CVE-2026-40453 Apache Camel JMS, Apache Camel CoAP, Apache Camel Google PubSub: Incomplete fix for CVE-2025-27636 in non-HTTP HeaderFilterStrategies (camel-jms, camel-sjms, camel-coap, camel-google-pubsub) allows case-variant header injection

The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...

RLSA-2026:5146 Important: yggdrasil security update

yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child "worker" process, exchanging data with its worker processes through a D-Bus message broker. Security Fixes: crypto/x509: golang: Denial of Service due to...

EUVD-2021-19504

Malware in sbrugna...

EUVD-2022-52713

Malicious code in bioql PyPI...

CVE-2025-9161

A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. This flaw enables the loading of remote Mosquito plugins, which can be used to achieve remote code execution...

CVE-2025-54465 Hard-coded Credentials Vulnerability in ZKTeco WL20

This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve the hard-coded MQTT...

Azure Linux 3.0 Security Update: rabbitmq-server (CVE-2023-46118)

The version of rabbitmq-server installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-46118 advisory. - RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP reque...

ROS-20240402-18

A vulnerability in the multiprotocol messaging and streaming broker RabbitMQ is related to a HTTP API's lack of restriction on HTTP request body size, which made it vulnerable to very large messages. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of...

The vulnerabilities of the federation components and the RabbitMQ messaging broker allow attackers to compromise data integrity.

The vulnerability of the federation components and the RabbitMQ messaging broker components is related to the improper implementation of user input processing. Exploiting this vulnerability allows an attacker to compromise data integrity...

Code injection

RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker link state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions...

CVE-2022-31008

RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker link state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions...

The vulnerability of the Dynamic Security plugin of the Mosquitto messaging broker allows a hacker to gain access to confidential data.

The vulnerability of the Dynamic Security plugin of the Mosquitto messaging broker is related to improper authentication. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to confidential data...

MGASA-2021-0390 Updated rabbitmq-server packages fix security vulnerabilities

Updated rabbitmq-server packages fix security vulnerabilities: RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP...

CVE-2021-32719

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the rabbitmqfederationmanagement plugin, its consumer tag was rendered without proper...

CVE-2021-32718

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper...

CVE-2021-32718

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the...

CVE-2021-32718

RabbitMQ CVE-2021-32718 affects rabbitmq-server

The vulnerability of the Eclipse Mosquitto messaging broker, related to authentication process flaws, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Eclipse Mosquitto messaging broker is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an intruder, operating remotely, to gain unauthorized access to protected information...

CVE-2019-3845

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite or Capsule can use this fla...