Where
-Infinity
0

Trending

Last week
Last month
Last year

Apache ActiveMQApache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia

Risk 83
Severity
8.8
First published (updated )
CVE-2026-41044

Apache ActiveMQApache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues

Risk 42
Severity
6.5
First published (updated )
CVE-2026-41043

Apache ActiveMQ BrokerApache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI

Risk 83
Severity
8.8
First published (updated )
CVE-2026-40466

The RegisterCISA tells feds to patch 13-year-old Apache ActiveMQ bug under active attack

Exploited
First published (updated )
News
The Register

maven/org.apache.activemq:apache-activemqApache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incorrect handling of TLSv1.3 KeyUpdate can be exploited to cause DoS via OOM

Risk 46
Severity
7.5
First published (updated )
CVE-2026-39304
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

CVE-2026-34197: ActiveMQ RCE via Jolokia API

First published (updated )
Social
reddit

maven/org.apache.activemq:activemq-webApache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory

Risk 24
Severity
4.3
First published (updated )
CVE-2026-33227

Apache ActiveMQApache ActiveMQ Improper Input Validation Vulnerability

Risk 95
Severity
8.8
Exploited
Trending
3 Months
First published (updated )
CVE-2026-34197

Apache ActiveMQApache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated

Risk 84
Severity
8.8
First published (updated )
CVE-2025-66168

oss-secCVE-2025-66168: Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet maining length field is not properly validated

First published (updated )
https://seclists.org/oss-sec/2026/q1/250
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache ActiveMQMemory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling …

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2364684

Apache ActiveMQApache ActiveMQ: Unchecked buffer length can cause excessive memory allocation

Risk 65
Severity
6.9
Exploited
First published (updated )
CVE-2025-27533

Apache ActiveMQActiveMQ Content Pack: Cleartext Exposure of Credentials

Risk 24
Severity
6
EPSS
0.04%
First published (updated )
CVE-2024-8689

maven/org.apache.activemq:apache-activemqApache ActiveMQ: Jolokia and REST API were not secured with default configuration

Risk 83
Severity
8.8
First published (updated )
CVE-2024-32114

CVE-2024-32114: Apache ActiveMQ: Jolokia and REST API were not secured with default configuration

First published (updated )
https://seclists.org/oss-sec/2024/q2/197
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

BleepingComputerMagnet Goblin hackers use 1-day flaws to drop custom Linux malware

First published (updated )
News
BleepingComputer

BleepingComputerApache OFBiz RCE flaw exploited to find vulnerable Confluence servers

First published (updated )
News
BleepingComputer

redhat/activemqApache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE

Risk 85
Severity
8.8
First published (updated )
CVE-2022-41678

BleepingComputerKinsing malware exploits Apache ActiveMQ RCE to plant rootkits

First published (updated )
News
BleepingComputer

Apache ActiveMQApache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack

Risk 95
Severity
10
Exploited
First published (updated )
CVE-2023-46604
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Oracle Communications Unified Inventory ManagementXStream is vulnerable to a Remote Command Execution attack

Risk 86
Severity
9.9
First published (updated )
CVE-2021-21345

Oracle Communications Unified Inventory ManagementXStream can cause a Denial of Service

Risk 45
Severity
7.5
First published (updated )
CVE-2021-21341

Oracle Communications Unified Inventory ManagementA Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Risk 51
Severity
8.6
First published (updated )
CVE-2021-21349

Oracle Communications Unified Inventory ManagementXStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights

Risk 45
Severity
7.5
First published (updated )
CVE-2021-21343

Oracle Communications Unified Inventory ManagementA Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Risk 69
Severity
9.1
First published (updated )
CVE-2021-21342
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Oracle Communications Unified Inventory ManagementXStream is vulnerable to an Arbitrary Code Execution attack

Risk 89
Severity
9.8
First published (updated )
CVE-2021-21350

Oracle Communications Unified Inventory ManagementXStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)

Risk 46
Severity
7.8
First published (updated )
CVE-2021-21348

Oracle Communications Unified Inventory ManagementXStream is vulnerable to an Arbitrary Code Execution attack

Risk 89
Severity
9.8
First published (updated )
CVE-2021-21346

Oracle Communications Unified Inventory ManagementXStream is vulnerable to an Arbitrary Code Execution attack

Risk 89
Severity
9.8
First published (updated )
CVE-2021-21347

Oracle Communications Unified Inventory ManagementXStream is vulnerable to an Arbitrary Code Execution attack

Risk 89
Severity
9.8
First published (updated )
CVE-2021-21344
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203