Lucene search
K

793 matches found

Debian CVE
Debian CVE
added 2026/06/01 7:20 a.m.10 views

CVE-2026-49157

Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...

8.8CVSS5.8AI score0.00424EPSS
Exploits0
EUVD
EUVD
added 2026/06/01 7:20 a.m.14 views

EUVD-2026-33574

Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...

8.8CVSS5.8AI score0.00424EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45377

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.7 Apache ActiveMQ versions 6.0.0 through 6.2.5 Description Incomplete authorization in the server allows authenticated connections to remove existing destinations when they possess the proper permissions...

4.3CVSS5.4AI score0.00335EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.16 views

PT-2026-45376

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.7 Apache ActiveMQ Broker versions 6.0.0 through 6.2.5 Apache ActiveMQ All versions prior to 5.19.7 Apache ActiveMQ All versions 6.0.0 through 6.2.5 Apache ActiveMQ versions prior to 5.19.7 Apache...

8.8CVSS6AI score0.00577EPSS
Exploits0References23
Packet Storm
Packet Storm
added 2026/06/01 12:0 a.m.58 views

📄 Apache ActiveMQ Jolokia Remote Code Execution

This is a proof of concept security research tool that evaluates a potential authenticated remote code execution pathway through the Jolokia management interface exposed by Apache ActiveMQ. The tool authenticates to the broker, discovers configuration details, interacts with JMX operations expose...

8.8CVSS7.2AI score0.96666EPSS
Exploits13
Chainguard
Chainguard
added 2026/05/23 7:17 a.m.17 views

CVE-2026-40453 vulnerabilities

Vulnerabilities for packages: apache-activemq, apache-activemq-fips...

9.9CVSS5.9AI score0.0086EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/23 7:17 a.m.10 views

GHSA-JG2M-9X48-3GVJ vulnerabilities

Vulnerabilities for packages: apache-activemq, apache-activemq-fips...

5.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/18 12:21 p.m.21 views

org.apache.artemis:artemis-server: org.apache.activemq:artemis-server: Apache Artemis, Apache ActiveMQ Artemis: Message injection and exfiltration due to missing authentication

A flaw was found in Apache Artemis and Apache ActiveMQ Artemis. An unauthenticated remote attacker can exploit a missing authentication for critical function vulnerability by using the Core protocol. This allows the attacker to force a target broker to establish an outbound Core federation...

9.8CVSS7.3AI score0.10629EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2026/05/18 3:30 a.m.100 views

Exploit for Improper Input Validation in Apache Activemq

CVE-2026-34197 Description \ Improper Input Validation, Imp...

8.8CVSS7.6AI score0.96666EPSS
Exploits13
Atlassian
Atlassian
added 2026/05/11 11:30 p.m.28 views

DoS (Denial of Service) at org.apache.activemq dependency in Bamboo Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

7.5CVSS5.8AI score0.00896EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/08 7:18 a.m.12 views

GHSA-WG35-8JPF-2XV3 vulnerabilities

Vulnerabilities for packages: nacos-docker, kafbat-ui-fips, apache-nifi-registry, apache-activemq-fips, camunda, camunda-zeebe, nacos, thingsboard, kafbat-ui, apache-activemq...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/05/08 7:18 a.m.12 views

GHSA-6P4F-WCWH-5VVM vulnerabilities

Vulnerabilities for packages: nacos-docker, kafbat-ui-fips, apache-nifi-registry, apache-activemq-fips, camunda, camunda-zeebe, nacos, thingsboard, kafbat-ui, apache-activemq...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/05/08 7:18 a.m.27 views

CVE-2026-22745 vulnerabilities

Vulnerabilities for packages: nacos-docker, kafbat-ui-fips, apache-nifi-registry, apache-activemq-fips, camunda, camunda-zeebe, nacos, thingsboard, kafbat-ui, apache-activemq...

5.3CVSS5.9AI score0.00341EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/08 7:18 a.m.15 views

CVE-2026-22741 vulnerabilities

Vulnerabilities for packages: nacos-docker, kafbat-ui-fips, apache-nifi-registry, apache-activemq-fips, camunda, camunda-zeebe, nacos, thingsboard, kafbat-ui, apache-activemq...

3.1CVSS5.9AI score0.00236EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/05/08 5:39 a.m.105 views

Exploit for Improper Input Validation in Apache Activemq

CVE-2026-34197 — Apache ActiveMQ Classic Jolokia RCE Lab O...

8.8CVSS6.7AI score0.96666EPSS
Exploits13
RedhatCVE
RedhatCVE
added 2026/05/04 9:24 a.m.8 views

CVE-2026-41044

A flaw was found in Apache ActiveMQ. An authenticated attacker can exploit an improper input validation vulnerability in the admin web console to craft a malicious broker name. This malicious name, containing an xbean binding, can be used by a virtual machine VM transport to load a remote Spring...

8.8CVSS6.2AI score0.0098EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/28 11:29 a.m.5 views

CVE-2026-41043

A flaw was found in Apache ActiveMQ and Apache ActiveMQ Web. An authenticated attacker can exploit a Cross-Site Scripting XSS vulnerability by injecting malicious HTML into a Java Message Service JMS selector field and overriding the content type to HTML. This allows the attacker to display...

6.5CVSS5.7AI score0.0056EPSS
Exploits0References5
OSV
OSV
added 2026/04/28 8:37 a.m.4 views

BIT-ACTIVEMQ-2026-40466 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

8.8CVSS8.6AI score0.96666EPSS
Exploits13References2
OSV
OSV
added 2026/04/24 12:30 p.m.3 views

GHSA-W3W2-MPP5-92GM Apache ActiveMQ Vulnerable to Improper Input Validation and Code Injection

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

8.8CVSS7.9AI score0.96666EPSS
Exploits13References3
vulnersOsv
vulnersOsv
added 2026/04/24 12:30 p.m.7 views

org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (>=1.2.0 <=1.3.0) +3 more potentially affected by CVE-2026-41043 via org.apache.activemq:apache-activemq (>=4.1.1 <=5.0.0)

org.apache.activemq:apache-activemq MAVEN version =4.1.1, =1.2.0, =1.1.0, =1.3.0 - org.apache.camel:camel-example-spring =1.2.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2026-41043 Source advisory: OSV:GHSA-2JP3-2923-9H52...

6.5CVSS5.8AI score0.0056EPSS
Exploits0
Rows per page
Query Builder