| CVE-2026-41044 | Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia | Apache Software Foundation | Apache ActiveMQ | - | - | 2026-04-24 10:16:54 | Deep Dive |
| CVE-2026-41043 | Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues | Apache Software Foundation | Apache ActiveMQ | - | - | 2026-04-24 10:16:24 | Deep Dive |
| CVE-2026-40466 | Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI | Apache Software Foundation | Apache ActiveMQ Broker | - | - | 2026-04-24 10:15:44 | Deep Dive |
| CVE-2026-39304 | Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incorrect handling of TLSv1.3 KeyUpdate can be exploited to cause DoS via OOM | Apache Software Foundation | Apache ActiveMQ Client | 高危 | - | 2026-04-10 10:54:04 | Deep Dive |
| CVE-2026-40046 | Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT: Missing fix for CVE-2025-66168: MQTT control packet remaining length field is not properly validated | Apache Software Foundation | Apache ActiveMQ | - | - | 2026-04-09 15:58:33 | Deep Dive |
| CVE-2026-33227 | Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory | Apache Software Foundation | Apache ActiveMQ Client | - | - | 2026-04-07 07:50:59 | Deep Dive |
| CVE-2026-34197 | Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans | Apache Software Foundation | Apache ActiveMQ Broker | - | - | 2026-04-07 07:50:11 | Deep Dive |
| CVE-2026-32642 | Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission | Apache Software Foundation | Apache Artemis | 中危 | - | 2026-03-24 07:53:45 | Deep Dive |
| CVE-2026-27446 | Apache Artemis, Apache ActiveMQ Artemis: Auth bypass for Core downstream federation | Apache Software Foundation | Apache Artemis | 超危 | - | 2026-03-04 08:48:48 | Deep Dive |
| CVE-2025-66168 | Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated | Apache Software Foundation | Apache ActiveMQ | Medium | 5.4 | 2026-03-04 08:45:01 | Deep Dive |
| CVE-2025-58712 | Amq: privilege escalation via excessive /etc/passwd permissions | apache | activemq-artemis | Medium | 6.4 | 2025-10-22 18:19:07 | Deep Dive |
| CVE-2025-54539 | Apache ActiveMQ NMS AMQP Client: Deserialization of Untrusted Data | Apache Software Foundation | Apache ActiveMQ NMS AMQP Client | - | - | 2025-10-16 08:26:07 | Deep Dive |
| CVE-2025-27533 | Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation | Apache Software Foundation | Apache ActiveMQ | - | - | 2025-05-07 08:59:00 | Deep Dive |
| CVE-2025-29953 | Apache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass | Apache Software Foundation | Apache ActiveMQ NMS OpenWire Client | 中危 | - | 2025-04-18 15:23:32 | Deep Dive |
| CVE-2025-27391 | Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log | Apache Software Foundation | Apache ActiveMQ Artemis | 中危 | - | 2025-04-09 14:42:33 | Deep Dive |
| CVE-2025-27427 | Apache ActiveMQ Artemis: Address routing-type can be updated by user without the createAddress permission | Apache Software Foundation | Apache ActiveMQ Artemis | 中危 | - | 2025-04-01 07:27:00 | Deep Dive |
| CVE-2023-50780 | Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans | Apache Software Foundation | Apache ActiveMQ Artemis | - | - | 2024-10-14 16:03:38 | Deep Dive |
| CVE-2024-8689 | ActiveMQ Content Pack: Cleartext Exposure of Credentials | Palo Alto Networks | ActiveMQ Content Pack | - | - | 2024-09-11 16:42:16 | Deep Dive |
| CVE-2024-32114 | Apache ActiveMQ: Jolokia and REST API were not secured with default configuration | Apache Software Foundation | Apache ActiveMQ | High | 8.5 | 2024-05-02 08:29:18 | Deep Dive |
| CVE-2022-41678 | Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE | Apache Software Foundation | Apache ActiveMQ | 高危 | - | 2023-11-28 15:08:38 | Deep Dive |