Lucene search
+L

49 matches found

IBM Security Bulletins
IBM Security Bulletins
added 3 days ago3 views

Security Bulletin: Multiple vulnerabilities found in CICS Transaction Gateway Desktop Edition.

Summary Multiple vulnerabilities have been found in CICS Transaction Gateway Desktop Edition due to the use of Apache Tomcat Embed, Spring Web MVC, Spring Boot, Spring Core, Spring Context, SnakeYAML, Spring Beans, Logback Classic and Logback Core. The Apache Tomcat Embed, Spring Web MVC, Spring...

8.1CVSS7.1AI score0.05666EPSS
Exploits4Affected Software1
Nuclei
Nuclei
added 6 days ago27 views

Apache ActiveMQ - Remote Code Execution

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

8.8CVSS7.2AI score0.96666EPSS
Exploits14References3
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.11 views

CVE-2026-42588

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

8.1CVSS6.2AI score0.00546EPSS
Exploits2References1
Snyk
Snyk
added 2026/06/01 10:29 a.m.8 views

Improper Input Validation

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Improper Input Validation over the /api/jolokia MBeans interface. A user can execute arbitrary code on the broker's JVM by invoking operations with...

8.8CVSS7.1AI score0.96666EPSS
Exploits14References2
Snyk
Snyk
added 2026/06/01 10:29 a.m.9 views

Improper Input Validation

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Improper Input Validation over the /api/jolokia MBeans interface. A user can execute arbitrary code on the broker's...

8.8CVSS7AI score0.96666EPSS
Exploits14References2
Snyk
Snyk
added 2026/06/01 10:29 a.m.7 views

Improper Input Validation

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Improper Input Validation through the addNetworkConnector function exposed via the Jolokia JMX-HTTP bridge. An attacker can achieve arbitrary code...

8.6CVSS6.2AI score0.00546EPSS
Exploits2References2
Snyk
Snyk
added 2026/06/01 10:29 a.m.8 views

Improper Input Validation

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Improper Input Validation through the addNetworkConnector function exposed via the Jolokia JMX-HTTP bridge. An...

8.6CVSS6.2AI score0.00546EPSS
Exploits2References2
NVD
NVD
added 2026/06/01 9:16 a.m.18 views

CVE-2026-45505

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

8.8CVSS0.00577EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 9:16 a.m.22 views

UBUNTU-CVE-2026-45505

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

8.8CVSS6.6AI score0.96666EPSS
Exploits14References5
Cvelist
Cvelist
added 2026/06/01 7:23 a.m.49 views

CVE-2026-42588 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

0.00546EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.22 views

PT-2026-45376

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.7 Apache ActiveMQ Broker versions 6.0.0 through 6.2.5 Apache ActiveMQ All versions prior to 5.19.7 Apache ActiveMQ All versions 6.0.0 through 6.2.5 Apache ActiveMQ versions prior to 5.19.7 Apache...

8.8CVSS6AI score0.00577EPSS
Exploits0References23
Veracode
Veracode
added 2026/05/04 9:41 a.m.19 views

Improper Input Validation

org.apache.activemq, activemq-broker is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation in HTTP Discovery transport handling, which allows an authenticated attacker to bypass previous fixes and exploit broker configuration loading to execute arbitrary...

8.8CVSS7.7AI score0.04783EPSS
Exploits14References6Affected Software3
Github Security Blog
Github Security Blog
added 2026/04/24 12:30 p.m.11 views

Apache ActiveMQ Vulnerable to Improper Input Validation and Code Injection

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

8.8CVSS7.9AI score0.96666EPSS
Exploits14References3Affected Software3
OSV
OSV
added 2026/04/24 12:30 p.m.6 views

GHSA-MR6M-XJ7V-3CV3 Apache ActiveMQ Vulnerable to Code Injection

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...

8.8CVSS6.4AI score0.0098EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/24 11:18 a.m.5 views

Arbitrary Code Injection

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Arbitrary Code Injection in the DestinationView MBean exposed by Jolokia. An attacker can achieve arbitrary code...

8.8CVSS6.5AI score0.0098EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/24 11:18 a.m.6 views

Arbitrary Code Injection

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Arbitrary Code Injection over the /api/jolokia MBeans interface. A user can execute arbitrary code on the broker's...

8.8CVSS7.7AI score0.04783EPSS
Exploits14References2
NVD
NVD
added 2026/04/24 11:16 a.m.8 views

CVE-2026-40466

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

8.8CVSS0.04783EPSS
Exploits14References4
Debian CVE
Debian CVE
added 2026/04/24 10:16 a.m.18 views

CVE-2026-41044

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...

8.8CVSS6.6AI score0.0098EPSS
Exploits0
EUVD
EUVD
added 2026/04/24 10:15 a.m.7 views

EUVD-2026-25410

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

8.8CVSS6.5AI score0.96666EPSS
Exploits14References1
Debian CVE
Debian CVE
added 2026/04/24 10:15 a.m.8 views

CVE-2026-40466

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

8.8CVSS6.6AI score0.04783EPSS
Exploits14
Rows per page
Query Builder