Lucene search
K

8 matches found

OSV
OSV
added 2026/06/24 1:12 p.m.4 views

OESA-2026-2724 activemq security update

The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies...

8.8CVSS6.5AI score0.01107EPSS
Exploits2References7
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.9 views

CVE-2026-46605

A flaw was found in Apache ActiveMQ server. An authenticated attacker with proper permissions could exploit an incomplete authorization vulnerability to remove existing destinations. This could lead to a Denial of Service DoS by disrupting message delivery and processing. Mitigation Mitigation fo...

6.5CVSS5.6AI score0.00335EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/01 10:29 a.m.9 views

Improper Authorization

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Improper Authorization due to incomplete authorization checks in the destination removal process. An attacker can...

6.5CVSS5.4AI score0.00335EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 9:16 a.m.21 views

CVE-2026-49157

Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...

8.8CVSS0.00424EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 7:23 a.m.56 views

EUVD-2026-33577

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

8.1CVSS6.4AI score0.00546EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/06/01 7:22 a.m.68 views

CVE-2026-45505 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

0.00577EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 7:20 a.m.14 views

EUVD-2026-33574

Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...

8.8CVSS5.8AI score0.00424EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.20 views

PT-2026-45369

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.7 Apache ActiveMQ versions 6.0.0 through 6.2.5 Apache ActiveMQ Web versions prior to 5.19.7 Apache ActiveMQ Web versions 6.0.0 through 6.2.5 Description An improper neutralization of input during web page...

6.1CVSS5.8AI score0.01107EPSS
Exploits1References25
Rows per page
Query Builder