GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: trivy-operator-fips, argocd-image-updater, fscrypt, frankenphp-8.4, knative-serving, opentofu, tekton-pipelines, flux-source-controller-fips, zarf-fips, nerdctl, docker-machine-driver-harvester, trivy, calico-fips, terraform, knative-kafka-broker-fips, trivy-operator...

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: trivy-operator-fips, argocd-image-updater, fscrypt, mapotf, terraform-provider-tls-fips, age-fips, crossplane-provider-azure-relay, falcoctl-fips, frankenphp-8.4, guac, knative-serving, crossplane-provider-azure-spring, flux-source-controller-fips,...

GHSA-89GR-R52H-F8RX vulnerabilities

Vulnerabilities for packages: trivy-operator-fips, argocd-image-updater, fscrypt, mapotf, terraform-provider-tls-fips, guac, crossplane-provider-azure-relay, falcoctl-fips, frankenphp-8.4, knative-serving, opentofu, crossplane-provider-azure-spring, flux-source-controller-fips,...

Apache ActiveMQ 6.x < 6.1.2 - Broken Access Control

Apache ActiveMQ 6.x contains an unauthenticated API web context caused by default configuration lacking security measures in the Jetty server, letting anyone interact with broker APIs and messaging layers, exploit requires no authentication. id: CVE-2024-32114 info: name: Apache ActiveMQ 6.x 6.1....

CVE-2026-44393

A flaw was found in OpenStack oslo.messaging. The RabbitMQ driver does not properly verify the hostname of the message broker when establishing a TLS Transport Layer Security connection. An attacker capable of intercepting control-plane network traffic can exploit this vulnerability to impersonat...

FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation

A Russian-speaking initial access broker IAB driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as FortiBleed that has targeted over 430,000 FortiGate firewalls globally. The campaign, active since February 2026, involves collecting credential...

ROOT-APP-MAVEN-CVE-2026-41044 CVE-2026-41044 in io.root.org.apache.activemq:activemq-broker - Patched by Root

Root has patched CVE-2026-41044 in the io.root.org.apache.activemq:activemq-broker package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-41043 CVE-2026-41043 in io.root.org.apache.activemq:activemq-broker - Patched by Root

Root has patched CVE-2026-41043 in the io.root.org.apache.activemq:activemq-broker package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-34197 CVE-2026-34197 in io.root.org.apache.activemq:activemq-broker - Patched by Root

Root has patched CVE-2026-34197 in the io.root.org.apache.activemq:activemq-broker package for Root:Maven. Multiple fixed versions available...

GHSA-PHWJ-RPRQ-35PP vulnerabilities

Vulnerabilities for packages: pact-broker-docker, logstash-fips, ruby3.3-rails, ruby4.0-rails, pact-broker-docker-fips, ruby3.4-rails, kube-logging-operator, logstash, ruby3.2-rails...

GHSA-WFPW-MMFH-QQ69 vulnerabilities

Vulnerabilities for packages: pact-broker-docker, logstash-fips, ruby3.3-rails, ruby4.0-rails, pact-broker-docker-fips, ruby3.4-rails, kube-logging-operator, logstash, ruby3.2-rails...

GHSA-9CV2-CFXC-V4V2 vulnerabilities

Vulnerabilities for packages: pact-broker-docker, logstash-fips, ruby3.3-rails, ruby4.0-rails, pact-broker-docker-fips, ruby3.4-rails, kube-logging-operator, logstash, ruby3.2-rails...

GHSA-P67V-3W7G-WJG7 vulnerabilities

Vulnerabilities for packages: pact-broker-docker, logstash-fips, ruby3.3-rails, ruby4.0-rails, pact-broker-docker-fips, ruby3.4-rails, kube-logging-operator, logstash, ruby3.2-rails...

GHSA-8678-W3JW-XFC2 vulnerabilities

Vulnerabilities for packages: pact-broker-docker, logstash-fips, ruby3.3-rails, ruby4.0-rails, pact-broker-docker-fips, ruby3.4-rails, kube-logging-operator, logstash, ruby3.2-rails...

GHSA-5V8H-3H3Q-446P vulnerabilities

Vulnerabilities for packages: pact-broker-docker, logstash-fips, ruby3.3-rails, ruby4.0-rails, pact-broker-docker-fips, ruby3.4-rails, kube-logging-operator, logstash, ruby3.2-rails...

GHSA-5PRR-V3J2-97MH vulnerabilities

Vulnerabilities for packages: pact-broker-docker, logstash-fips, ruby3.3-rails, ruby4.0-rails, pact-broker-docker-fips, ruby3.4-rails, kube-logging-operator, logstash, ruby3.2-rails...

GHSA-WJV4-X9W8-WM3H vulnerabilities

Vulnerabilities for packages: pact-broker-docker, logstash-fips, ruby3.3-rails, ruby4.0-rails, pact-broker-docker-fips, ruby3.4-rails, kube-logging-operator, logstash, ruby3.2-rails...

CVE-2026-34023

The CVE-2026-34023 issue affects Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) and is caused by an incorrect authorization in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with low-privilege branch credentials can manipulat...

CVE-2026-54412

CVE-2026-54412 affects LiamBindle MQTT-C up to v1.1.6. The vulnerability is a heap-based out-of-bounds read and integer underflow in mqtt_unpack_publish_response() (src/mqtt.c). A broker-controlled or injected PUBLISH packet can allow a remote unauthenticated attacker to crash a subscribed MQTT-C...

CVE-2026-48059 vulnerabilities

Vulnerabilities for packages: celeborn, hono, tez, management-api-for-apache-cassandra-5.0, pinot-fips, apache-pulsar-fips, request-9047-keycloak-fips, neo4j, knative-kafka-broker-fips, apicurio-registry, knative-kafka-broker, apache-hop, apache-pulsar, zipkin, thingsboard, apache-activemq-artemi...