CVE-2026-34197

Overview

Apache Software Foundation
Apache ActiveMQ Broker
org.apache.activemq:activemq-broker

07 Apr 2026

Published

17 Apr 2026

Updated

CVSS

Pending

EPSS

6.22%

MITRE

KEV

Description

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) and BrokerService.addConnector(String). An authenticated attacker can invoke these operations with a crafted discovery URI that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ All: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ: before 5.19.4, from 6.0.0 before 6.2.3. Users are recommended to upgrade to version 5.19.4 or 6.2.3, which fixes the issue

Statistics

13 Posts

Last activity: Last hour

Fediverse

HackerWorkspace @hackerworkspace

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

https://thehackernews.com/2026/04/apache-activemq-cve-2026-34197-added-to.html

Read on HackerWorkspace: https://hackerworkspace.com/article/apache-activemq-cve-2026-34197-added-to-cisa-kev-amid-active-exploitation

#cybersecurity #vulnerability #exploit

0
0
1
7h ago

OffSequence @offseq

⚠️ CRITICAL: CVE-2026-34197 is a remote code execution vuln in Apache ActiveMQ. No patch or confirmed exploitation yet. Monitor vendor advisories & apply security best practices. Details: https://radar.offseq.com/threat/recent-apache-activemq-vulnerability-exploited-in--98176e07 #OffSeq #ApacheActiveMQ #Vuln #Infosec

0
0
0
1h ago

TechNadu @technadu

New KEV added 🚨
CVE-2026-34197 (Apache ActiveMQ)
• Active exploitation confirmed
• High-risk entry point
KEV = patch now, not later

Source: https://www.cisa.gov/news-events/alerts/2026/04/16/cisa-adds-one-known-exploited-vulnerability-catalog

💬 How fast is your patch cycle?
Follow @technadu

#InfoSec #CyberSecurity #KEV

0
0
0
1h ago

Bluesky

CyberVeille @cyberveille-ch.bsky.social

📢 CVE-2026-34197 : RCE critique dans Apache ActiveMQ Classic via l'API Jolokia 📝 ## 🔍 Contexte Publié le 7 avril 2026 par Horizon3.ai, cet article prése… https://cyberveille.ch/posts/2026-04-16-cve-2026-34197-rce-critique-dans-apache-activemq-classic-via-l-api-jolokia/ #Apache_ActiveMQ #Cyberveille

0
0
0
10h ago

キタきつね @kitafox.bsky.social

CISAが既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Apr 16) CVE-2026-34197 Apache ActiveMQ 入力検証の不備 www.cisa.gov/news-events/...

0
0
0
9h ago

piggo @pigondrugs.bsky.social

~Cisa~ CISA added actively exploited CVE-2026-34197 (Apache ActiveMQ) to its KEV catalog. - IOCs: CVE-2026-34197 - #Apache #CVE202634197 #ThreatIntel

0
0
0
8h ago

ohhara @shiojiri.com

CVE-2026-34197 Apache ActiveMQ Improper Input Validation Vulnerability

0
0
0
7h ago

Information Security Briefly @infosecbriefly.bsky.social

A high-severity security flaw in Apache ActiveMQ Classic, CVE-2026-34197, is actively exploited, requiring urgent fixes by April 30, 2026.

0
0
0
7h ago

ReconBee @reconbee.bsky.social

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation reconbee.com/apache-activ... #ActiveMQ #Apache #CISA #KEV #cybersecurity #cyberattack

0
0
0
7h ago

Information Security Briefly @infosecbriefly.bsky.social

A vulnerability in Apache ActiveMQ Classic, CVE-2026-34197, is being actively exploited, requiring immediate patching by organizations.

0
0
0
2h ago

TechNadu @technadu.com

New KEV entry: CVE-2026-34197 Apache ActiveMQ Actively exploited If it’s KEV → patch ASAP 💬 Are KEVs top priority for you? Follow TechNadu #CyberSecurity #KEV #InfoSec

0
0
0
1h ago

Ninja Owl @ninjaowl.ai

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...

