CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2026/05/18 12:21 p.m.•5 views

c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects

A flaw was found in c3p0, a Java Database Connectivity JDBC Connection pooling library. This vulnerability allows an attacker to achieve arbitrary code execution by providing maliciously crafted Java-serialized objects or javax.naming.Reference instances. By manipulating the userOverridesAsString...

8.9CVSS7.8AI score0.00313EPSS

Exploits0References9

OSV•added 2026/05/03 9:55 a.m.•3 views

OESA-2026-2127 activemq security update

The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: 'Severity: low \n\nAffected versions:\n\n- Apache ActiveMQ Client org.apache.activemq:activemq-client before 5.19.3\n- Apache ActiveMQ Client org.apache.activemq:activemq-client 6.0.0 before...

OSV•added 2026/05/03 9:55 a.m.•2 views

OESA-2026-2126 activemq security update

OSV•added 2026/05/03 9:55 a.m.•2 views

OESA-2026-2125 activemq security update

OSV•added 2026/05/03 9:55 a.m.•2 views

OESA-2026-2124 activemq security update

Snyk•added 2026/04/30 6:17 a.m.•5 views

Use of Password Hash Instead of Password for Authentication

Overview org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users. Affected versions of this package are vulnerable to Use of Password Hash Instead of Password for Authentication through the...

6.5CVSS5.8AI score0.00126EPSS

Exploits0References3

Tenable Nessus•added 2026/04/10 12:0 a.m.•2 views

Apache ActiveMQ < 5.19.3 / 5.19.4, 6.x < 6.2.2 / 6.2.3 Classpath Path Traversal

The version of Apache ActiveMQ running on the remote host is prior to 5.19.3 / 5.19.4 or 6.x prior to 6.2.2 / 6.2.3. It is, therefore, affected by an improper validation and restriction of classpath path name vulnerability: - An authenticated user could exploit path concatenation to traverse the...

OSV•added 2026/04/09 8:36 a.m.•0 views

BIT-ACTIVEMQ-2026-33227 Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

4.3CVSS5.7AI score0.00077EPSS

Exploits0References3

RedhatCVE•added 2026/04/07 5:28 p.m.•1 views

CVE-2026-33227

A flaw was found in Apache ActiveMQ Client, Apache ActiveMQ Broker and Apache ActiveMQ All. A path traversal vulnerability, specifically an improper limitation of a pathname to a restricted directory, allows an authenticated user to manipulate input to traverse the classpath of the application,...

EUVD•added 2026/04/07 9:31 a.m.•2 views

Exploits0References5

EUVD-2026-19586

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated user provided "key" value could be...

Snyk•added 2026/04/07 9:31 a.m.•1 views

Exploits0References3

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a Stomp consumer and while browsing messages in the Web console. An attacker can access unauthorized classpath resources by...

5.3CVSS6.3AI score0.00077EPSS

OSV•added 2026/04/07 9:31 a.m.•1 views

GHSA-H2H4-5M64-M273 Apache ActiveMQ: Improper validation and restriction of a classpath path name

4.3CVSS5.7AI score0.00077EPSS

Exploits0References4

Github Security Blog•added 2026/04/07 9:31 a.m.•3 views

Apache ActiveMQ: Improper validation and restriction of a classpath path name

Exploits0References4Affected Software4

Snyk•added 2026/04/07 9:31 a.m.•1 views

Directory Traversal

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a...

5.3CVSS6.3AI score0.00077EPSS

OSV•added 2026/04/07 9:16 a.m.•2 views

DEBIAN-CVE-2026-33227

4.3CVSS5.3AI score0.00077EPSS

Exploits0References1

NVD•added 2026/04/07 9:16 a.m.•1 views

CVE-2026-33227

4.3CVSS0.00077EPSS

OSV•added 2026/04/07 9:16 a.m.•1 views

UBUNTU-CVE-2026-33227

4.3CVSS5.7AI score0.00077EPSS

Exploits0References4

CVE•added 2026/04/07 7:50 a.m.•17 views

CVE-2026-33227

CVE-2026-33227 affects Apache ActiveMQ family (Client, Broker, All, Web) via an improper validation and restriction of classpath path name. In two contexts (creating a Stomp consumer and browsing Web console messages), an authenticated user could craft a key to traverse the classpath due to path ...