VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Advisories the vendor has revised
Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used to fetch an attacker URL and spawn a second BrokerService inside the same JVM. This issue affects Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7. Users are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue.
Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can keep streaming body bytes and grow the per-connection command buffer beyond configured limits to cause OOM. For the blocking STOMP protocol, an error will instead force abnormal transport exception handling for the affected connection and closure. This issue affects Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ Stomp: before 5.19.8, from 6.0.0 before 6.2.7. Users are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue.
Unauthorized broker instantiation via improper input validation in LDAP entries. Red Hat rates this important (CVSS 7.6). Weakness: CWE-90.
Denial of Service via improper input validation in STOMP connector. Red Hat rates this important (CVSS 7.5). Weakness: CWE-839.
Denial of Service via crafted WireFormatInfo frame. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770.
Denial of Service via repeated BrokerInfo commands. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770.
Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec. Red Hat rates this important (CVSS 7.5). Weakness: CWE-789.
Information disclosure due to broken temporary destination isolation. Red Hat rates this important (CVSS 8.2). Weakness: CWE-1220.
Denial of Service due to exponential-time complexity. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1333. Red Hat lists fixing advisory RHSA-2026:35272 with package dotnet8-0-main-8.0.128-1.1.hum1, nodejs26-main-26.4.0-1.3.hum1, nodejs22-main-22.23.1-2.hum1, nodejs24-main-24.18.0-0.2.hum1.
Denial of Service via crafted input. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1050. Red Hat lists fixing advisory RHSA-2026:37577 with package dotnet8-0-main-8.0.128-1.1.hum1.
Information disclosure via path traversal vulnerability. Red Hat rates this important (CVSS 7.5). Weakness: CWE-22.
@anthropic-ai/claude-code: Claude Code: Arbitrary code execution through git directory confusion. Red Hat rates this important (CVSS 7.1). Weakness: CWE-59.
Security policy bypass due to improper Unicode hostname canonicalization. Red Hat rates this important (CVSS 7.5). Weakness: CWE-551.
Symlink traversal privilege escalation via libacl functions. Red Hat rates this important (CVSS 7.1). Weakness: CWE-59. Red Hat lists fixing advisory RHSA-2026:34351 with package acl-main-2.4.0-0.1.hum1.
Command Injection vulnerability in the JavaDoc hover provider of the vscode-java extension. Red Hat rates this important (CVSS 8.8). Weakness: CWE-88. Red Hat lists fixing advisory RHSA-2026:36820 with package devspaces/pluginregistry-rhel9:1782989367.
Remote code injection vulnerability. Red Hat rates this important (CVSS 7.3). Weakness: CWE-94.
Memory corruption via crafted Photo CD (PCD) file. Red Hat rates this important (CVSS 8.1). Weakness: CWE-787.
Heap buffer overflow via integer overflow in publickey attribute allocation. Red Hat rates this moderate (CVSS 7). Weakness: CWE-787.
Memory corruption via crafted RASC video stream. Red Hat rates this important (CVSS 7.6). Weakness: CWE-787.
Denial of Service via missing host header in specific logging configurations. Red Hat rates this important (CVSS 7.5). Weakness: CWE-476.