Lucene search
+L

1746 matches found

RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.11 views

CVE-2026-42588

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

8.1CVSS6.2AI score0.00546EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2026/06/06 12:39 p.m.82 views

Exploit for Improper Input Validation in Apache Activemq

CVE-2026-34197 - Apache ActiveMQ RCE via Jolokia 1. Overvi...

8.8CVSS6.4AI score0.96666EPSS
Exploits14
GithubExploit
GithubExploit
added 2026/06/06 5:47 a.m.111 views

Exploit for Improper Input Validation in Apache Activemq

CVE-2026-42588 – Apache ActiveMQ Jolokia Remote Code Execution...

8.1CVSS6.8AI score0.00546EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/06/06 5:17 a.m.80 views

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604-RCE Python implementation of Apache ActiveMQ...

10CVSS7.3AI score0.99654EPSS
Exploits31
Rapid7 Blog
Rapid7 Blog
added 2026/06/05 5:1 p.m.16 views

Weekly Metasploit Update: Apache ActiveMQ RCE, Gogs Rebase RCE, and Windows Kernel Pointer Enum

When Open Source is a bit too Open Several fun modules landed this week, including an Apache RCE, Windows Kernel pointer collection, and Gogs RCE via naming. Leading off is Gogs' RCE that allows an attacker to execute commands by naming their branch --exec and requesting a rebase. Another useful...

8.8CVSS7.5AI score0.96666EPSS
Exploits14
OSV
OSV
added 2026/06/05 5:38 a.m.14 views

BIT-ACTIVEMQ-2026-49270 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire)

Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurableSubs set to true, are vulnerable to an unauthenticated attacker who can receive a list of all...

5.9CVSS5.4AI score0.00328EPSS
Exploits0References3
OSV
OSV
added 2026/06/05 5:38 a.m.15 views

BIT-ACTIVEMQ-2026-49157 Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default

Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...

8.8CVSS5.4AI score0.00424EPSS
Exploits0References3
OSV
OSV
added 2026/06/05 5:38 a.m.9 views

BIT-ACTIVEMQ-2026-46605 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incomplete authorization during destination removal

Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing destinations with proper permissions. This issue affects Apache ActiveMQ Broker: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ All: before 5.19.7, fr...

4.3CVSS5.4AI score0.00335EPSS
Exploits0References3
OSV
OSV
added 2026/06/05 5:38 a.m.13 views

BIT-ACTIVEMQ-2026-45505 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

8.8CVSS6.3AI score0.96666EPSS
Exploits14References3
OSV
OSV
added 2026/06/05 5:38 a.m.11 views

BIT-ACTIVEMQ-2026-42588 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

8.1CVSS6.2AI score0.00546EPSS
Exploits2References3
OSV
OSV
added 2026/06/05 5:38 a.m.14 views

BIT-ACTIVEMQ-2026-42253 Apache ActiveMQ, Apache ActiveMQ Web: HTTP Response Header Injection via JMS Message Properties

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...

6.1CVSS5.4AI score0.01107EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.11 views

Apache ActiveMQ < 5.19.7 / 6.x < 6.2.6 Multiple Vulnerabilities

The version of Apache ActiveMQ running on the remote host is prior to 5.19.7 or 6.x prior to 6.2.6. It is, therefore, affected by multiple vulnerabilities: - Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ...

8.8CVSS7.3AI score0.96666EPSS
Exploits14References6
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.18 views

Apache ActiveMQ 5.14.x < 5.19.7 / 6.x < 6.2.6 Information Disclosure

The version of Apache ActiveMQ running on the remote host is 5.14.x prior to 5.19.7 or 6.x prior to 6.2.6. It is, therefore, affected by an information disclosure vulnerability: - Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache...

5.9CVSS5.6AI score0.00328EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-45505

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ...

8.8CVSS7.2AI score0.96666EPSS
Exploits14References4
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-42588

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ...

8.1CVSS6.5AI score0.00546EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-49157

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia...

8.8CVSS6AI score0.00424EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-42253

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in...

6.1CVSS5.4AI score0.01107EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-46605

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing destinations with prop...

4.3CVSS6AI score0.00335EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-49270

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured wi...

5.9CVSS6AI score0.00328EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/06/01 10:29 a.m.10 views

org.apache.activemq:activemq-osgi (>=6.0.0 <=6.2.5), org.apache.activemq:activemq-web-console (>=6.0.0 <=6.2.5) +2 more potentially affected by CVE-2026-42253 via org.apache.activemq:activemq-web (>=6.0.0 <=6.2.5)

org.apache.activemq:activemq-web MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.5 Source cves: CVE-2026-42253 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-17151924...

6.1CVSS5.7AI score0.01107EPSS
Exploits1
Rows per page
Query Builder