Lucene search
K

393 matches found

ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-58409

ChurchCRM is an open-source church management system. Prior to version 7.4.0, an authenticated administrator can achieve Remote Code Execution RCE on the server by installing a malicious plugin ZIP archive containing a PHP webshell. The application explicitly includes 'php' in its ALLOWEDEXTENSIO...

9.1CVSS6.2AI score0.00456EPSS
Exploits0References2Affected Software1
OSV
OSV
added 5 days ago2 views

CVE-2026-56329 Capgo - Cross-Tenant Preview Namespace Collision via Non-Bijective Underscore Decoding

Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused by non-bijective decoding of double underscores to dots in preview hostname parsing. Attackers can register app IDs with underscores that collide with other tenants' dotted app IDs, causing preview...

5.3CVSS6.1AI score0.00237EPSS
Exploits0References4
NVD
NVD
added 2026/07/08 8:16 p.m.6 views

CVE-2026-58252

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset...

6.5CVSS0.00465EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/08 7:46 p.m.37 views

CVE-2026-58252 NATS Server: Subscribe Authz Bypass via Wildcard-Overlap

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset...

6.5CVSS0.00465EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.9 views

PT-2026-56564

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.0 NATS Server versions prior to 2.12.7 NATS Server versions prior to 2.11.16 Description An authenticated user can receive messages on denied subjects. This occurs when a wildcard subscription overlaps with a...

6.5CVSS6.1AI score0.00465EPSS
Exploits0References13
OSV
OSV
added 2026/07/06 5:47 a.m.4 views

BIT-ACTIVEMQ-2026-49434 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: LdapNetworkConnector instantiates denied transports and a remote-properties broker

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS5.9AI score0.00659EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-49434

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entrie...

7.5CVSS6AI score0.00659EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/30 5:33 p.m.13 views

CVE-2026-49434

A flaw was found in Apache ActiveMQ. An attacker with privileges to publish or modify entries in Lightweight Directory Access Protocol LDAP can exploit an improper input validation vulnerability. This allows the attacker to instantiate denied transports within the broker's Java Virtual Machine JV...

7.6CVSS5.6AI score0.00659EPSS
Exploits0References4
NVD
NVD
added 2026/06/30 11:16 a.m.7 views

CVE-2026-49434

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS0.00659EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:16 a.m.5 views

DEBIAN-CVE-2026-49434

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS5.7AI score0.00659EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 11:16 a.m.5 views

UBUNTU-CVE-2026-49434

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS5.7AI score0.00659EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 9:55 a.m.15 views

CVE-2026-49434

CVE-2026-49434 is an Improper Input Validation vulnerability affecting Apache ActiveMQ Broker, ActiveMQ, and ActiveMQ All. An attacker with permission to publish/modify LDAP entries (matching configured searchBase/searchFilter) can instantiate denied transports inside the broker JVM, enabling ret...

7.5CVSS5.7AI score0.00659EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/06/30 9:55 a.m.41 views

CVE-2026-49434 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: LdapNetworkConnector instantiates denied transports and a remote-properties broker

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

0.00659EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 9:55 a.m.2 views

CVE-2026-49434 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: LdapNetworkConnector instantiates denied transports and a remote-properties broker

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS5.9AI score0.00659EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/30 9:55 a.m.8 views

CVE-2026-49434

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS5.7AI score0.00659EPSS
Exploits0References2Affected Software3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53839

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.8 Apache ActiveMQ Broker versions 6.0.0 through 6.2.6 Apache ActiveMQ versions prior to 5.19.8 Apache ActiveMQ versions 6.0.0 through 6.2.6 Apache ActiveMQ All versions prior to 5.19.8 Apache...

7.5CVSS5.9AI score0.00659EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/06/25 6:47 p.m.7 views

keycloak-policy-enforcer: Keycloak Policy Enforcer: Authorization bypass via incorrect URI comparison

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS5.7AI score0.00301EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.5 views

keycloak-policy-enforcer: Keycloak Policy Enforcer: Authorization bypass via incorrect URI comparison

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS5.7AI score0.00301EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 5:17 p.m.11 views

CVE-2026-9800

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS0.00301EPSS
Exploits0References7
CVE
CVE
added 2026/06/25 4:16 p.m.15 views

CVE-2026-9800

CVE-2026-9800 affects Keycloak Policy Enforcer. The issue allows any authenticated user to bypass authorization checks (roles, scopes, UMA) by leveraging the configured access-denied page path in the request URL, either as a path segment or a query parameter. Root cause described in records as an...

8.1CVSS5.8AI score0.00301EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder