CVE-2026-34197

Overview

Apache Software Foundation
Apache ActiveMQ Broker
org.apache.activemq:activemq-broker

07 Apr 2026

Published

08 Apr 2026

Updated

CVSS

Pending

EPSS

0.10%

MITRE

KEV

Description

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) and BrokerService.addConnector(String). An authenticated attacker can invoke these operations with a crafted discovery URI that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ All: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ: before 5.19.4, from 6.0.0 before 6.2.3. Users are recommended to upgrade to version 5.19.4 or 6.2.3, which fixes the issue

Statistics

4 Posts

Last activity: 7 hours ago

Fediverse

DragonJAR @dragonjar

En las últimas 24 horas, destaca Project Glasswing, que fortalece la defensa del software crítico ante la IA; vulnerabilidades graves en ActiveMQ y el kernel de Linux; ataques día cero en Adobe Reader y Windows sin parche; y amenazas avanzadas de grupos vinculados al MOIS, obligando a rediseñar estrategias de ciberseguridad. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:

🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 08/04/26 📆 |====

🔐 PROJECT GLASSWING: SEGURIDAD DEL SOFTWARE CRÍTICO EN LA ERA DE LA IA

Una nueva iniciativa global busca proteger el software más vital del planeta ante la llegada de una nueva era dominada por la inteligencia artificial. Project Glasswing promete fortalecer las defensas cibernéticas, proporcionando herramientas avanzadas y estrategias para anticipar y neutralizar amenazas emergentes. Esta acción es crucial para mantener la integridad de infraestructuras críticas y sistemas esenciales en un entorno cada vez más automatizado. Descubre cómo esta propuesta cambiará la forma de proteger el software clave. Más información aquí 👉 https://djar.co/jLuDy

⚠️ CVE-2026-34197: VULNERABILIDAD RCE EN ACTIVEMQ A TRAVÉS DE LA API JOLOKIA

Se ha identificado una grave vulnerabilidad de ejecución remota de código en ActiveMQ que puede ser explotada mediante la API Jolokia. Esta falla permite a atacantes ejecutar comandos a distancia, poniendo en riesgo la disponibilidad y confidencialidad de sistemas que dependen de este software. Conoce las versiones afectadas, cómo detectar esta vulnerabilidad y las medidas recomendadas para mitigar el riesgo antes de que sea explotada masivamente. Protege tus sistemas ahora mismo. Lee el análisis completo aquí 👉 https://djar.co/co76K3

🚨 ALERTA DE DÍA CERO DETECTADA EN ADOBE READER POR EXPMON

EXPMON ha identificado un sofisticado ataque de día cero que utiliza técnicas avanzadas de fingerprinting para comprometer usuarios de Adobe Reader. Esta vulnerabilidad puede ser aprovechada para instalar malware sin ser detectado, afectando especialmente a entornos corporativos y usuarios finales. Mantente informado sobre cómo funciona este ataque y cuáles son las recomendaciones para minimizar su impacto hasta que se publique un parche oficial. Protege tus documentos y dispositivos. Detalles y recomendaciones aquí 👉 https://djar.co/f0Hf

🛡️ LA CIBERSEGURIDAD EN LA ERA DEL SOFTWARE INSTANTÁNEO

La inteligencia artificial está revolucionando el ciclo de vida del software, dando lugar al concepto de "software instantáneo" que puede crearse, modificarse y eliminarse con rapidez sin precedentes. Este cambio impacta directamente en la seguridad cibernética, pues obliga a adaptar las estrategias de defensa para monitorear y proteger sistemas en constante transformación. Explora las nuevas amenazas y las soluciones propuestas para enfrentar este desafío de forma eficaz y segura. Profundiza en esta perspectiva innovadora aquí 👉 https://djar.co/lKM1L

🐧 INVESTIGACIÓN REVELA MÁS DE 100 VULNERABILIDADES EN KERNELS DE LINUX EN SOLO 30 DÍAS

Un análisis exhaustivo ha detectado más de un centenar de errores críticos en diferentes versiones del kernel de Linux durante un mes. Estos hallazgos subrayan la necesidad urgente de reforzar las prácticas de desarrollo y auditoría para evitar que estas vulnerabilidades sean explotadas, ya que Linux es la base de millones de dispositivos y servicios. Conoce cuáles son las vulnerabilidades más preocupantes y las recomendaciones para administradores y desarrolladores. Consulta el informe completo aquí 👉 https://djar.co/wpTO0