0
0
0
Last hour

CVE-2026-33032

Overview

0xJacky
nginx-ui

30 Mar 2026

Published

16 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.06%

MITRE

KEV

Description

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message. While /mcp requires both IP whitelisting and authentication (AuthRequired() middleware), the /mcp_message endpoint only applies IP whitelisting - and the default IP whitelist is empty, which the middleware treats as "allow all". This means any network attacker can invoke all MCP tools without authentication, including restarting nginx, creating/modifying/deleting nginx configuration files, and triggering automatic config reloads - achieving complete nginx service takeover. At time of publication, there are no publicly available patches.

Statistics

11 Posts
5 Interactions

Last activity: 4 hours ago

Fediverse

ThreatNoir @threatnoir

⚠️ CRITICAL: Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

CVE-2026-33032 is a critical authentication bypass in nginx-ui that allows unauthenticated attackers to modify Nginx configurations and take over the service completely. An estimated 2,689 vulnerable instances remain exposed globally and active exploitation is confirmed in the wild. Any unpatched n…

https://threatnoir.com/focus

#infosec #cybersecurity

1
1
0
21h ago

CyberNetsecIO @netsecio

📰 Critical Auth Bypass in nginx-ui (CVE-2026-33032) Actively Exploited for Full Nginx Takeover

🚨 CRITICAL FLAW: nginx-ui is being actively exploited via an auth bypass (CVE-2026-33032, CVSS 9.8). Unauthenticated attackers can gain full RCE. Patch to version 2.3.4+ immediately! #nginx #CyberSecurity #Vulnerability

🔗 https://cyber.netsecops.io/articles/critical-nginx-ui-auth-bypass-cve-2026-33032-under-active-exploit/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

0
0
0
15h ago

Vito Botta @vitobotta

nginx-ui CVE-2026-33032: the /mcp endpoint had auth, /mcp_message didn't. One missing check = full server takeover. As tools rush to add MCP support, expect more of these gaps. - https://thehackernews.com/2026/04/critical-nginx-ui-vulnerability-cve.html

0
0
0
4h ago

Bluesky

Rapid7 @rapid7.com

🚨 On 3/30/26, a security advisory was published for CVE-2026-33032 – a critical vulnerability affecting #NginxUI. This is a missing authentication bug with a CVSS score of 9.8, and exploitation in the wild has begun. More from Rapid7: r-7.co/4mzAr7G

0
2
0
16h ago

Tech-News @technology-news.bsky.social

CVE-2026-33032 exposes nginx-ui to unauthenticated takeover via MCP endpoint, impacting 2,600+ instances with active exploitation.

0
1
0
6h ago

Ahmet BÜTÜN @ahmetbutun.bsky.social

Critical Nginx UI Auth Bypass Flaw Actively Exploited A critical vulnerability in the Nginx UI, known as CVE-2026-33032, is being exploited by attackers,.... @thecosmicmeta.com #Nginx https://u2m.io/h88aY2wo

0
0
0
22h ago

piggo @pigondrugs.bsky.social

~Cybergcca~ Critical flaws in Drupal core (XSS) and Nginx UI (CVE-2026-33032, exploited in wild). - IOCs: CVE-2026-33032, SA-CORE-2026-001 - #Drupal #Nginx #ThreatIntel

0
0
0
20h ago

CyberVeille @cyberveille-ch.bsky.social

📢 CVE-2026-33032 : Authentification manquante dans Nginx UI exploitée in the wild 📝 ## 🔍 Contexte Rapid7 a publié le 16 avril 2026 une alerte de sécur… https://cyberveille.ch/posts/2026-04-16-cve-2026-33032-authentification-manquante-dans-nginx-ui-exploitee-in-the-wild/ #CVE_2026_33032 #Cyberveille

0
0
0
9h ago

ohhara @shiojiri.com

Update now: Active exploitation of Nginx UI vulnerability CVE-2026-33032 underway - Cyber Daily https://www.cyberdaily.au/security/13477-update-now-active-exploitation-of-nginx-ui-vulnerability-cve-2026-33032-underway

