Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.12 views

CVE-2026-45505

A flaw was found in Apache ActiveMQ. This vulnerability allows an authenticated attacker to bypass a previous fix for CVE-2026-34197 by using non-parenthesized discovery wrappers. By crafting a malicious discovery URI, the attacker can trigger the VM transport's brokerConfig parameter to load a...

8.8CVSS6.3AI score0.00577EPSS
Exploits0References5
OSV
OSV
added 2026/04/28 8:37 a.m.4 views

BIT-ACTIVEMQ-2026-40466 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

8.8CVSS8.6AI score0.96666EPSS
Exploits13References2
NVD
NVD
added 2026/04/07 9:16 a.m.5 views

CVE-2026-33227

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

4.3CVSS0.00419EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 7:50 a.m.83 views

CVE-2026-34197

The CVE-2026-34197 issue affects Apache ActiveMQ products (Broker, All, and Core) before 5.19.4 and before 6.2.3 (6.0.0–6.2.3 range). The root cause is improper input validation and insecure control of code generation via the Jolokia JMX-HTTP bridge, which can be abused to load a remote Spring XM...

8.8CVSS6.6AI score0.96666EPSS
In wildExploits13References6Affected Software2
Rows per page
Query Builder