Apache Artemis: Apache ActiveMQ Artemis: Apache Artemis and Apache ActiveMQ Artemis: Unauthorized address creation due to incorrect authorization during JMS topic subscription.

A flaw was found in Apache Artemis and Apache ActiveMQ Artemis. An authenticated user can exploit this incorrect authorization vulnerability by attempting to create a non-durable Java Message Service JMS topic subscription on an address that does not exist. If the user has "createDurableQueue"...

CVE-2026-32642

A flaw was found in Apache Artemis and Apache ActiveMQ Artemis. An authenticated user can exploit this incorrect authorization vulnerability by attempting to create a non-durable Java Message Service JMS topic subscription on an address that does not exist. If the user has "createDurableQueue"...

Exploit for CVE-2023-24012

DDS Security Test This is a ROS 2 DDS security testing enviro...

EUVD-2025-1813

Malicious code in bioql PyPI...

CVE-2025-29756

SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to the user's web browser. The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to. While t...

CVE-2025-29756 MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters

SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to the user's web browser. The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to. While...

VulnCheck KEV: CVE-2021-24827

The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue...

CVE-2025-0681

CVE-2025-0681 concerns New Rock Technologies Cloud Connected Devices. The Cloud MQTT service supports wildcard topic subscriptions, enabling an attacker to tap service communications and potentially obtain sensitive information. Documented impact is information disclosure via local access to the ...

ROS-20230403-14

The ZeroMQ asynchronous messaging library vulnerability is related to causing a stack buffer overflow on the server by sending specially crafted topic subscription requests and then unsubscribing. Exploitation of the of the vulnerability could allow an attacker acting remotely to cause a denial o...

SUSE CVE-2021-20236

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as...

CVE-2023-22600

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. An...

Unspecified Vulnerability in ZeroMQ

ZeroMQ is a lightweight distributed messaging engine core library . A security vulnerability exists in ZeroMQ server versions prior to 4.3.3, which stems from a vulnerability that allows a malicious client to cause a stack buffer overflow on the server by sending a carefully crafted topic...

CVE-2021-20236

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as...

CVE-2021-20236

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as...

PT-2021-8015 · Zeromq +2 · Zeromq +2

Name of the Vulnerable Software and Affected Versions: ZeroMQ versions prior to 4.3.3 Description: A flaw in the ZeroMQ server allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. This poses a threat to...

ZeroMQ 缓冲区错误漏洞

ZeroMQ is a lightweight distributed messaging engine core library . A security vulnerability exists in ZeroMQ server versions prior to 4.3.3, which stems from a vulnerability that allows a malicious client to cause a stack buffer overflow on the server by sending a carefully crafted topic...

CVE-2021-20236

A flaw was found in the ZeroMQ server. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system...