Lucene search
K

1417 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/24 10:16 a.m.4 views

CVE-2026-41043

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML instead of XML and by injecting...

5.2AI score0.0056EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/04/24 10:16 a.m.20 views

CVE-2026-41043

CVE-2026-41043 describes an XSS vulnerability in Apache ActiveMQ and Apache ActiveMQ Web. An authenticated attacker can cause the web console queues page to render HTML content by overriding the content type from XML to HTML and injecting HTML into a JMS selector field, leading to basic HTML/scri...

6.5CVSS5.3AI score0.0056EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

Apache ActiveMQ和Apache ActiveMQ Web 跨站脚本漏洞

Apache ActiveMQ and Apache ActiveMQ Web are products of the Apache Foundation in the United States. Apache ActiveMQ is an open-source messaging middleware that supports Java Message Service, clustering, Spring Framework, etc. Apache ActiveMQ Web is a web-based control component that provides...

6.5CVSS5.7AI score0.0056EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.8 views

PT-2026-34871

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.6 Apache ActiveMQ versions 6.0.0 through 6.2.4 Apache ActiveMQ Web versions prior to 5.19.6 Apache ActiveMQ Web versions 6.0.0 through 6.2.4 Description An authenticated attacker can display malicious...

6.5CVSS6AI score0.0056EPSS
Exploits0References29
vulnersOsv
vulnersOsv
added 2026/04/10 12:31 p.m.10 views

com.espertech:esperio-springjms (=9.0.0), org.apache.activemq.tooling:activemq-maven-plugin (>=6.0.0 <=6.2.3) +5 more potentially affected by CVE-2026-39304 via org.apache.activemq:activemq-all (>=6.0.0 <=6.2.3)

org.apache.activemq:activemq-all MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.3 Source cves: CVE-2026-39304 Source advisory: OSV:GHSA-5568-6QCG-G7FX...

7.5CVSS5.8AI score0.00896EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.4 views

Apache ActiveMQ < 5.19.3 / 5.19.4, 6.x < 6.2.2 / 6.2.3 Classpath Path Traversal

The version of Apache ActiveMQ running on the remote host is prior to 5.19.3 / 5.19.4 or 6.x prior to 6.2.2 / 6.2.3. It is, therefore, affected by an improper validation and restriction of classpath path name vulnerability: - An authenticated user could exploit path concatenation to traverse the...

4.3CVSS5.8AI score0.00419EPSS
Exploits0References2
OSV
OSV
added 2026/04/09 8:36 a.m.1 views

BIT-ACTIVEMQ-2026-33227 Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

4.3CVSS5.7AI score0.00419EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/07 9:31 a.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a Stomp consumer and while browsing messages in the Web console. An attacker can access unauthorized classpath resources by...

5.3CVSS6.3AI score0.00419EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 9:31 a.m.3 views

Directory Traversal

Overview org.apache.activemq:activemq-client is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a...

5.3CVSS6.3AI score0.00419EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 9:31 a.m.5 views

Directory Traversal

Overview org.apache.activemq:activemq-web is a message broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a Stomp consumer and while browsing message...

5.3CVSS6.3AI score0.00419EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/07 9:31 a.m.9 views

Apache ActiveMQ: Improper validation and restriction of a classpath path name

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

4.3CVSS5.8AI score0.00419EPSS
Exploits0References4Affected Software4
vulnersOsv
vulnersOsv
added 2026/04/07 9:31 a.m.9 views

com.espertech:esperio-springjms (=9.0.0), org.apache.activemq.tooling:activemq-maven-plugin (>=6.0.0 <=6.2.1) +5 more potentially affected by CVE-2026-33227 via org.apache.activemq:activemq-all (>=6.0.0 <=6.2.1)

org.apache.activemq:activemq-all MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.1 Source cves: CVE-2026-33227 Source advisory: OSV:GHSA-H2H4-5M64-M273...

4.3CVSS5.8AI score0.00419EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/07 9:31 a.m.12 views

org.apache.activemq:activemq-osgi (>=6.0.0 <=6.2.1), org.apache.activemq:activemq-web-console (>=6.0.0 <=6.2.1) +2 more potentially affected by CVE-2026-33227 via org.apache.activemq:activemq-web (>=6.0.0 <=6.2.1)

org.apache.activemq:activemq-web MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.1 Source cves: CVE-2026-33227 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15930950...

4.3CVSS5.8AI score0.00419EPSS
Exploits0
OSV
OSV
added 2026/04/07 9:31 a.m.3 views

GHSA-H2H4-5M64-M273 Apache ActiveMQ: Improper validation and restriction of a classpath path name

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

4.3CVSS5.7AI score0.00419EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/07 7:50 a.m.1 views

CVE-2026-33227 Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

5.7AI score0.00419EPSS
Exploits0References1
CVE
CVE
added 2026/04/07 7:50 a.m.35 views

CVE-2026-33227

CVE-2026-33227 affects Apache ActiveMQ family (Client, Broker, All, Web) via an improper validation and restriction of classpath path name. In two contexts (creating a Stomp consumer and browsing Web console messages), an authenticated user could craft a key to traverse the classpath due to path ...

4.3CVSS5.8AI score0.00419EPSS
Exploits0References2Affected Software3
Debian CVE
Debian CVE
added 2026/04/07 7:50 a.m.2 views

CVE-2026-33227

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

4.3CVSS5.3AI score0.00419EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/04/07 12:0 a.m.5 views

CVE-2026-33227

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

4.3CVSS5.7AI score0.00419EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-33227

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache Active...

4.3CVSS5.9AI score0.00419EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/06 9:19 p.m.2 views

CVE-2026-22675 OCS Inventory NG Server Stored XSS via User-Agent

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

5.4CVSS6AI score0.00218EPSS
Exploits0References3
Rows per page
Query Builder