Lucene search
+L

1746 matches found

vulnersOsv
vulnersOsv
added 2026/06/01 10:29 a.m.12 views

com.espertech:esperio-springjms (=9.0.0), org.apache.activemq.tooling:activemq-maven-plugin (>=6.0.0 <=6.2.5) +5 more potentially affected by CVE-2026-42588 via org.apache.activemq:activemq-all (>=6.0.0 <=6.2.5)

org.apache.activemq:activemq-all MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.5 Source cves: CVE-2026-42588 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-17151887...

8.1CVSS7.2AI score0.00546EPSS
Exploits2
Snyk
Snyk
added 2026/06/01 10:29 a.m.8 views

Improper Input Validation

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Improper Input Validation through the addNetworkConnector function exposed via the Jolokia JMX-HTTP bridge. An...

8.6CVSS6.2AI score0.00546EPSS
Exploits2References2
Snyk
Snyk
added 2026/06/01 10:29 a.m.7 views

Improper Input Validation

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Improper Input Validation through the addNetworkConnector function exposed via the Jolokia JMX-HTTP bridge. An attacker can achieve arbitrary code...

8.6CVSS6.2AI score0.00546EPSS
Exploits2References2
vulnersOsv
vulnersOsv
added 2026/06/01 10:29 a.m.8 views

com.espertech:esperio-springjms (=9.0.0), org.apache.activemq.tooling:activemq-maven-plugin (>=6.0.0 <=6.2.5) +5 more potentially affected by CVE-2026-49157 via org.apache.activemq:activemq-all (>=6.0.0 <=6.2.5)

org.apache.activemq:activemq-all MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.5 Source cves: CVE-2026-49157 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-17151889...

8.8CVSS5.7AI score0.00424EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/01 10:29 a.m.8 views

org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (=1.3.0) +2 more potentially affected by CVE-2026-49157 via org.apache.activemq:apache-activemq (=5.0.0)

org.apache.activemq:apache-activemq MAVEN version =5.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.activemq:apache-activemq and may be impacted: - org.apache.axis2:axis2-integration =1.4 - org.apache.camel:camel-example-cxf =1.3.0 -...

8.8CVSS5.4AI score0.00424EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/01 10:29 a.m.10 views

be.yildiz-games:module-messaging-activemq (>=1.0.0 <=1.0.1), cn.codeforfun:jfinal-activemq (=0.3) +215 more potentially affected by CVE-2026-49157 via org.apache.activemq:activemq-all (>=5.0.0 <=5.19.6)

org.apache.activemq:activemq-all MAVEN version =5.0.0, =1.0.0, =6.0.03, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3-rc1, =2.0.0, =3.0.0, =8.0.0, =2.0.0, =1.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2026-49157 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-17151889...

8.8CVSS5.4AI score0.00424EPSS
Exploits0
Snyk
Snyk
added 2026/06/01 10:29 a.m.8 views

Incorrect Default Permissions

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Incorrect Default Permissions due to the default authorization settings in Jolokia. An attacker can perform unauthorized broker management...

8.8CVSS5.5AI score0.00424EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/01 10:29 a.m.8 views

Incorrect Default Permissions

Overview org.apache.activemq:apache-activemq is a Message Broker and Client implementations. Affected versions of this package are vulnerable to Incorrect Default Permissions due to the default authorization settings in Jolokia. An attacker can perform unauthorized broker management operations,...

8.8CVSS5.5AI score0.00424EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/06/01 10:26 a.m.8 views

at.chrl:chrl-jms (=1.1.0), at.researchstudio.sat:won-core (>=0.2 <=0.9) +1035 more potentially affected by CVE-2026-49270 via org.apache.activemq:activemq-broker (>=5.10.0 <=5.19.6)

org.apache.activemq:activemq-broker MAVEN version =5.10.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 - at.researchstudio.sat:won-owner =0.3 - at.researchstudio.sat:won-owner-webapp =0.3 and more Source cves: CVE-2026-49270 Source advisory:...

5.9CVSS5.5AI score0.00328EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/01 10:26 a.m.7 views

be.yildiz-games:module-messaging-activemq (=2.0.0), com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.110.0) +111 more potentially affected by CVE-2026-49270 via org.apache.activemq:activemq-broker (>=6.0.0 <=6.2.5)

org.apache.activemq:activemq-broker MAVEN version =6.0.0, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =0.2.2, =1.4.0, =2.3.0 and more Source cves: CVE-2026-49270 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-17151835...

5.9CVSS5.7AI score0.00328EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/01 10:26 a.m.10 views

be.yildiz-games:module-messaging-activemq (>=1.0.0 <=1.0.1), cn.codeforfun:jfinal-activemq (=0.3) +215 more potentially affected by CVE-2026-49270 via org.apache.activemq:activemq-all (>=5.0.0 <=5.19.6)

org.apache.activemq:activemq-all MAVEN version =5.0.0, =1.0.0, =6.0.03, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3-rc1, =2.0.0, =3.0.0, =8.0.0, =2.0.0, =1.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2026-49270 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-17151888...

5.9CVSS5.4AI score0.00328EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/01 10:26 a.m.8 views

com.espertech:esperio-springjms (=9.0.0), org.apache.activemq.tooling:activemq-maven-plugin (>=6.0.0 <=6.2.5) +5 more potentially affected by CVE-2026-49270 via org.apache.activemq:activemq-all (>=6.0.0 <=6.2.5)

org.apache.activemq:activemq-all MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.5 Source cves: CVE-2026-49270 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-17151888...

5.9CVSS5.7AI score0.00328EPSS
Exploits0
Snyk
Snyk
added 2026/06/01 10:26 a.m.10 views

Exposure of Sensitive Information Through Metadata

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata in the BrokerInfo component. An attacker can obtain sensitive metadata, including client...

8.2CVSS5.5AI score0.00328EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 9:16 a.m.27 views

CVE-2026-49270

Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurableSubs set to true, are vulnerable to an unauthenticated attacker who can receive a list of all...

5.9CVSS0.00328EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 9:16 a.m.24 views

CVE-2026-49157

Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...

8.8CVSS0.00424EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 9:16 a.m.31 views

CVE-2026-46605

Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing destinations with proper permissions. This issue affects Apache ActiveMQ Broker: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ All: before 5.19.7, fr...

4.3CVSS0.00335EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 9:16 a.m.53 views

CVE-2026-42588

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

8.1CVSS0.00546EPSS
Exploits2References2
NVD
NVD
added 2026/06/01 9:16 a.m.19 views

CVE-2026-45505

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

8.8CVSS0.00577EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 9:16 a.m.19 views

CVE-2026-42253

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...

6.1CVSS0.01107EPSS
Exploits1References2
OSV
OSV
added 2026/06/01 9:16 a.m.24 views

UBUNTU-CVE-2026-42253

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...

6.1CVSS5.8AI score0.01107EPSS
Exploits1References5
Rows per page
Query Builder