CVE-2026-41044
- EPSS 0.1%
- Veröffentlicht 24.04.2026 10:16:53
- Zuletzt bearbeitet 27.04.2026 14:49:13
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious...
CVE-2026-40466
- EPSS 0.11%
- Veröffentlicht 24.04.2026 10:15:44
- Zuletzt bearbeitet 27.04.2026 12:23:15
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connecto...
CVE-2026-33227
- EPSS 0.04%
- Veröffentlicht 07.04.2026 07:50:58
- Zuletzt bearbeitet 20.04.2026 16:50:36
Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances (when creating a Stomp consumer and also b...
CVE-2026-34197
- EPSS 5.6%
- Veröffentlicht 07.04.2026 07:50:10
- Zuletzt bearbeitet 16.04.2026 19:59:38
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The defau...