0
0
0
7h ago

ohhara @shiojiri.com

CVE-2026-33032: severe nginx-ui bug grants unauthenticated server access https://securityaffairs.com/190841/hacking/cve-2026-33032-severe-nginx-ui-bug-grants-unauthenticated-server-access.html

0
0
0
7h ago

Eyal Estrin ☁️ @eyalestrin.bsky.social

Critical Unauthenticated RCE and Server Takeover (CVE-2026-33032, CVE-2026-27825) #appsec

0
0
0
6h ago

CVE-2026-39987

Overview

marimo-team
marimo

09 Apr 2026

Published

09 Apr 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

3.20%

MITRE

KEV

Description

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.

Statistics

3 Posts
6 Interactions

Last activity: 1 hour ago

Fediverse

N_{Dario Fadda} @nuke

CVE-2026-39987: Marimo RCE Zero-Day Exploited Within 10 Hours of Disclosure — 662 Attacks Recorded
#CyberSecurity
https://securebulletin.com/cve-2026-39987-marimo-rce-zero-day-exploited-within-10-hours-of-disclosure-662-attacks-recorded/

4
0
0
3h ago

Can Artuc @canartuc

Marimo is a Python notebook used in AI toolchains. It was exploited 9 hours 41 minutes after CVE-2026-39987 disclosure. Sysdig published the telemetry. Full remote takeover, no login required. The patch shipped with the advisory. Most shops do not have weekend on-call for a Python notebook. By Sunday morning the command-and-control traffic was already 14 hours deep. Patch window is shorter than one night of sleep. On-call SLA is the new budget line.

#CyberSecurity #DevOps #Python #InfoSec

1
1
0
1h ago

HackerWorkspace @hackerworkspace

CVE-2026-39987 update: How attackers weaponized marimo to deploy a blockchain botnet via HuggingFace | Sysdig

https://www.sysdig.com/blog/cve-2026-39987-update-how-attackers-weaponized-marimo-to-deploy-a-blockchain-botnet-via-huggingface

Read on HackerWorkspace: https://hackerworkspace.com/article/cve-2026-39987-update-how-attackers-weaponized-marimo-to-deploy-a-blockchain-botnet-via-huggingface-sysdig

#malware #cybersecurity #vulnerability

0
0
0
7h ago

CVE-2023-33538

Overview

Pending

07 Jun 2023

Published

20 Dec 2025

Updated

CVSS

Pending

EPSS

91.47%

MITRE

KEV

Description

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .

Statistics

4 Posts
2 Interactions

Last activity: 2 hours ago

Fediverse

ccinfo.nl @CCINL

🚨 Cyber Dreigingsradar 17 april 2026

Dreigingsniveau VERHOOGD (72/100)
• 35 nieuwe incidenten in NL/BE (24u)
• CVE-2025-43300 (CVSS 10.0) actief misbruikt
• CVE-2023-33538 aanvallen op TP-Link routers

Vandaag in het nieuws:
• EU leeftijdsverificatie app binnen 2 min gehackt
• Gelekte Windows zero days actief misbruikt
• Kritieke RCE in Cisco ISE

Actie: patch netwerkapparatuur + test backup-herstel.

Bekijk de volledige Dreigingsradar:
https://www.digiweerbaar.nl/cyber-dreigingsradar

#dreigingsradar #cybersecurity

0
0
0
2h ago

Bluesky

Cyber Threat Feeds @montxt.bsky.social

A Deep Dive Into Attempted Exploitation of CVE-2023-33538 https://unit42.paloaltonetworks.com/exploitation-of-cve-2023-33538/

0
0
0
13h ago

piggo @pigondrugs.bsky.social

~Paloalto~ Active Mirai-like botnets are exploiting CVE-2023-33538 in EOL TP-Link routers via command injection. - IOCs: 51. 38. 137. 113, cnc. vietdediserver. shop, bot. ddosvps. cc - #CVE202333538 #IoT #Mirai #ThreatIntel

0
0
0
8h ago

💥Cybercrimeinfo | Ptr Lhss💥 @cybercrimeinfo.bsky.social

🚨 Cyber Dreigingsradar 17 april 2026 Dreigingsniveau VERHOOGD (72/100) • 35 nieuwe incidenten in NL/BE (24u) • CVE-2025-43300 (CVSS 10.0) actief misbruikt • CVE-2023-33538 aanvallen op TP-Link routers Bekijk de volledige Dreigingsradar: www.digiweerbaar.nl/cyber-dreigi...

