CVE-2026-49157
- EPSS 0.42%
- Veröffentlicht 01.06.2026 09:16:20
- Zuletzt bearbeitet 01.06.2026 17:09:59
Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin (low-privilege) web-login accounts access to Jo...
CVE-2026-46605
- EPSS 0.34%
- Veröffentlicht 01.06.2026 09:16:19
- Zuletzt bearbeitet 01.06.2026 17:07:51
Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing destinations with proper permissions. This issue affects Apache ActiveMQ Broker: before 5.19.7, from 6.0.0 befo...
CVE-2026-45505
- EPSS 0.58%
- Veröffentlicht 01.06.2026 09:16:19
- Zuletzt bearbeitet 01.06.2026 17:09:40
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as `masterslave:vm://...,...` and `static:...
CVE-2026-42588
- EPSS 0.55%
- Veröffentlicht 01.06.2026 09:16:19
- Zuletzt bearbeitet 01.06.2026 17:06:00
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the w...
CVE-2026-42253
- EPSS 1.11%
- Veröffentlicht 01.06.2026 09:16:18
- Zuletzt bearbeitet 01.06.2026 17:06:34
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response he...
CVE-2026-41044
- EPSS 0.98%
- Veröffentlicht 24.04.2026 10:16:53
- Zuletzt bearbeitet 30.06.2026 03:19:23
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious...
CVE-2026-41043
- EPSS 0.56%
- Veröffentlicht 24.04.2026 10:16:23
- Zuletzt bearbeitet 27.04.2026 14:49:24
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the conte...
CVE-2026-40466
- EPSS 4.78%
- Veröffentlicht 24.04.2026 10:15:44
- Zuletzt bearbeitet 30.06.2026 03:19:18
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connecto...
CVE-2026-39304
- EPSS 0.9%
- Veröffentlicht 10.04.2026 10:54:04
- Zuletzt bearbeitet 30.06.2026 03:19:04
Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a...
CVE-2026-40046
- EPSS 0.38%
- Veröffentlicht 09.04.2026 17:16:31
- Zuletzt bearbeitet 13.04.2026 15:02:27
Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 (and future 5.1...