Lucene search
K

795 matches found

CVE
CVE
added 2026/04/07 7:50 a.m.35 views

CVE-2026-33227

CVE-2026-33227 affects Apache ActiveMQ family (Client, Broker, All, Web) via an improper validation and restriction of classpath path name. In two contexts (creating a Stomp consumer and browsing Web console messages), an authenticated user could craft a key to traverse the classpath due to path ...

4.3CVSS5.8AI score0.00419EPSS
Exploits0References2Affected Software3
ATTACKERKB
ATTACKERKB
added 2026/04/07 7:50 a.m.5 views

CVE-2026-34197

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

8.8CVSS7.2AI score0.96666EPSS
In wildExploits13References3Affected Software3
CVE
CVE
added 2026/04/07 7:50 a.m.87 views

CVE-2026-34197

The CVE-2026-34197 issue affects Apache ActiveMQ products (Broker, All, and Core) before 5.19.4 and before 6.2.3 (6.0.0–6.2.3 range). The root cause is improper input validation and insecure control of code generation via the Jolokia JMX-HTTP bridge, which can be abused to load a remote Spring XM...

8.8CVSS6.6AI score0.96666EPSS
In wildExploits13References6Affected Software2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30805

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.7 Apache ActiveMQ Broker versions 6.0.0 through 6.2.5 Apache ActiveMQ All versions prior to 5.19.7 Apache ActiveMQ All versions 6.0.0 through 6.2.5 Apache ActiveMQ versions prior to 5.19.7 Apache...

9CVSS7.7AI score0.96666EPSS
Exploits13References246
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-33227

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache Active...

4.3CVSS5.9AI score0.00419EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-34197

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ...

8.8CVSS7.3AI score0.96666EPSS
Exploits13References3
GithubExploit
GithubExploit
added 2026/03/18 6:33 p.m.136 views

Exploit for Deserialization of Untrusted Data in Apache Activemq

Security Engineer — Test Task A self-contained Docker environ...

10CVSS7AI score0.99654EPSS
Exploits31
GithubExploit
GithubExploit
added 2026/03/15 5:28 a.m.121 views

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604 Analysis Apache ActiveMQ CVE-2023-46604의 원인,...

10CVSS5.8AI score0.99654EPSS
Exploits31
OSV
OSV
added 2026/03/06 8:36 a.m.6 views

BIT-ACTIVEMQ-2025-66168 Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated

WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://vulners.com/cve/CVE-2026-40046 Original Report: Apache ActiveMQ...

8.8CVSS5.8AI score0.0078EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-27446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing Authentication for Critical Function CWE-306 vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Co...

9.8CVSS7.8AI score0.10629EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-66168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details:...

8.8CVSS5.7AI score0.0078EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/03/04 9:31 a.m.9 views

com.espertech:esperio-springjms (=9.0.0), org.apache.activemq.tooling:activemq-maven-plugin (>=6.0.0 <=6.2.3) +5 more potentially affected by CVE-2025-66168 +1 more via org.apache.activemq:activemq-all (>=6.0.0 <=6.2.3)

org.apache.activemq:activemq-all MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.3 Source cves: CVE-2025-66168, CVE-2026-40046 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15426350...

8.8CVSS6AI score0.0078EPSS
Exploits0
OSV
OSV
added 2026/03/04 9:31 a.m.2 views

GHSA-FW88-PF9M-P947 Apache Artemis and Apache ActiveMQ Artemis are Missing Authentication for Critical Functions

Missing Authentication for Critical Function CWE-306 vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. This cou...

9.8CVSS5.9AI score0.10629EPSS
Exploits1References6
OSV
OSV
added 2026/03/04 9:15 a.m.3 views

CVE-2026-27446

Missing Authentication for Critical Function CWE-306 vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. This cou...

9.8CVSS5.9AI score
Exploits0References3
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.7 views

Apache ActiveMQ 安全漏洞

Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. Versions of Apache ActiveMQ prior to 5.19.2, as well as versions 6.0.0 to 6.1.8 and 6.2.0, have security...

8.8CVSS6.1AI score0.0078EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/10 5:6 p.m.12 views

Security Bulletin: Multiple Vulnerabilities affect IBM Tivoli Business Service Manager

Summary IBM Tivoli Netcool Impact is a component of the IBM Tivoli Business Service Manager data server. Multiple vulnerabilities were addressed in IBM Tivoli Netcool Impact version 7.1.1.0 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with...

7.5CVSS8.2AI score0.64718EPSS
Exploits3Affected Software1
OSV
OSV
added 2025/12/03 2:35 p.m.24 views

BIT-ACTIVEMQ-2020-1941

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue...

6.1CVSS6.1AI score0.06208EPSS
Exploits0References9
OSV
OSV
added 2025/12/03 2:35 p.m.27 views

BIT-ACTIVEMQ-2020-13947

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0...

6.1CVSS5.9AI score0.78972EPSS
Exploits0References7
OSV
OSV
added 2025/12/03 2:35 p.m.32 views

BIT-ACTIVEMQ-2020-13920

Apache ActiveMQ uses LocateRegistry.createRegistry to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to...

5.9CVSS5.6AI score0.04561EPSS
Exploits0References7
OSV
OSV
added 2025/12/03 2:35 p.m.27 views

BIT-ACTIVEMQ-2020-11998

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack:...

9.8CVSS9.7AI score0.51225EPSS
Exploits0References8
Rows per page
Query Builder