Where
-Infinity
0

Trending

Last week
Last month
Last year

Apache ActiveMQ BrokerApache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire)

Risk 37
Severity
5.9
First published (updated )
CVE-2026-49270

Apache ActiveMQApache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default

Risk 83
Severity
8.8
First published (updated )
CVE-2026-49157

Apache ActiveMQ BrokerApache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incomplete authorization during destination removal

Risk 24
Severity
4.3
First published (updated )
CVE-2026-46605

Apache ActiveMQ BrokerApache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass

Risk 83
Severity
8.8
First published (updated )
CVE-2026-45505

Apache ActiveMQ BrokerApache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector

Risk 63
Severity
8.1
First published (updated )
CVE-2026-42588
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache ActiveMQApache ActiveMQ, Apache ActiveMQ Web: HTTP Response Header Injection via JMS Message Properties

Risk 40
Severity
6.1
First published (updated )
CVE-2026-42253

PAN-OS added to KEV, Langflow exploit activity, and a surprising Windows EPSS jump — today's most actionable vulnerability signals [Threat Intel 2026/5/29}

First published (updated )
Social
reddit

Apache ActiveMQApache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia

Risk 83
Severity
8.8
First published (updated )
CVE-2026-41044

Apache ActiveMQApache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues

Risk 42
Severity
6.5
First published (updated )
CVE-2026-41043

Apache ActiveMQ BrokerApache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI

Risk 83
Severity
8.8
First published (updated )
CVE-2026-40466
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

The RegisterCISA tells feds to patch 13-year-old Apache ActiveMQ bug under active attack

Exploited
First published (updated )
News
The Register

maven/org.apache.activemq:apache-activemqApache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incorrect handling of TLSv1.3 KeyUpdate can be exploited to cause DoS via OOM

Risk 46
Severity
7.5
First published (updated )
CVE-2026-39304

CVE-2026-34197: ActiveMQ RCE via Jolokia API

First published (updated )
Social
reddit

maven/org.apache.activemq:activemq-webApache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory

Risk 24
Severity
4.3
First published (updated )
CVE-2026-33227

Apache ActiveMQApache ActiveMQ Improper Input Validation Vulnerability

Risk 95
Severity
8.8
Exploited
Trending
3 Months
First published (updated )
CVE-2026-34197
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache ActiveMQApache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated

Risk 84
Severity
8.8
First published (updated )
CVE-2025-66168

oss-secCVE-2025-66168: Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet maining length field is not properly validated

First published (updated )
https://seclists.org/oss-sec/2026/q1/250

Apache ActiveMQMemory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling …

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2364684

Apache ActiveMQApache ActiveMQ: Unchecked buffer length can cause excessive memory allocation

Risk 65
Severity
6.9
Exploited
First published (updated )
CVE-2025-27533

Apache ActiveMQActiveMQ Content Pack: Cleartext Exposure of Credentials

Risk 24
Severity
6
EPSS
0.04%
First published (updated )
CVE-2024-8689
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

maven/org.apache.activemq:apache-activemqApache ActiveMQ: Jolokia and REST API were not secured with default configuration

Risk 83
Severity
8.8
First published (updated )
CVE-2024-32114

CVE-2024-32114: Apache ActiveMQ: Jolokia and REST API were not secured with default configuration

First published (updated )
https://seclists.org/oss-sec/2024/q2/197

BleepingComputerMagnet Goblin hackers use 1-day flaws to drop custom Linux malware

First published (updated )
News
BleepingComputer

BleepingComputerApache OFBiz RCE flaw exploited to find vulnerable Confluence servers

First published (updated )
News
BleepingComputer

redhat/activemqApache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE

Risk 85
Severity
8.8
First published (updated )
CVE-2022-41678
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

BleepingComputerKinsing malware exploits Apache ActiveMQ RCE to plant rootkits

First published (updated )
News
BleepingComputer

Apache ActiveMQApache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack

Risk 95
Severity
10
Exploited
First published (updated )
CVE-2023-46604

Oracle Communications Unified Inventory ManagementXStream is vulnerable to a Remote Command Execution attack

Risk 86
Severity
9.9
First published (updated )
CVE-2021-21345

Oracle Communications Unified Inventory ManagementXStream can cause a Denial of Service

Risk 45
Severity
7.5
First published (updated )
CVE-2021-21341

Oracle Communications Unified Inventory ManagementA Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Risk 51
Severity
8.6
First published (updated )
CVE-2021-21349
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203