CVE-2026-40046

A flaw was found in Apache ActiveMQ, Apache ActiveMQ All and Apache ActiveMQ MQTT. The fix for CVE-2025-66168 was not applied for 6.0.0+ versions. This exposed the underlying integer overflow/wraparound vulnerability when handling MQTT control packets, causing the broker to misinterpret payloads...

DEBIAN-CVE-2026-39304

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes...

Security Bulletin: A vulnerability in Apache Active MQ NMS affects IBM Robotic Process Automation and could result in arbitrary code exections (CVE-2025-29953).

Summary A vulnerability in Apache Active MQ NMS affects IBM Robotic Process Automation and could result in arbitrary code exections CVE-2025-29953. Apache Active MQ is used by IBM Robotic Process automation for integration with Apache Active MQ. This security bulletin identifies the fixes require...

Apache ActiveMQ 安全漏洞

Apache ActiveMQ is a set of open source messaging middleware from the US Apache Apache Foundation, which supports Java Messaging Service, clustering, Spring Framework, and more. A security vulnerability exists in Apache ActiveMQ versions prior to 6.1.6, prior to 5.18.7, prior to 5.17.7, and prior...

GHSA-9CVR-8XQ4-2M73 Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ

Multiple cross-site scripting XSS vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Apache Active MQ 5.0.0 to 5.15.5 Authenticated XSS Vulnerability - Linux

Apache ActiveMQ is prone to an authenticated XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Apache Active MQ 5.14.0 - 5.15.2 Information Disclosure Vulnerability - Windows

Apache Active MQ is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Apache Active MQ 5.14.0 - 5.15.2 Information Disclosure Vulnerability - Linux

Apache Active MQ is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Apache Active MQ 5.14.1 XSS Vulnerability - Linux

Apache Active MQ 5.x before 5.14.1 is prone to an authenticated XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if descripti...

UBUNTU-CVE-2015-6524

The LDAPLoginModule implementation in the Java Authentication and Authorization Service JAAS in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-361...