CVE-2026-49434
- EPSS 0.4%
- Veröffentlicht 30.06.2026 09:55:29
- Zuletzt bearbeitet 02.07.2026 18:43:25
Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied tr...
CVE-2026-49432
- EPSS 0.52%
- Veröffentlicht 30.06.2026 09:54:38
- Zuletzt bearbeitet 02.07.2026 18:43:35
Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-leng...
CVE-2026-49877
- EPSS 0.39%
- Veröffentlicht 30.06.2026 09:53:42
- Zuletzt bearbeitet 02.07.2026 18:42:59
Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-privilege Web Console user by default can access /admin/* paths in the Web Console. The default Jetty settings incorrectly did not limit those paths to only admins. This i...
CVE-2026-50734
- EPSS 0.52%
- Veröffentlicht 30.06.2026 09:53:03
- Zuletzt bearbeitet 02.07.2026 18:40:36
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large si...
CVE-2026-50750
- EPSS 0.5%
- Veröffentlicht 30.06.2026 09:51:57
- Zuletzt bearbeitet 02.07.2026 18:42:47
Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands ...
CVE-2026-52760
- EPSS 0.26%
- Veröffentlicht 30.06.2026 09:50:30
- Zuletzt bearbeitet 02.07.2026 18:42:09
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an...
CVE-2026-53916
- EPSS 0.52%
- Veröffentlicht 30.06.2026 09:49:55
- Zuletzt bearbeitet 02.07.2026 18:42:03
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker ...
CVE-2026-53917
- EPSS 0.52%
- Veröffentlicht 30.06.2026 09:49:17
- Zuletzt bearbeitet 02.07.2026 18:41:55
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encode...
CVE-2026-54475
- EPSS 0.38%
- Veröffentlicht 30.06.2026 09:48:28
- Zuletzt bearbeitet 02.07.2026 18:41:49
Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this ...
CVE-2026-49270
- EPSS 0.33%
- Veröffentlicht 01.06.2026 09:16:20
- Zuletzt bearbeitet 01.06.2026 17:09:45
Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurableSubs set to true, are vulnerable to an unauthentic...