💥 EXPLOIT SIN PARCHE EN WINDOWS DESVELA BRECHA DE SEGURIDAD DE DÍA CERO

Un exploit de día cero sin parche ha sido publicado por un investigador anónimo, posibilitando a atacantes obtener privilegios SYSTEM en sistemas Windows. Esta brecha representa un riesgo grave para la seguridad, permitiendo control total sobre el equipo y la ejecución de código malicioso sin restricciones. Aprende cómo detectar esta amenaza y qué medidas temporales implementar hasta que Microsoft lance una actualización oficial. Mantén tus sistemas seguros con esta información vital. Accede a la alerta y guías aquí 👉 https://djar.co/YZrTZ

🌐 EVALUACIÓN DE AMENAZAS EN ECOSISTEMAS CIBERNÉTICOS VINCULADOS AL MOIS

Nuevos análisis muestran cómo colectivos como Handala, Homeland Justice y Karma operan dentro de un ecosistema cibernético complejo vinculado al MOIS de Irán. Estos grupos emplean técnicas avanzadas de hackeo y campañas de desinformación para influir en la opinión pública y ejecutar operaciones de espionaje. Entender estas dinámicas es esencial para anticipar posibles ataques y proteger la integridad de la información en organizaciones y gobiernos. Descubre los detalles y recomendaciones estratégicas aquí 👉 https://djar.co/aH8MB

0
0
0
7h ago

Bluesky

/r/netsec @r-netsec-bot.bsky.social

CVE-2026-34197: ActiveMQ RCE via Jolokia API

0
0
1
21h ago

Undercode Testing @undercode.bsky.social

AI Uncovers 13-Year-Old Apache ActiveMQ RCE Nightmare – CVE-2026-34197 Demands Immediate Patching + Video Introduction: A critical remote code execution (RCE) vulnerability lurking in Apache ActiveMQ Classic for 13 years has finally been exposed – not by a human researcher, but by an AI assistant.…

0
0
0
7h ago

CVE-2025-59528

Overview

FlowiseAI
Flowise

22 Sep 2025

Published

22 Sep 2025

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

82.39%

MITRE

KEV

Description

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it executes JavaScript code without any security validation. Specifically, inside the convertToValidJSONString function, user input is directly passed to the Function() constructor, which evaluates and executes the input as JavaScript code. Since this runs with full Node.js runtime privileges, it can access dangerous modules such as child_process and fs. This issue has been patched in version 3.0.6.

Statistics

3 Posts

Last activity: 3 hours ago

Bluesky

キタきつね @kitafox.bsky.social

攻撃者は、リモートコード実行のためにFlowiseの重大な脆弱性CVE-2025-59528を悪用する Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution #SecurityAffairs (Apr 7) securityaffairs.com/190471/secur...

0
0
0
16h ago

Eyal Estrin ☁️ @eyalestrin.bsky.social

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed (CVE-2025-59528) #appsec

0
0
0
9h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

A critical RCE vulnerability in Flowise (CVE-2025-59528) is actively exploited, enabling arbitrary JavaScript execution via CustomMCP. Thousands of systems are at risk without proper updates. #FlowiseRisk #RemoteExecution #USA

0
0
0
3h ago

CVE-2026-34040

Overview

moby
moby

31 Mar 2026

Published

02 Apr 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.01%

MITRE

KEV

Description

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

Statistics

3 Posts

Last activity: 5 hours ago

Bluesky

Cybersecurity News Everyday @hendryadrian.bsky.social

A critical flaw in Docker Engine (CVE-2026-34040) allows attackers to bypass AuthZ plugins by sending padded HTTP requests, enabling privileged container access to the host filesystem. Fixed in v29.3.1. #DockerVuln #ContainerSecurity #CVE2026

0
0
0
17h ago

Eyal Estrin ☁️ @eyalestrin.bsky.social

Critical Alert: Docker AuthZ Bypass (CVE-2026-34040) Enables Host Root Access #patchmanagement

0
0
0
9h ago

ReconBee @reconbee.bsky.social

Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access reconbee.com/docker-cve-2... #DockerCVE #bypassauthorization #gainhostaccess #cybersecurity #cyberattack

0
0
0
5h ago

CVE-2026-4342

Overview

Kubernetes
ingress-nginx

19 Mar 2026

Published

21 Mar 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.04%

MITRE

KEV

Description

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Statistics

2 Posts
3 Interactions

Last activity: 3 hours ago

Fediverse

K8sContributors @K8sContributors

🚨 A high-vulnerability CVE (CVE-2026-4342) has been identified in ingress-nginx.

