Exposure of Sensitive Information Through Metadata

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata in the BrokerInfo component. An attacker can obtain sensitive...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data when importing JMS configuration with setJndiEnvironment in AbstractMessageListenerContainer. A user who control the JMS configuration can execute arbitrary code. Note: This vulnerability is a bypass of...

EUVD-2026-31432

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

Apache CXF 安全漏洞

Apache CXF is an open-source web service framework developed by the Apache Foundation in the United States. This framework supports various web service standards and multiple front-end programming APIs. There are security vulnerabilities in Apache CXF; these vulnerabilities arise from incomplete...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JmsBinding.extractBodyFromJms function in camel-jms and it's equivalents in camel-sjms that does not apply any ObjectInputFilter. An attacker can execute arbitrary code by sending a crafted JMS...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JmsBinding.extractBodyFromJms function in camel-jms and it's equivalents in camel-sjms that does not apply any ObjectInputFilter. An attacker can execute arbitrary code by sending a crafted JMS...

GHSA-JG2M-9X48-3GVJ Apache Camel has an incomplete fix for CVE-2025-27636

The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...

be.yildiz-games:module-messaging-activemq (=2.0.0), cn.hutool.v7:hutool-extra (>=7.0.0-M2 <=7.0.0-M5) +157 more potentially affected by CVE-2026-33227 via org.apache.activemq:activemq-client (>=6.0.0 <=6.2.1)

org.apache.activemq:activemq-client MAVEN version =6.0.0, =7.0.0-M2, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =7.0.0, =7.0.0, =7.0.1 and more Source cves: CVE-2026-33227 Source advisory: OSV:GHSA-H2H4-5M64-M273...

org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...

MiracleLinux 8 : parfait:0.5 (AXSA:2022-3020:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3020:01 advisory. log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender CVE-2022-23305 log4j: Unsafe deserialization flaw in Chainsaw l...

EUVD-2016-0608

Malware in sbrugna...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.0 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security Bulletin: IBM MQ is vulnerable to a password disclosure vulnerability.

Summary IBM MQ has addressed a password disclosure vulnerability CVE-2025-36100 Vulnerability Details CVEID:CVE-2025-36100 DESCRIPTION: IBM MQ Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user. CWE:CWE-260: Password in Configurati...

Apache CXF < 3.6.8 / 4.x < 4.0.9 / 4.1.x < 4.1.3 RCE (CVE-2025-48913)

The version of Apache CXF installed on the remote host is affected by remote code execution vulnerability. If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restrict...

IBM WebSphere Application Server Liberty 17.0.0.3 < 25.0.0.9 (7242027)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7242027 advisory. - IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a...

CVE-2025-36124

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration...

CVE-2025-36124

CVE-2025-36124 is described by IBM security bulletins as a vulnerability in IBM WebSphere Liberty/Liberty-based IBM products where a remote attacker could bypass security restrictions due to JMS messaging configuration not being honored. Connected IBM bulletins show affected products/versions and...

CVE-2025-36124 IBM WebSphere Application Server Liberty bypass security

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration...

CVE-2025-36124 IBM WebSphere Application Server Liberty bypass security

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JMS configuration. An attacker with permissions to configure JMS for Apache CXF can achieve remote code execution by supplying malicious RMI or LDAP URLs in the configuration. Details...