Lucene search
+L

1746 matches found

OSV
OSV
added 2026/07/06 5:47 a.m.7 views

BIT-ACTIVEMQ-2026-54475 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination ownership takeover

Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing...

7.5CVSS5.9AI score0.00589EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 5:47 a.m.4 views

BIT-ACTIVEMQ-2026-53917 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unbounded memory allocation in OpenWire property unmarshalling

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. OpenWire message...

7.5CVSS5.9AI score0.00796EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 5:47 a.m.5 views

BIT-ACTIVEMQ-2026-53916 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS6.1AI score0.00796EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 5:47 a.m.5 views

BIT-ACTIVEMQ-2026-52760 Apache ActiveMQ, Apache ActiveMQ Web Console: Stored XSS via Unescaped values in ActiveMQ Web Console

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a message with a J...

6.1CVSS5.9AI score0.00667EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 5:47 a.m.5 views

BIT-ACTIVEMQ-2026-50750 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...

7.5CVSS5.9AI score0.00707EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 5:47 a.m.6 views

BIT-ACTIVEMQ-2026-50734 Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire memory-allocation DoS during wire format negotiation

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The value is not validate and causes t...

7.5CVSS5.9AI score0.00796EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 5:47 a.m.4 views

BIT-ACTIVEMQ-2026-49877 Apache ActiveMQ: Authenticated web users retain admin access by default in the Web Console

Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-privilege Web Console user by default can access /admin/ paths in the Web Console. The default Jetty settings incorrectly did not limit those paths to only admins. This issue affects Apache ActiveMQ: before 5.19.8, from...

8.1CVSS5.9AI score0.0051EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 5:47 a.m.4 views

BIT-ACTIVEMQ-2026-49434 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: LdapNetworkConnector instantiates denied transports and a remote-properties broker

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS5.9AI score0.00659EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 5:47 a.m.5 views

BIT-ACTIVEMQ-2026-49432 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: STOMP negative content-length enables denial of service

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...

7.5CVSS6.1AI score0.00844EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.11 views

Apache ActiveMQ 5.19.7 < 5.19.8 / 6.2.6 < 6.2.7 DoS

The version of Apache ActiveMQ running on the remote host is 5.19.7 prior to 5.19.8 or 6.2.6 prior to 6.2.7. It is, therefore, affected by a denial of service vulnerability. - Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All...

7.5CVSS6AI score0.00707EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-49432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed...

7.5CVSS6.2AI score0.00844EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-50734

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker c...

7.5CVSS6AI score0.00796EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-53916

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a...

7.5CVSS6.2AI score0.00796EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-53917

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An...

7.5CVSS6AI score0.00796EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-49434

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entrie...

7.5CVSS6AI score0.00659EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/30 6:50 p.m.10 views

CVE-2026-54475

A flaw was found in Apache ActiveMQ. Temporary destinations, which are designed to be private to a specific connection, can be accessed by other connections due to a missing authorization check. This allows an unauthorized connection to consume messages from another connection's temporary...

8.2CVSS5.6AI score0.00589EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/30 5:53 p.m.9 views

CVE-2026-53917

A flaw was found in Apache ActiveMQ. An authenticated user can exploit this vulnerability by sending a specially crafted OpenWire Message with an excessively large encoded size value for the message property map. This lack of size validation during unmarshaling can lead to an out-of-memory error,...

7.5CVSS5.6AI score0.00796EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/30 5:45 p.m.7 views

CVE-2026-50734

A flaw was found in Apache ActiveMQ. An unauthenticated network attacker can exploit this vulnerability by sending a specially crafted WireFormatInfo frame with an excessively large size value. This unvalidated value causes the broker to attempt an oversized memory allocation during...

7.5CVSS5.6AI score0.00796EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/30 5:33 p.m.13 views

CVE-2026-49434

A flaw was found in Apache ActiveMQ. An attacker with privileges to publish or modify entries in Lightweight Directory Access Protocol LDAP can exploit an improper input validation vulnerability. This allows the attacker to instantiate denied transports within the broker's Java Virtual Machine JV...

7.6CVSS5.6AI score0.00659EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/30 12:25 p.m.6 views

External Control of System or Configuration Setting

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to External Control of System or Configuration Setting in the LdapNetworkConnector process. An attacker can instantiat...

7.6CVSS5.8AI score0.00659EPSS
Exploits0References2
Rows per page
Query Builder