Lucene search
K

791 matches found

Nuclei
Nuclei
added yesterday14 views

Apache ActiveMQ 6.x < 6.1.2 - Broken Access Control

Apache ActiveMQ 6.x contains an unauthenticated API web context caused by default configuration lacking security measures in the Jetty server, letting anyone interact with broker APIs and messaging layers, exploit requires no authentication. id: CVE-2024-32114 info: name: Apache ActiveMQ 6.x 6.1....

8.8CVSS7.5AI score0.0692EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 3 days ago7 views

CVE-2026-54475

A flaw was found in Apache ActiveMQ. Temporary destinations, which are designed to be private to a specific connection, can be accessed by other connections due to a missing authorization check. This allows an unauthorized connection to consume messages from another connection's temporary...

8.2CVSS5.6AI score0.00377EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 3 days ago5 views

CVE-2026-53917

A flaw was found in Apache ActiveMQ. An authenticated user can exploit this vulnerability by sending a specially crafted OpenWire Message with an excessively large encoded size value for the message property map. This lack of size validation during unmarshaling can lead to an out-of-memory error,...

7.5CVSS5.6AI score0.00524EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 3 days ago6 views

CVE-2026-50734

A flaw was found in Apache ActiveMQ. An unauthenticated network attacker can exploit this vulnerability by sending a specially crafted WireFormatInfo frame with an excessively large size value. This unvalidated value causes the broker to attempt an oversized memory allocation during...

7.5CVSS5.6AI score0.00524EPSS
Exploits0References4
OSV
OSV
added 3 days ago3 views

DEBIAN-CVE-2026-54475

Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing...

7.5CVSS5.7AI score0.00377EPSS
Exploits0References1
NVD
NVD
added 3 days ago7 views

CVE-2026-54475

Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing...

7.5CVSS0.00377EPSS
Exploits0References2
OSV
OSV
added 3 days ago2 views

DEBIAN-CVE-2026-49877

Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-privilege Web Console user by default can access /admin/ paths in the Web Console. The default Jetty settings incorrectly did not limit those paths to only admins. This issue affects Apache ActiveMQ: before 5.19.8, from...

8.1CVSS5.8AI score0.00392EPSS
Exploits0References1
NVD
NVD
added 3 days ago9 views

CVE-2026-49432

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...

7.5CVSS0.00524EPSS
Exploits0References2
NVD
NVD
added 3 days ago8 views

CVE-2026-49877

Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-privilege Web Console user by default can access /admin/ paths in the Web Console. The default Jetty settings incorrectly did not limit those paths to only admins. This issue affects Apache ActiveMQ: before 5.19.8, from...

8.1CVSS0.00392EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-40284

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...

7.5CVSS6AI score0.00524EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-40283

Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-privilege Web Console user by default can access /admin/ paths in the Web Console. The default Jetty settings incorrectly did not limit those paths to only admins. This issue affects Apache ActiveMQ: before 5.19.8, from...

8.1CVSS5.8AI score0.00392EPSS
Exploits0References1
CVE
CVE
added 3 days ago7 views

CVE-2026-49877

CVE-2026-49877 documents an Improper Authorization vulnerability in Apache ActiveMQ. An authenticated, low-privilege Web Console user can access "/admin/*" paths because Jetty default settings fail to restrict those paths to admins. Affected versions are before 5.19.8 and before 6.2.7 (i.e., 6.0....

8.1CVSS5.8AI score0.00392EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-52760 Apache ActiveMQ, Apache ActiveMQ Web Console: Stored XSS via Unescaped values in ActiveMQ Web Console

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a message with a J...

0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-54475 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination ownership takeover

Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing...

0.00377EPSS
Exploits0References1
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.6 views

CVE-2026-49268 vulnerabilities

Vulnerabilities for packages: apache-activemq, apache-jena-fuseki, neo4j, apache-activemq-fips...

9.1CVSS7.2AI score0.00494EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.4 views

GHSA-X96M-RH44-VGV8 vulnerabilities

Vulnerabilities for packages: apache-activemq, apache-jena-fuseki, neo4j, apache-activemq-fips...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.12 views

CVE-2026-45505

A flaw was found in Apache ActiveMQ. This vulnerability allows an authenticated attacker to bypass a previous fix for CVE-2026-34197 by using non-parenthesized discovery wrappers. By crafting a malicious discovery URI, the attacker can trigger the VM transport's brokerConfig parameter to load a...

8.8CVSS6.3AI score0.00577EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/06/06 5:47 a.m.86 views

Exploit for Improper Input Validation in Apache Activemq

CVE-2026-42588 – Apache ActiveMQ Jolokia Remote Code Execution...

8.1CVSS6.8AI score0.00546EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2026/06/05 5:1 p.m.11 views

Weekly Metasploit Update: Apache ActiveMQ RCE, Gogs Rebase RCE, and Windows Kernel Pointer Enum

When Open Source is a bit too Open Several fun modules landed this week, including an Apache RCE, Windows Kernel pointer collection, and Gogs RCE via naming. Leading off is Gogs' RCE that allows an attacker to execute commands by naming their branch --exec and requesting a rebase. Another useful...

8.8CVSS7.5AI score0.96666EPSS
Exploits12
OSV
OSV
added 2026/06/05 5:38 a.m.8 views

BIT-ACTIVEMQ-2026-49157 Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default

Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...

8.8CVSS5.4AI score0.00424EPSS
Exploits0References3
Rows per page
Query Builder