CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/03 9:55 a.m.•3 views

OESA-2026-2127 activemq security update

The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: 'Severity: low \n\nAffected versions:\n\n- Apache ActiveMQ Client org.apache.activemq:activemq-client before 5.19.3\n- Apache ActiveMQ Client org.apache.activemq:activemq-client 6.0.0 before...

OSV•added 2026/05/03 9:55 a.m.•4 views

OESA-2026-2126 activemq security update

OSV•added 2026/05/03 9:55 a.m.•4 views

OESA-2026-2125 activemq security update

OSV•added 2026/05/03 9:55 a.m.•4 views

OESA-2026-2124 activemq security update

Snyk•added 2026/04/30 6:17 a.m.•7 views

Use of Password Hash Instead of Password for Authentication

Overview org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users. Affected versions of this package are vulnerable to Use of Password Hash Instead of Password for Authentication through the...

6.5CVSS5.8AI score0.00174EPSS

Exploits0References3

Tenable Nessus•added 2026/04/10 12:0 a.m.•4 views

Apache ActiveMQ < 5.19.3 / 5.19.4, 6.x < 6.2.2 / 6.2.3 Classpath Path Traversal

The version of Apache ActiveMQ running on the remote host is prior to 5.19.3 / 5.19.4 or 6.x prior to 6.2.2 / 6.2.3. It is, therefore, affected by an improper validation and restriction of classpath path name vulnerability: - An authenticated user could exploit path concatenation to traverse the...

4.3CVSS5.8AI score0.00419EPSS

OSV•added 2026/04/09 8:36 a.m.•0 views

BIT-ACTIVEMQ-2026-33227 Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

4.3CVSS5.7AI score0.00419EPSS

Exploits0References3

RedhatCVE•added 2026/04/07 5:28 p.m.•3 views

CVE-2026-33227

A flaw was found in Apache ActiveMQ Client, Apache ActiveMQ Broker and Apache ActiveMQ All. A path traversal vulnerability, specifically an improper limitation of a pathname to a restricted directory, allows an authenticated user to manipulate input to traverse the classpath of the application,...

4.3CVSS5.8AI score0.00419EPSS

Exploits0References5

EUVD•added 2026/04/07 9:31 a.m.•5 views

EUVD-2026-19586

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated user provided "key" value could be...

4.3CVSS5.8AI score0.00419EPSS

Exploits0References3

Snyk•added 2026/04/07 9:31 a.m.•2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a Stomp consumer and while browsing messages in the Web console. An attacker can access unauthorized classpath resources by...

5.3CVSS6.3AI score0.00419EPSS

Snyk•added 2026/04/07 9:31 a.m.•1 views

Directory Traversal

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a...

5.3CVSS6.3AI score0.00419EPSS