This vulnerability enables configuration injection and potential code execution on all versions below v1.13.9, v1.14.5, and v1.15.1.

As ingress-nginx is now EOL (End of Life), users are strongly encouraged to upgrade and migrate immediately.

Details: https://github.com/kubernetes/kubernetes/issues/137893

1
1
0
3h ago

Bluesky

K8sContributors @kubernetes.dev

🚨 A high-vulnerability CVE (CVE-2026-4342) has been identified in ingress-nginx. All versions below v1.13.9, v1.14.5, and v1.15.1 are vulnerable. As ingress-nginx is now EOL (End of Life), users are strongly encouraged to upgrade and migrate immediately. Details: github.com/kubernetes/k...

0
1
0
5h ago

CVE-2025-59718

Overview

Fortinet
FortiSwitchManager

09 Dec 2025

Published

20 Mar 2026

Updated

CVSS v3.1

CRITICAL (9.1)

EPSS

7.62%

MITRE

KEV

Description

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Statistics

2 Posts
2 Interactions

Last activity: 3 hours ago

Fediverse

Capstone Technologies Group @CapTechGroup

CVE-2025-59718 analysis shows attackers bypassing FortiGate SSO, exfiltrating configs, and establishing persistent VPN access over 2 weeks of dwell time. They targeted hypervisors, DCs, and backup infrastructure—classic pre-ransomware reconnaissance. Detection gaps: firewall config changes blend into routine admin tasks. #CVE202559718 #ransomware #firewall #incidentresponse #threatintel

https://bit.ly/4cf8M7B

1
0
0
3h ago

Bluesky

Rapid7 @rapid7.com

Rapid7’s IR team was recently engaged around CVE-2025-59718 – a vuln that facilitates SSO login bypass in #Fortinet FortiGate appliances. In a new blog, dive into our investigative methodology, practical detection opportunities & more: r-7.co/3Q0CMwo

0
1
0
3h ago

CVE-2026-34980

Overview

OpenPrinting
cups

03 Apr 2026

Published

06 Apr 2026

Updated

CVSS v4.0

MEDIUM (6.1)

EPSS

0.04%

MITRE

KEV

Description

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server accepts a page-border value supplied as textWithoutLanguage, preserves an embedded newline through option escaping and reparse, and then reparses the resulting second-line PPD: text as a trusted scheduler control record. A follow-up raw print job can therefore make the server execute an attacker-chosen existing binary such as /usr/bin/vim as lp. At time of publication, there are no publicly available patches.

Statistics

3 Posts
1 Interaction

Last activity: 2 hours ago

Fediverse

buherator @buherator

Spooler Alert: Remote Unauth'd RCE-to-root Chain in CUPS

https://heyitsas.im/posts/cups/

More LLM bugs: CVE-2026-34980 and CVE-2026-34990

0
0
0
11h ago

Bluesky

buherator @buherator.bsky.social

Spooler Alert: Remote Unauth'd RCE-to-root Chain in CUPS heyitsas.im -> More LLM bugs: CVE-2026-34980 and CVE-2026-34990 Original->

1
0
0
11h ago

piggo @pigondrugs.bsky.social

~Cybergcca~ CCCS issued 3 advisories, highlighting a critical unauthenticated RCE-to-root chain in CUPS alongside GitLab and HPE updates. - IOCs: CVE-2026-34990, CVE-2026-34980 - #CUPS #ThreatIntel #Vulnerability

0
0
0
2h ago

CVE-2026-34990

Overview

OpenPrinting
cups

03 Apr 2026

Published

06 Apr 2026

Updated

CVSS v4.0

MEDIUM (5.0)

EPSS

0.01%

MITRE

KEV

Description

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That token is enough to drive /admin/ requests on localhost, and the attacker can combine CUPS-Create-Local-Printer with printer-is-shared=true to persist a file:///... queue even though the normal FileDevice policy rejects such URIs. Printing to that queue gives an arbitrary root file overwrite; the PoC below uses that primitive to drop a sudoers fragment and demonstrate root command execution. At time of publication, there are no publicly available patches.

