Lucene search
K

1415 matches found

Vulnrichment
Vulnrichment
added 2026/05/12 2:33 p.m.9 views

CVE-2026-8111

SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...

8.8CVSS6.2AI score0.00883EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 2:33 p.m.10 views

CVE-2026-8111

CVE-2026-8111 describes an SQL injection in the web console of Ivanti Endpoint Manager prior to 2024 SU6. The vulnerability allows a remote authenticated attacker to achieve remote code execution via the web console, as indicated by the description and CVSS metrics (High, 8.8). Affected product: ...

8.8CVSS6.2AI score0.00883EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/12 2:33 p.m.26 views

CVE-2026-8111

SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...

8.8CVSS0.00883EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:33 p.m.11 views

CVE-2026-8111

SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...

8.8CVSS6.2AI score0.00883EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-40044

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU6 Description SQL injection in the web console allows a remote authenticated attacker to achieve remote code execution. SQL injection is a type of flaw where an attacker can interfere with the...

8.8CVSS6.2AI score0.00883EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Ivanti Endpoint Manager(EPM) SQL注入漏洞

Ivanti Endpoint Manager EPM is a set of endpoint security managers developed by the American company Ivanti. Versions of Ivanti Endpoint Manager prior to EPM 2024 SU6 contained a SQL injection vulnerability. This vulnerability stemmed from SQL injections in the web console, and could allow remote...

8.8CVSS6AI score0.00883EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.10 views

RHCOS 3 : OpenShift Container Platform 3.10 atomic-openshift-web-console (RHSA-2019:2552)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:2552 advisory. - xterm.js: Mishandling of special characters allows for remote code execution CVE-2019-0542 Note that Nessus has not tested for this issue b...

8.8CVSS6.5AI score0.03178EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.13 views

RHCOS 3 : OpenShift Container Platform 3.11 (RHSA-2019:1851)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1851 advisory. - web-console: XSS in OAuth server /oauth/token/request endpoint CVE-2019-3876 - jenkins-plugin-token-macro: XML External Entity...

7.5CVSS5.8AI score0.10606EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.7 views

RHCOS 3 : OpenShift Container Platform 3.9 atomic-openshift-web-console (RHSA-2019:2551)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:2551 advisory. - xterm.js: Mishandling of special characters allows for remote code execution CVE-2019-0542 Note that Nessus has not tested for this issue b...

8.8CVSS6.5AI score0.03178EPSS
Exploits0References5
Veracode
Veracode
added 2026/05/04 8:5 p.m.15 views

Cross-site Scripting (XSS)

org.apache.activemq, activemq-web is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of script-related HTML content in the web console, which allows an attacker to inject and execute malicious HTML/JavaScript by manipulating content type and JMS selecto...

6.5CVSS5.9AI score0.0056EPSS
Exploits0References3Affected Software4
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.6 views

RHCOS 3 : OpenShift Container Platform 3.11 atomic-openshift-web-console (RHSA-2019:1422)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:1422 advisory. - xterm.js: Mishandling of special characters allows for remote code execution CVE-2019-0542 Note that Nessus has not tested for this issue b...

8.8CVSS7.7AI score0.03178EPSS
Exploits0References5
OSV
OSV
added 2026/04/28 8:37 a.m.4 views

BIT-ACTIVEMQ-2026-41043 Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML instead of XML and by injecting...

6.5CVSS5.3AI score0.0056EPSS
Exploits0References3
Fedora
Fedora
added 2026/04/28 1:14 a.m.13 views

[SECURITY] Fedora 42 Update: cockpit-357-2.fc42

The Cockpit Web Console enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more...

9.8CVSS5.2AI score0.142EPSS
Exploits3
Github Security Blog
Github Security Blog
added 2026/04/24 12:30 p.m.9 views

Apache ActiveMQ Vulnerable to Cross-site Scripting

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML instead of XML and by injecting...

6.5CVSS5.8AI score0.0056EPSS
Exploits0References4Affected Software3
Snyk
Snyk
added 2026/04/24 11:18 a.m.7 views

Cross-site Scripting (XSS)

Overview org.apache.activemq:activemq-web is a message broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the JMS selector field in the web console. An attacker can display malicious content in the browser by injecting HTML and...

6.5CVSS5.5AI score0.0056EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/24 11:18 a.m.10 views

org.apache.activemq:activemq-osgi (>=6.0.0 <=6.2.3), org.apache.activemq:activemq-web-console (>=6.0.0 <=6.2.3) +2 more potentially affected by CVE-2026-41043 via org.apache.activemq:activemq-web (>=6.0.0 <=6.2.3)

org.apache.activemq:activemq-web MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.3 Source cves: CVE-2026-41043 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-16323116...

6.5CVSS5.8AI score0.0056EPSS
Exploits0
NVD
NVD
added 2026/04/24 11:16 a.m.4 views

CVE-2026-41043

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML instead of XML and by injecting...

6.5CVSS0.0056EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/24 10:16 a.m.5 views

CVE-2026-41043 Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML instead of XML and by injecting...

5.2AI score0.0056EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 10:16 a.m.4 views

CVE-2026-41043

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML instead of XML and by injecting...

5.2AI score0.0056EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/04/24 10:16 a.m.19 views

CVE-2026-41043

CVE-2026-41043 describes an XSS vulnerability in Apache ActiveMQ and Apache ActiveMQ Web. An authenticated attacker can cause the web console queues page to render HTML content by overriding the content type from XML to HTML and injecting HTML into a JMS selector field, leading to basic HTML/scri...

6.5CVSS5.3AI score0.0056EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder