Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

778 matches found

Chainguard
Chainguardadded 9 hours ago3 views

GHSA-X96M-RH44-VGV8 vulnerabilities

Vulnerabilities for packages: apache-activemq-fips, neo4j...

5.8AI score
Exploits0
Chainguard
Chainguardadded 9 hours ago4 views

CVE-2026-49268 vulnerabilities

Vulnerabilities for packages: apache-activemq-fips, neo4j...

9.1CVSS5.8AI score0.00494EPSS
Exploits0
Nuclei
Nucleiadded 13 hours ago13 views

Apache ActiveMQ 6.x < 6.1.2 - Broken Access Control

Apache ActiveMQ 6.x contains an unauthenticated API web context caused by default configuration lacking security measures in the Jetty server, letting anyone interact with broker APIs and messaging layers, exploit requires no authentication. id: CVE-2024-32114 info: name: Apache ActiveMQ 6.x 6.1....

8.8CVSS7.4AI score0.05367EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2026/06/11 8:59 a.m.11 views

CVE-2026-45505

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

8.8CVSS6.3AI score0.00527EPSS
Exploits0References1
GithubExploit
GithubExploitadded 2026/06/06 5:47 a.m.73 views

Exploit for Improper Input Validation in Apache Activemq

CVE-2026-42588 – Apache ActiveMQ Jolokia Remote Code Execution...

8.1CVSS6.8AI score0.00404EPSS
Exploits1
Rapid7 Blog
Rapid7 Blogadded 2026/06/05 5:1 p.m.9 views

Weekly Metasploit Update: Apache ActiveMQ RCE, Gogs Rebase RCE, and Windows Kernel Pointer Enum

When Open Source is a bit too Open Several fun modules landed this week, including an Apache RCE, Windows Kernel pointer collection, and Gogs RCE via naming. Leading off is Gogs' RCE that allows an attacker to execute commands by naming their branch --exec and requesting a rebase. Another useful...

8.8CVSS7.5AI score0.87048EPSS
Exploits12
OSV
OSVadded 2026/06/05 5:38 a.m.5 views

BIT-ACTIVEMQ-2026-49157 Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default

Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...

8.8CVSS5.4AI score0.00373EPSS
Exploits0References3
OSV
OSVadded 2026/06/05 5:38 a.m.8 views

BIT-ACTIVEMQ-2026-45505 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

8.8CVSS6.3AI score0.87048EPSS
Exploits12References3
Tenable Nessus
Tenable Nessusadded 2026/06/02 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-42253

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in...

6.1CVSS5.4AI score0.00423EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/06/02 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-42588

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ...

8.1CVSS6.5AI score0.00404EPSS
Exploits1References3
Tenable Nessus
Tenable Nessusadded 2026/06/02 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-46605

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing destinations with prop...

4.3CVSS5.8AI score0.00335EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/06/02 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-45505

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ...

8.8CVSS6.9AI score0.87048EPSS
Exploits12References3
Tenable Nessus
Tenable Nessusadded 2026/06/02 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-49157

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia...

8.8CVSS5.8AI score0.00373EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/06/02 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-49270

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured wi...

5.9CVSS5.8AI score0.00341EPSS
Exploits0References3
vulnersOsv
vulnersOsvadded 2026/06/01 10:29 a.m.6 views

be.yildiz-games:module-messaging-activemq (=2.0.0), com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.108.0) +138 more potentially affected by CVE-2026-46605 via org.apache.activemq:activemq-broker (>=6.0.0 <=6.2.5)

org.apache.activemq:activemq-broker MAVEN version =6.0.0, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =1.0.1, =0.2.2, =0.2.3 and more Source cves: CVE-2026-46605 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-17151899...

4.3CVSS5.5AI score0.00335EPSS
Exploits0
vulnersOsv
vulnersOsvadded 2026/06/01 10:29 a.m.8 views

com.espertech:esperio-springjms (=9.0.0), io.fabric8.examples:fabric-activemq-demo (>=1.1.0.Beta1 <=1.2.0.redhat-133) +21 more potentially affected by CVE-2026-42588 via org.apache.activemq:activemq-all (>=6.0.0 <=6.2.5)

org.apache.activemq:activemq-all MAVEN version =6.0.0, =1.1.0.Beta1, =1.1.0.Beta1, =1.1.0.Beta1, =4.2.9.hyte-4296, =4.2.9.hyte-4296, =4.2.9.hyte-4296, =4.2.9.hyte-4296, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.5 and more Source cves: CVE-2026-42588 Source advisory:...

8.1CVSS5.4AI score0.00404EPSS
Exploits1
NVD
NVDadded 2026/06/01 9:16 a.m.40 views

CVE-2026-42588

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

8.1CVSS0.00404EPSS
Exploits1References2
OSV
OSVadded 2026/06/01 9:16 a.m.9 views

UBUNTU-CVE-2026-45505

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

8.8CVSS6.6AI score0.87048EPSS
Exploits12References5
Vulnrichment
Vulnrichmentadded 2026/06/01 7:22 a.m.12 views

CVE-2026-45505 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

6.4AI score0.00527EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/01 7:22 a.m.17 views

EUVD-2026-33576

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

8.8CVSS7.2AI score0.87048EPSS
Exploits12References2
Rows per page
Query Builder