Statistics

3 Posts
1 Interaction

Last activity: 2 hours ago

Fediverse

buherator @buherator

Spooler Alert: Remote Unauth'd RCE-to-root Chain in CUPS

https://heyitsas.im/posts/cups/

More LLM bugs: CVE-2026-34980 and CVE-2026-34990

0
0
0
11h ago

Bluesky

buherator @buherator.bsky.social

Spooler Alert: Remote Unauth'd RCE-to-root Chain in CUPS heyitsas.im -> More LLM bugs: CVE-2026-34980 and CVE-2026-34990 Original->

1
0
0
11h ago

piggo @pigondrugs.bsky.social

~Cybergcca~ CCCS issued 3 advisories, highlighting a critical unauthenticated RCE-to-root chain in CUPS alongside GitLab and HPE updates. - IOCs: CVE-2026-34990, CVE-2026-34980 - #CUPS #ThreatIntel #Vulnerability

0
0
0
2h ago

CVE-2023-50224

Overview

TP-Link
TL-WR841N

03 May 2024

Published

21 Oct 2025

Updated

CVSS v3.0

MEDIUM (6.5)

EPSS

1.50%

MITRE

KEV

Description

TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. . Was ZDI-CAN-19899.

Statistics

1 Post
4 Interactions

Last activity: 20 hours ago

Fediverse

Bundesnachrichtendienst (BND) @bnd

👾 Seit mindestens 2024 kompromittiert APT28 verwundbare Router weltweit, einschließlich TP-Link-Routern, durch Ausnutzung der Schwachstelle CVE-2023-50224.

2
2
0
20h ago

CVE-2026-31790

Overview

OpenSSL
OpenSSL

07 Apr 2026

Published

08 Apr 2026

Updated

CVSS

Pending

EPSS

0.01%

MITRE

KEV

Description

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process which leads to sensitive data leakage to an attacker. RSA_public_encrypt() returns the number of bytes written on success and -1 on error. The affected code tests only whether the return value is non-zero. As a result, if RSA encryption fails, encapsulation can still return success to the caller, set the output lengths, and leave the caller to use the contents of the ciphertext buffer as if a valid KEM ciphertext had been produced. If applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an attacker-supplied invalid RSA public key without first validating that key, then this may cause stale or uninitialized contents of the caller-provided ciphertext buffer to be disclosed to the attacker in place of the KEM ciphertext. As a workaround calling EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate the issue. The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.

Statistics

2 Posts
1 Interaction

Last activity: 1 hour ago

Bluesky

Undercode Testing @undercode.bsky.social

Critical OpenSSL Flaw Exposes Sensitive Data: CVE-2026-31790 RSA KEM Vulnerability – Update Now! + Video Introduction: OpenSSL, the ubiquitous cryptographic library securing countless web servers, VPNs, and applications, has disclosed a moderate-severity vulnerability (CVE-2026-31790) in its RSA…

0
0
0
1h ago

OMO @omo.bsky.social

OpenSSLの複数の脆弱性(Moderate: CVE-2026-31790, Low: CVE-2026-28386, CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31789)と3.6.2, 3.5.6, 3.4.5, 3.3.7, 3.0.20, 1.1.1zg, 1.0.2zpリリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #ssl #openssl security.sios.jp/vulnerabilit...

1
0
0
18h ago

CVE-2021-22681

Overview

Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers

03 Mar 2021

Published

06 Mar 2026

Updated

CVSS

Pending

EPSS

12.90%

MITRE

KEV

Description

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.

Statistics

1 Post
2 Interactions

Last activity: 19 hours ago

Bluesky

Cybersecurity News Everyday @hendryadrian.bsky.social

FBI and Pentagon report Iran-linked hackers targeting internet-facing OT devices like Rockwell/Allen-Bradley PLCs and possibly Siemens, exploiting CVE-2021-22681 to disrupt U.S. critical infrastructure operations. #Iran #OperationalTech

1
1
0
19h ago