CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added 17 hours ago•52 views

Apache ActiveMQ <=5.15.5 - Cross-Site Scripting

Apache ActiveMQ versions 5.0.0 to 5.15.5 are vulnerable to cross-site scripting via the web based administration console on the queue.jsp page. The root cause of this issue is improper data filtering of the QueueFilter parameter. id: CVE-2018-8006 info: name: Apache ActiveMQ =5.15.5 - Cross-Site...

6.1CVSS6.5AI score0.78485EPSS

Exploits0References10

Nuclei•added 17 hours ago•4 views

Apache ActiveMQ - Remote Code Execution via HTTP Discovery Transport Bypass

Apache ActiveMQ before 5.19.6 and 6.0.0 through 6.2.4 is vulnerable to remote code execution via a bypass of the CVE-2026-34197 security fix. The original fix blocked the "vm://" transport scheme in BrokerView.addNetworkConnector and BrokerView.addConnector to prevent authenticated attackers from...

8.8CVSS7.3AI score0.83461EPSS

Exploits11References4

Nuclei•added 17 hours ago•7 views

Apache ActiveMQ 6.x < 6.1.2 - Broken Access Control

Apache ActiveMQ 6.x contains an unauthenticated API web context caused by default configuration lacking security measures in the Jetty server, letting anyone interact with broker APIs and messaging layers, exploit requires no authentication. id: CVE-2024-32114 info: name: Apache ActiveMQ 6.x 6.1....

8.8CVSS7.3AI score0.65406EPSS

Exploits1References4

OSV•added 2 days ago•6 views

ROOT-APP-MAVEN-CVE-2025-27533 CVE-2025-27533 in io.root.org.apache.activemq:activemq-openwire-legacy - Patched by Root

Root has patched CVE-2025-27533 in the io.root.org.apache.activemq:activemq-openwire-legacy package for Root:Maven. Multiple fixed versions available...

7.5CVSS6.9AI score0.02253EPSS

Exploits2

OSV•added 2 days ago•8 views

ROOT-APP-MAVEN-CVE-2025-66168 CVE-2025-66168 in io.root.org.apache.activemq:activemq-mqtt - Patched by Root

Root has patched CVE-2025-66168 in the io.root.org.apache.activemq:activemq-mqtt package for Root:Maven. Multiple fixed versions available...

8.8CVSS5.8AI score0.00076EPSS

OSV•added 2 days ago•8 views

ROOT-APP-MAVEN-CVE-2026-39304 CVE-2026-39304 in io.root.org.apache.activemq:activemq-client - Patched by Root

Root has patched CVE-2026-39304 in the io.root.org.apache.activemq:activemq-client package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.00056EPSS

OSV•added 2 days ago•7 views

ROOT-APP-MAVEN-CVE-2026-34197 CVE-2026-34197 in io.root.org.apache.activemq:activemq-broker - Patched by Root

Root has patched CVE-2026-34197 in the io.root.org.apache.activemq:activemq-broker package for Root:Maven. Multiple fixed versions available...

8.8CVSS7.1AI score0.83461EPSS

Exploits11

OSV•added 2 days ago•8 views

ROOT-APP-MAVEN-CVE-2026-41044 CVE-2026-41044 in io.root.org.apache.activemq:activemq-broker - Patched by Root

Root has patched CVE-2026-41044 in the io.root.org.apache.activemq:activemq-broker package for Root:Maven. Multiple fixed versions available...

8.8CVSS5.8AI score0.00073EPSS

OSV•added 2 days ago•7 views

ROOT-APP-MAVEN-CVE-2026-40466 CVE-2026-40466 in io.root.org.apache.activemq:activemq-all - Patched by Root

Root has patched CVE-2026-40466 in the io.root.org.apache.activemq:activemq-all package for Root:Maven. Multiple fixed versions available...

8.8CVSS5.8AI score0.18014EPSS

Nuclei•added 2 days ago•20 views

Apache ActiveMQ - Remote Code Execution

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

8.8CVSS7.2AI score0.83461EPSS

Exploits11References3

4.3CVSS5.8AI score0.00058EPSS

Linux Distros Unpatched Vulnerability : CVE-2026-46605

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing destinations with prop...

8.1CVSS6.4AI score0.00056EPSS

Linux Distros Unpatched Vulnerability : CVE-2026-42588

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ...

6.1CVSS5.8AI score0.00169EPSS

Linux Distros Unpatched Vulnerability : CVE-2026-42253

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in...

Tenable Nessus•added 2 days ago•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-45505

8.8CVSS6.9AI score0.83461EPSS

Exploits11References3

Tenable Nessus•added 2 days ago•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-49157

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia...

8.8CVSS5.8AI score0.0007EPSS

5.9CVSS5.8AI score0.0009EPSS

Linux Distros Unpatched Vulnerability : CVE-2026-49270

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured wi...