Lucene search
K

39 matches found

EUVD
EUVD
added 2026/04/24 10:16 a.m.10 views

EUVD-2026-25412

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...

8.8CVSS6.5AI score0.0098EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/24 10:16 a.m.30 views

CVE-2026-41044 Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...

0.0098EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/24 10:15 a.m.29 views

CVE-2026-40466 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

0.04783EPSS
Exploits13References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 10:15 a.m.5 views

CVE-2026-40466

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

8.8CVSS8.6AI score0.96666EPSS
Exploits13References2Affected Software3
CVE
CVE
added 2026/04/24 10:15 a.m.92 views

CVE-2026-40466

CVE-2026-40466 affects Apache ActiveMQ components (Broker, All, and ActiveMQ) with vulnerable versions prior to 5.19.6 and 6.0.0–6.2.4/6.2.5 before patch. The issue is due to improper input validation and code injection: an authenticated attacker can bypass CVE-34197 by adding a network connector...

8.8CVSS8.6AI score0.96666EPSS
In wildExploits13References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-41044

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All...

8.8CVSS7.8AI score0.0098EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.8 views

Apache多款产品 输入验证错误漏洞

Apache ActiveMQ, among others, is a product of the Apache Foundation in the United States. Apache ActiveMQ is an open-source messaging middleware. Apache ActiveMQ Broker is a enterprise-level messaging proxy middleware that supports multiple protocols. Apache ActiveMQ All is a complete messaging...

8.8CVSS6.2AI score0.0098EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/14 8:44 p.m.127 views

Exploit for CVE-2026-34197

CVE-2026-34197 — Apache ActiveMQ Classic RCE via Jolokia API...

8.8CVSS8.1AI score0.96666EPSS
Exploits13
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.27 views

Apache ActiveMQ < 5.19.4 / 6.x < 6.2.3 Improper Input Validation Code Injection

The version of Apache ActiveMQ running on the remote host is prior to 5.19.4 or 6.x prior to 6.2.3. It is, therefore, affected by an improper input validation and code injection vulnerability: - ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ with a default access policy tha...

8.8CVSS7.2AI score0.96666EPSS
Exploits13References2
GithubExploit
GithubExploit
added 2026/04/08 8:7 p.m.149 views

Exploit for CVE-2026-34197

CVE-2026-34197 — Apache ActiveMQ RCE vía Jolokia API Descr...

10CVSS6.9AI score0.99654EPSS
Exploits43
Github Security Blog
Github Security Blog
added 2026/04/07 9:31 a.m.10 views

Authenticated Apache ActiveMQ Broker and Apache ActiveMQ users could perform RCE via Jolokia MBeans

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

8.8CVSS7.8AI score0.96666EPSS
Exploits13References5Affected Software2
OSV
OSV
added 2026/04/07 9:16 a.m.3 views

UBUNTU-CVE-2026-34197

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

8.8CVSS7.8AI score0.96666EPSS
Exploits13References5
CVE
CVE
added 2026/04/07 7:50 a.m.87 views

CVE-2026-34197

The CVE-2026-34197 issue affects Apache ActiveMQ products (Broker, All, and Core) before 5.19.4 and before 6.2.3 (6.0.0–6.2.3 range). The root cause is improper input validation and insecure control of code generation via the Jolokia JMX-HTTP bridge, which can be abused to load a remote Spring XM...

8.8CVSS6.6AI score0.96666EPSS
In wildExploits13References6Affected Software2
Debian CVE
Debian CVE
added 2026/04/07 7:50 a.m.4 views

CVE-2026-34197

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

8.8CVSS8.7AI score0.96666EPSS
Exploits13
Cvelist
Cvelist
added 2026/04/07 7:50 a.m.33 views

CVE-2026-34197 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

0.96666EPSS
Exploits13References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

Apache ActiveMQ 安全漏洞

Apache ActiveMQ Broker is an open source message broker and integration pattern server . A security vulnerability exists in Apache ActiveMQ Broker. The vulnerability stems from the Jolokia JMX-HTTP bridge default policy that allows exec operations on MBeans, which can be exploited by an attacker ...

8.8CVSS7AI score0.96666EPSS
Exploits13References2
UbuntuCve
UbuntuCve
added 2026/04/07 12:0 a.m.5 views

CVE-2026-34197

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

8.8CVSS7.4AI score0.96666EPSS
Exploits13References4
vulnersOsv
vulnersOsv
added 2019/01/25 4:18 p.m.5 views

cloud.altemista.fwk.integration:cloud-altemistafwk-core-integration-ws-conf (>=3.0.0.RELEASE <=3.0.1.RELEASE), com.antheminc.oss:nimbus-starter (>=1.3.0 <=1.3.2.M1) +520 more potentially affected by CVE-2019-3773 via org.springframework.ws:spring-xml (>=3.0.0.RELEASE <=3.0.5.RELEASE)

org.springframework.ws:spring-xml MAVEN version =3.0.0.RELEASE, =3.0.0.RELEASE, =1.3.0, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.3.3 - com.coherentlogic.cmr.api:cmr-api-core =2.0.3-RELEASE - com.coherentlogic.cmr.api:cmr-api-core-boot =2.0.3-RELEASE -...

9.8CVSS7.1AI score0.0411EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2019/01/25 4:18 p.m.6 views

com.ahome-it:ahome-tooling-server-core (>=1.0.83-RC1 <=1.1.36-RELEASE), com.ahome-it:ahome-tooling-server-hazelcast (>=1.0.88-RC1 <=1.1.27-RELEASE) +684 more potentially affected by CVE-2019-3773 via org.springframework.ws:spring-xml (>=1.0-m2 <=2.4.3.RELEASE)

org.springframework.ws:spring-xml MAVEN version =1.0-m2, =1.0.83-RC1, =1.0.88-RC1, =1.0.83-RC1, =1.1.0-RELEASE, =1.0.83-RC1, =1.0.83-RC1, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.2.0.M5 - com.coherentlogic.cmr.api:cmr-api-core =2.0.2.1-RELEASE - com.coherentlogic.cmr.api:cmr-api-core-bo...

9.8CVSS7.1AI score0.0411EPSS
Exploits0
Rows per page
Query Builder