not validate and causes t...

7.5CVSS5.8AI score0.00796EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/30 9:53 a.m.8 views

CVE-2026-50734

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The value is not validate and causes t...

7.5CVSS5.7AI score0.00796EPSS
Exploits0References2Affected Software3
OSV
OSV
added 2026/06/30 9:49 a.m.4 views

CVE-2026-53916 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS6.1AI score0.00796EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53838

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.8 Apache ActiveMQ versions 6.0.0 through 6.2.6 Apache ActiveMQ All versions prior to 5.19.8 Apache ActiveMQ All versions 6.0.0 through 6.2.6 Apache ActiveMQ Stomp versions prior to 5.19.8 Apache ActiveMQ...

7.5CVSS6.1AI score0.00844EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.10 views

CVE-2026-42253

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...

6.1CVSS5.4AI score0.01107EPSS
Exploits1References1
CVE
CVE
added 2026/06/01 7:22 a.m.71 views

CVE-2026-45505

CVE-2026-45505 details a Code Injection vulnerability in Apache ActiveMQ components (Broker/All/ActiveMQ) where non-standard Jolokia discovery wrappers (e.g., masterslave:vm://, static:vm://) bypass the fix for CVE-2026-34197. An authenticated attacker could abuse Jolokia’s JMX-HTTP bridge at /ap...

8.8CVSS6.4AI score0.00577EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45383

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.7 Apache ActiveMQ Broker versions 6.0.0 through 6.2.5 Apache ActiveMQ versions prior to 5.19.7 Apache ActiveMQ versions 6.0.0 through 6.2.5 Apache ActiveMQ All versions prior to 5.19.7 Apache...

5.9CVSS5.4AI score0.00328EPSS
Exploits0References24
VulnCheck KEV
VulnCheck KEV
added 2026/05/07 12:0 a.m.47 views

VulnCheck KEV: CVE-2026-40466

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

8.8CVSS6.4AI score0.04783EPSS
In wildExploits13References19
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.9 views

RHCOS 2 : activemq (RHSA-2014:0245)

The remote Red Hat Enterprise Linux CoreOS 2 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0245 advisory. - HawtJNI: predictable temporary file name leading to local arbitrary code execution CVE-2013-2035 - Framework: XML External Entity...

7.5CVSS6.5AI score0.26467EPSS
Exploits4References10
OSV
OSV
added 2026/05/03 9:55 a.m.6 views

OESA-2026-2125 activemq security update

The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: 'Severity: low \n\nAffected versions:\n\n- Apache ActiveMQ Client org.apache.activemq:activemq-client before 5.19.3\n- Apache ActiveMQ Client org.apache.activemq:activemq-client 6.0.0 before...

8.8CVSS6.4AI score0.96666EPSS
Exploits13References8
EUVD
EUVD
added 2026/04/24 10:16 a.m.10 views

EUVD-2026-25412

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...

8.8CVSS6.5AI score0.0098EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/24 10:16 a.m.36 views

CVE-2026-41043 Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML instead of XML and by injecting...

0.0056EPSS
Exploits0References1
OSV
OSV
added 2026/04/24 10:16 a.m.1 views

CVE-2026-41043 Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML instead of XML and by injecting...

6.5CVSS5.9AI score0.0056EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/24 10:15 a.m.5 views

CVE-2026-40466 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

8.6AI score0.96666EPSS
Exploits13References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.10 views

PT-2026-34871

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.6 Apache ActiveMQ versions 6.0.0 through 6.2.4 Apache ActiveMQ Web versions prior to 5.19.6 Apache ActiveMQ Web versions 6.0.0 through 6.2.4 Description An authenticated attacker can display malicious...

6.5CVSS6AI score0.0056EPSS
Exploits0References29
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-41044

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All...

8.8CVSS7.8AI score0.0098EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/10 5:3 p.m.5 views

CVE-2026-40046

A flaw was found in Apache ActiveMQ, Apache ActiveMQ All and Apache ActiveMQ MQTT. The fix for CVE-2025-66168 was not applied for 6.0.0+ versions. This exposed the underlying integer overflow/wraparound vulnerability when handling MQTT control packets, causing the broker to misinterpret payloads...

8.8CVSS5.7AI score0.0078EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/10 12:31 p.m.4 views

EUVD-2026-21362

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes...

7.5CVSS5.8AI score0.00896EPSS
Exploits0References3
OSV
OSV
added 2026/04/10 11:16 a.m.3 views

DEBIAN-CVE-2026-39304

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes...

7.5CVSS5.4AI score0.00896EPSS
Exploits0References1
Rows per page
Query Builder