Lucene search
K

205 matches found

RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.5 views

CVE-2026-33045

Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable cross-site scripting, simila...

9.3CVSS5.8AI score0.00519EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/27 8:35 p.m.3 views

Cross-site Scripting (XSS)

Overview home-assistant-frontend is a The Home Assistant frontend Affected versions of this package are vulnerable to Cross-site Scripting XSS via the History-graph card in the history graph display component. An attacker can execute arbitrary JavaScript in a victim’s browser by supplying a...

8.8CVSS5.9AI score0.00202EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/27 8:35 p.m.5 views

EUVD-2026-16775

Home Assistant has stored XSS in history-graphs...

8.8CVSS5.9AI score0.00202EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 7:39 p.m.2 views

CVE-2026-33045

Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable cross-site scripting, simila...

9.3CVSS5.8AI score0.00519EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/27 7:39 p.m.8 views

CVE-2026-33045

Home Assistant CVE-2026-33045 is a stored XSS vulnerability in the Energy dashboard triggered by an energy entity name. Affected versions are 2025.02 through 2026.00.x (prior to 2026.01); it is fixed in 2026.01. The issue arises when entity names containing HTML are rendered in graph tooltips, en...

8.8CVSS5.8AI score0.00202EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/06 8:36 a.m.6 views

BIT-ACTIVEMQ-2025-66168 Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated

WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://vulners.com/cve/CVE-2026-40046 Original Report: Apache ActiveMQ...

8.8CVSS5.8AI score0.0078EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-66168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details:...

8.8CVSS5.7AI score0.0078EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.5 views

Apache ActiveMQ < 5.19.2 / 6.0.x < 6.1.9 / 6.2.0 MQTT Control Packet Validation Vulnerability (CVE-2025-66168)

The version of Apache ActiveMQ running on the remote host is prior to 5.19.2, 6.0.x prior to 6.1.9, or 6.2.0. It is, therefore, affected by a vulnerability: - Apache ActiveMQ does not properly validate the remaining length field in MQTT control packets which may lead to an integer overflow during...

8.8CVSS6.2AI score0.0078EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/04 9:31 a.m.1 views

Integer Overflow or Wraparound

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Integer Overflow or Wraparound when decoding malformed MQTT packets, due to improper validation of the Remaining Length. An attacker can cause the...

8.8CVSS5.8AI score0.0078EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/04 9:31 a.m.3 views

EUVD-2025-208266

Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overflow occurs, ActiveMQ may incorrectly compute the total Remaining Length and subsequently misinterpret the payload as multiple MQTT...

5.4CVSS6AI score0.0078EPSS
Exploits0References3
OSV
OSV
added 2026/03/04 9:31 a.m.6 views

GHSA-C825-6PH3-4H84 Apache ActiveMQ is Vulnerable to Integer Overflow or Wraparound

Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overflow occurs, ActiveMQ may incorrectly compute the total Remaining Length and subsequently misinterpret the payload as multiple MQTT...

5.4CVSS5.9AI score0.0078EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/04 9:31 a.m.3 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound when decoding malformed MQTT packets, due to improper validation of the Remaining Length. An attacker can cause the broker to misinterpret payloads as multiple MQTT control packets by sending malicious...

8.8CVSS5.8AI score0.0078EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/04 9:31 a.m.9 views

Apache ActiveMQ is Vulnerable to Integer Overflow or Wraparound

Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overflow occurs, ActiveMQ may incorrectly compute the total Remaining Length and subsequently misinterpret the payload as multiple MQTT...

8.8CVSS6AI score0.0078EPSS
Exploits0References6Affected Software3
NVD
NVD
added 2026/03/04 9:15 a.m.9 views

CVE-2025-66168

WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://vulners.com/cve/CVE-2026-40046 Original Report: Apache ActiveMQ...

8.8CVSS0.0078EPSS
Exploits0References4
OSV
OSV
added 2026/03/04 9:15 a.m.4 views

DEBIAN-CVE-2025-66168

WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://vulners.com/cve/CVE-2026-40046 Original Report: Apache ActiveMQ...

8.8CVSS5.7AI score0.0078EPSS
Exploits0References1
OSV
OSV
added 2026/03/04 9:15 a.m.4 views

CVE-2025-66168

Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overflow occurs, ActiveMQ may incorrectly compute the total Remaining Length and subsequently misinterpret the payload as multiple MQTT...

8.8CVSS5.8AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/04 9:15 a.m.3 views

CVE-2025-66168

WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://vulners.com/cve/CVE-2026-40046 Original Report: Apache ActiveMQ...

8.8CVSS6.1AI score0.0078EPSS
Exploits0References3
OSV
OSV
added 2026/03/04 9:15 a.m.3 views

UBUNTU-CVE-2025-66168

WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://vulners.com/cve/CVE-2026-40046 Original Report: Apache ActiveMQ...

8.8CVSS6.1AI score0.0078EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/04 8:45 a.m.4 views

CVE-2025-66168

Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overflow occurs, ActiveMQ may incorrectly compute the total Remaining Length and subsequently misinterpret the payload as multiple MQTT...

5.4CVSS6AI score0.0078EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 2026/03/04 8:45 a.m.30 views

CVE-2025-66168 Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated

WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://vulners.com/cve/CVE-2026-40046 Original Report: Apache ActiveMQ...

5.4CVSS0.0078EPSS
Exploits0References3
Rows per page
Query Builder