205 matches found
CVE-2026-33045
Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable cross-site scripting, simila...
Cross-site Scripting (XSS)
Overview home-assistant-frontend is a The Home Assistant frontend Affected versions of this package are vulnerable to Cross-site Scripting XSS via the History-graph card in the history graph display component. An attacker can execute arbitrary JavaScript in a victim’s browser by supplying a...
EUVD-2026-16775
Home Assistant has stored XSS in history-graphs...
CVE-2026-33045
Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable cross-site scripting, simila...
CVE-2026-33045
Home Assistant CVE-2026-33045 is a stored XSS vulnerability in the Energy dashboard triggered by an energy entity name. Affected versions are 2025.02 through 2026.00.x (prior to 2026.01); it is fixed in 2026.01. The issue arises when entity names containing HTML are rendered in graph tooltips, en...
BIT-ACTIVEMQ-2025-66168 Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated
WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://vulners.com/cve/CVE-2026-40046 Original Report: Apache ActiveMQ...
Linux Distros Unpatched Vulnerability : CVE-2025-66168
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details:...
Apache ActiveMQ < 5.19.2 / 6.0.x < 6.1.9 / 6.2.0 MQTT Control Packet Validation Vulnerability (CVE-2025-66168)
The version of Apache ActiveMQ running on the remote host is prior to 5.19.2, 6.0.x prior to 6.1.9, or 6.2.0. It is, therefore, affected by a vulnerability: - Apache ActiveMQ does not properly validate the remaining length field in MQTT control packets which may lead to an integer overflow during...
Integer Overflow or Wraparound
Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Integer Overflow or Wraparound when decoding malformed MQTT packets, due to improper validation of the Remaining Length. An attacker can cause the...
EUVD-2025-208266
Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overflow occurs, ActiveMQ may incorrectly compute the total Remaining Length and subsequently misinterpret the payload as multiple MQTT...
GHSA-C825-6PH3-4H84 Apache ActiveMQ is Vulnerable to Integer Overflow or Wraparound
Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overflow occurs, ActiveMQ may incorrectly compute the total Remaining Length and subsequently misinterpret the payload as multiple MQTT...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound when decoding malformed MQTT packets, due to improper validation of the Remaining Length. An attacker can cause the broker to misinterpret payloads as multiple MQTT control packets by sending malicious...
Apache ActiveMQ is Vulnerable to Integer Overflow or Wraparound
Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overflow occurs, ActiveMQ may incorrectly compute the total Remaining Length and subsequently misinterpret the payload as multiple MQTT...
CVE-2025-66168
WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://vulners.com/cve/CVE-2026-40046 Original Report: Apache ActiveMQ...
DEBIAN-CVE-2025-66168
WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://vulners.com/cve/CVE-2026-40046 Original Report: Apache ActiveMQ...
CVE-2025-66168
Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overflow occurs, ActiveMQ may incorrectly compute the total Remaining Length and subsequently misinterpret the payload as multiple MQTT...
CVE-2025-66168
WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://vulners.com/cve/CVE-2026-40046 Original Report: Apache ActiveMQ...
UBUNTU-CVE-2025-66168
WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://vulners.com/cve/CVE-2026-40046 Original Report: Apache ActiveMQ...
CVE-2025-66168
Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overflow occurs, ActiveMQ may incorrectly compute the total Remaining Length and subsequently misinterpret the payload as multiple MQTT...
CVE-2025-66168 Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated
WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://vulners.com/cve/CVE-2026-40046 Original Report: Apache ActiveMQ...