BIT-ACTIVEMQ-2026-40466 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

CVE-2026-40466

CVE-2026-40466 affects Apache ActiveMQ components (Broker, All, and ActiveMQ) with vulnerable versions prior to 5.19.6 and 6.0.0–6.2.4/6.2.5 before patch. The issue is due to improper input validation and code injection: an authenticated attacker can bypass CVE-34197 by adding a network connector...

CVE-2025-68660

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, an endpoint lets any authenticated user bypass the aidiscoverpersona access controls and gain ongoing DM access to personas that may be wired to staff-only categories, RAG document set...

CVE-2019-20890

An issue was discovered in Mattermost Server before 5.7. It allows a bypass of e-mail address discovery restrictions...

CVE-2015-0357

CVE-2015-0357 is an Adobe Flash Player memory-discovery flaw that bypasses ASLR by improperly restricting memory address access. Affected are Windows/macOS: 13.0.0.281 and 14.x–17.x before 17.0.0.169; Linux: before 11.2.202.457. Root cause: insecure handling of memory addresses enabling ASLR bypa...