CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

42 matches found

Apache ActiveMQ - Remote Code Execution

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

8.8CVSS7.2AI score0.83461EPSS

Exploits11References3

NVD•added 3 days ago•8 views

CVE-2026-45505

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

8.8CVSS0.001EPSS

Exploits0References2

OSV•added 3 days ago•5 views

UBUNTU-CVE-2026-45505

8.8CVSS6.6AI score0.83461EPSS

Exploits11References5

Cvelist•added 3 days ago•26 views

CVE-2026-42588 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

0.00056EPSS

Exploits0References1

Positive Technologies•added 3 days ago•8 views

PT-2026-45376

8.8CVSS6.4AI score0.001EPSS

Exploits0References4

Veracode•added 2026/05/04 9:41 a.m.•10 views

Improper Input Validation

org.apache.activemq, activemq-broker is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation in HTTP Discovery transport handling, which allows an authenticated attacker to bypass previous fixes and exploit broker configuration loading to execute arbitrary...

8.8CVSS7.7AI score0.83461EPSS

Exploits11References3Affected Software3

OSV•added 2026/04/24 12:30 p.m.•1 views

GHSA-MR6M-XJ7V-3CV3 Apache ActiveMQ Vulnerable to Code Injection

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...

8.8CVSS6.4AI score0.00073EPSS

Exploits0References4

Github Security Blog•added 2026/04/24 12:30 p.m.•6 views

Apache ActiveMQ Vulnerable to Improper Input Validation and Code Injection

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

8.8CVSS7.9AI score0.83461EPSS

Exploits11References3Affected Software3

Snyk•added 2026/04/24 11:18 a.m.•1 views

Arbitrary Code Injection

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Arbitrary Code Injection in the DestinationView MBean exposed by Jolokia. An attacker can achieve arbitrary code...

8.8CVSS6.5AI score0.00073EPSS

Exploits0References2

Snyk•added 2026/04/24 11:18 a.m.•2 views

Arbitrary Code Injection

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Arbitrary Code Injection over the /api/jolokia MBeans interface. A user can execute arbitrary code on the broker's...

8.8CVSS7.7AI score0.18014EPSS

Exploits0References2

NVD•added 2026/04/24 11:16 a.m.•2 views

CVE-2026-40466

8.8CVSS0.18014EPSS

Exploits0References1

Debian CVE•added 2026/04/24 10:16 a.m.•2 views

CVE-2026-41044

8.8CVSS6.6AI score0.00073EPSS

Exploits0

Debian CVE•added 2026/04/24 10:15 a.m.•3 views

CVE-2026-40466

8.8CVSS6.6AI score0.18014EPSS

Exploits0

EUVD•added 2026/04/24 10:15 a.m.•2 views

EUVD-2026-25410

8.8CVSS6.5AI score0.83461EPSS

Exploits11References1

Vulnrichment•added 2026/04/24 10:15 a.m.•1 views

CVE-2026-40466 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI

8.6AI score0.83461EPSS

Exploits11References1

CVE•added 2026/04/24 10:15 a.m.•25 views

CVE-2026-40466

CVE-2026-40466 affects Apache ActiveMQ components (Broker, All, and ActiveMQ) with vulnerable versions prior to 5.19.6 and 6.0.0–6.2.4/6.2.5 before patch. The issue is due to improper input validation and code injection: an authenticated attacker can bypass CVE-34197 by adding a network connector...

8.8CVSS8.6AI score0.18014EPSS

In wildExploits0References1Affected Software1

RedhatCVE•added 2026/04/07 6:16 p.m.•2 views

CVE-2026-34197

A flaw was found in Apache ActiveMQ Broker and Apache ActiveMQ. An authenticated attacker can exploit this vulnerability by sending a specially crafted discovery Uniform Resource Identifier URI to the Jolokia JMX-HTTP bridge, which is exposed on the web console. This allows the attacker to bypass...

8.8CVSS6.5AI score0.83461EPSS

Exploits11References6

EUVD•added 2026/04/07 9:31 a.m.•1 views

EUVD-2026-19588

8.8CVSS6.6AI score0.83461EPSS

Exploits11References3

OSV•added 2026/04/07 9:31 a.m.•2 views

GHSA-RXPJ-7QVF-XV32 Authenticated Apache ActiveMQ Broker and Apache ActiveMQ users could perform RCE via Jolokia MBeans

8.8CVSS7.8AI score0.83461EPSS

Exploits11References5

NVD•added 2026/04/07 9:16 a.m.•3 views

CVE-2026-34197