1
1
0
2h ago

CVE-2026-33825

Overview

Microsoft
Microsoft Defender Antimalware Platform

14 Apr 2026

Published

16 Apr 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.04%

MITRE

KEV

Description

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

Statistics

3 Posts

Last activity: Last hour

Bluesky

Helios Mier @hmier.bsky.social

clarificar sobre los nuevos CVEs El misto tipo libero 3 PoCs... BLUEHAMMER - LPE en windows defender. CVE-2026-33825 parche incluido en el rollup de abril. UNDEFED - DoS a windows defender. no info de CVE o parche. REDSUN - LEP en windows defender. Exploit liberado. no parche.

0
0
0
18h ago

CyberVeille @cyberveille-ch.bsky.social

📢 CVE-2026-33825 : Zero-day Windows Defender exploité par BlueHammer et RedSun pour élévation de privilèges 📝 ## 🗓️ Contexte Publ… https://cyberveille.ch/posts/2026-04-16-cve-2026-33825-zero-day-windows-defender-exploite-par-bluehammer-et-redsun-pour-elevation-de-privileges/ #BlueHammer #Cyberveille

0
0
0
9h ago

Pia @cecallihelper.bsky.social

"Two zero-days still waiting for a patch" CVE-2026-33825 is patched www.bleepingcomputer.com/news/securit... "On Thursday, Huntress Labs security researchers reported seeing all three zero-day exploits deployed in the wild, with the BlueHammer vulnerability being exploited since April 10." #cybersec

0
0
0
Last hour

CVE-2026-33829

Overview

Microsoft
Windows 10 Version 1607

14 Apr 2026

Published

16 Apr 2026

Updated

CVSS v3.1

MEDIUM (4.3)

EPSS

0.06%

MITRE

KEV

Description

Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.

Statistics

2 Posts

Last activity: Last hour

Bluesky

r/blueteamsec bot @r-blueteamsec.bsky.social

CVE-2026-33829: Snipping Tool NTLM Leak

0
0
0
10h ago

Undercode Testing @undercode.bsky.social

HACKER’S DELIGHT: WINDOWS SNIPPING TOOL FLAW LEAKS YOUR PASSWORD HASH—HERE’S HOW TO STOP IT Introduction: A newly uncovered vulnerability in the Windows Snipping Tool (CVE-2026-33829) allows an attacker to capture a user’s NTLMv2 hash over a network through a simple spoofing attack. The flaw…

0
0
0
Last hour

CVE-2026-21643

Overview

Fortinet
FortiClientEMS

06 Feb 2026

Published

14 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.1)

EPSS

33.91%

MITRE

KEV

Description

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Statistics

2 Posts

Last activity: 5 hours ago

Bluesky

OpsMatters @handle.invalid

The latest update for #Foresiet includes "CVE-2026-21643: Pre-Authentication SQL Injection in Endpoint Management Server Leading to Remote Code Execution" and "The AI Inversion: Tracking the Most Dangerous Cyber Attacks of 2026". #cybersecurity #infosec https://opsmtrs.com/3J3CMGz

0
0
0
11h ago

Undercode Testing @undercode.bsky.social

CVE-2026-21643 FortiGhost – Unauthenticated SQL Injection to Remote Code Execution on FortiClient EMS – Critical Patch Now! + Video Introduction: FortiClient Enterprise Management Server (EMS) is a centralized management solution for Fortinet's endpoint security products, widely deployed in…

