CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

266 matches found

CVE•added 2026/04/07 7:50 a.m.•18 views

CVE-2026-33227

CVE-2026-33227 affects Apache ActiveMQ family (Client, Broker, All, Web) via an improper validation and restriction of classpath path name. In two contexts (creating a Stomp consumer and browsing Web console messages), an authenticated user could craft a key to traverse the classpath due to path ...

4.3CVSS5.8AI score0.00077EPSS

Exploits0References2Affected Software3

Cvelist•added 2026/04/07 7:50 a.m.•20 views

CVE-2026-33227 Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

0.00077EPSS

Exploits0References1

Debian CVE•added 2026/04/07 7:50 a.m.•1 views

CVE-2026-33227

4.3CVSS5.3AI score0.00077EPSS

Exploits0

Positive Technologies•added 2026/04/07 12:0 a.m.•4 views

PT-2026-30804

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Client versions prior to 5.19.3, from 6.0.0 through 6.2.2 Apache ActiveMQ Broker versions prior to 5.19.3, from 6.0.0 through 6.2.2 Apache ActiveMQ All versions prior to 5.19.3, from 6.0.0 through 6.2.2 Description An improper...

4.3CVSS5.9AI score0.00077EPSS

Exploits0References13

UbuntuCve•added 2026/04/07 12:0 a.m.•0 views

CVE-2026-33227

4.3CVSS5.7AI score0.00077EPSS

Exploits0References3

Tenable Nessus•added 2026/04/07 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2026-33227

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache Active...

4.3CVSS5.8AI score0.00077EPSS

Exploits0References4

SUSE CVE•added 2026/03/07 12:27 a.m.•3 views

SUSE CVE-2026-0848

NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of...

10CVSS6.7AI score0.00307EPSS

Exploits3References3

OSV•added 2026/03/05 9:16 p.m.•5 views

PYSEC-2026-99

10CVSS6.6AI score0.00307EPSS

Exploits3References1

NVD•added 2026/03/05 9:16 p.m.•5 views

CVE-2026-0848

10CVSS0.00307EPSS

Exploits3References1

OSV•added 2026/03/05 9:16 p.m.•4 views

UBUNTU-CVE-2026-0848

10CVSS6.7AI score0.00307EPSS

Exploits3References6

UbuntuCve•added 2026/03/05 9:16 p.m.•1 views

CVE-2026-0848

10CVSS8AI score0.00307EPSS

Exploits3References5

Vulnrichment•added 2026/03/05 8:48 p.m.•2 views

CVE-2026-0848 Arbitrary Code Execution in NLTK StanfordSegmenter via Untrusted JAR Loading

10CVSS8AI score0.00307EPSS

Exploits3References1

Veracode•added 2026/02/21 5:2 a.m.•4 views

Arbitrary Code Execution

logback-core is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to unsafe configuration file processing that allows instantiation of arbitrary classes present on the application classpath, where an attacker with write access to the logback configuration file can cause malicio...

1.8CVSS5.9AI score0.00014EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2026/01/22 12:31 p.m.•8 views

Logback allows an attacker to instantiate classes already present on the class path

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

1.8CVSS5.6AI score0.00014EPSS

Exploits0References5Affected Software1

OSV•added 2026/01/22 12:31 p.m.•1 views

GHSA-QQPG-MVQG-649V Logback allows an attacker to instantiate classes already present on the class path

1.8CVSS5.8AI score0.00014EPSS

Exploits0References5

UbuntuCve•added 2026/01/22 10:16 a.m.•3 views

CVE-2026-1225

1.8CVSS5.9AI score0.00014EPSS

Exploits0References2

OSV•added 2026/01/22 10:16 a.m.•1 views

UBUNTU-CVE-2026-1225

1.8CVSS5.8AI score0.00014EPSS

Exploits0References3

CVE•added 2026/01/22 9:24 a.m.•274 views

CVE-2026-1225

CVE-2026-1225 affects logback-core (up to and including 1.5.24) used in Java applications. The issue enables an attacker to instantiate arbitrary classes present on the user’s class path by compromising an existing logback configuration file. Exploitation requires the attacker to have write acces...

1.8CVSS5.5AI score0.00014EPSS

Exploits0References1

Cvelist•added 2026/01/12 4:47 a.m.•18 views

CVE-2025-69275 Spectrum outdated java library in class-path

Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier...

7.1CVSS0.00054EPSS

Exploits0References1