0
0
0
5h ago

CVE-2026-39813

Overview

Fortinet
FortiSandbox

14 Apr 2026

Published

15 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.1)

EPSS

0.06%

MITRE

KEV

Description

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here>

Statistics

3 Posts

Last activity: 9 hours ago

Fediverse

CyberNetsecIO @netsecio

📰 Fortinet Patches Critical Authentication Bypass and RCE Flaws in FortiSandbox

Fortinet patches two critical (CVSS 9.1) flaws in FortiSandbox. 🚨 CVE-2026-39813 (auth bypass) & CVE-2026-39808 (RCE) can be exploited by an unauthenticated attacker. Patch immediately! #Fortinet #Vulnerability #CyberSecurity

🔗 https://cyber.netsecops.io/articles/fortinet-patches-critical-vulnerabilities-in-fortisandbox/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

0
0
0
15h ago

Bluesky

Help Net Security @helpnetsecurity.com

Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808) 📖 Read more: www.helpnetsecurity.com/2026/04/16/f... #cybersecurity #cybersecuritynews #sandbox #securityupdate #vulnerability

0
0
0
22h ago

キタきつね @kitafox.bsky.social

FortinetがFortiSandboxの重大な脆弱性（CVE-2026-39813、CVE-2026-39808）を修正 Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808) #HelpNetSecurity (Apr 16) www.helpnetsecurity.com/2026/04/16/f...

0
0
0
9h ago

CVE-2026-39808

Overview

Fortinet
FortiSandbox

14 Apr 2026

Published

15 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.1)

EPSS

0.29%

MITRE

KEV

Description

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

Statistics

3 Posts

Last activity: 9 hours ago

Fediverse

CyberNetsecIO @netsecio

📰 Fortinet Patches Critical Authentication Bypass and RCE Flaws in FortiSandbox

Fortinet patches two critical (CVSS 9.1) flaws in FortiSandbox. 🚨 CVE-2026-39813 (auth bypass) & CVE-2026-39808 (RCE) can be exploited by an unauthenticated attacker. Patch immediately! #Fortinet #Vulnerability #CyberSecurity

🔗 https://cyber.netsecops.io/articles/fortinet-patches-critical-vulnerabilities-in-fortisandbox/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

0
0
0
15h ago

Bluesky

Help Net Security @helpnetsecurity.com

Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808) 📖 Read more: www.helpnetsecurity.com/2026/04/16/f... #cybersecurity #cybersecuritynews #sandbox #securityupdate #vulnerability

0
0
0
22h ago

キタきつね @kitafox.bsky.social

FortinetがFortiSandboxの重大な脆弱性（CVE-2026-39813、CVE-2026-39808）を修正 Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808) #HelpNetSecurity (Apr 16) www.helpnetsecurity.com/2026/04/16/f...

0
0
0
9h ago

CVE-2009-0238

Overview

Pending

25 Feb 2009

Published

15 Apr 2026

Updated

CVSS

Pending

EPSS

81.14%

MITRE

KEV

Description

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.

Statistics

1 Post
1 Interaction

Last activity: 16 hours ago

Fediverse

Christoph Schmees @PC_Fluesterer

Antiker Fehler in MS Excel wird angegriffen

Kaum zu glauben, aber wahr: Die Sicherheitslücke CVE-2009-0238 vom Februar 2009, gegen die längst ein Update vorliegt, wird offenbar gerade aktiv in Angriffen ausgenutzt. Jedenfalls ist sie am 2026-04-14 in den KEV Katalog der CISA aufgenommen worden; die US-Behörden müssen innerhalb von zwei Wochen ihre Systeme aktualisieren. Betroffen sind

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, 2007 SP1
Excel Viewer 2003 Gold und SP3
Excel Viewer
Compatibility Pack für Word, Excel, und PowerPoint 2007 Dateiformate SP1
Excel in Microsoft Office 2004 und 2008 for Mac

Ein Angreifer kann die volle Kontrolle über den

https://www.pc-fluesterer.info/wordpress/2026/04/16/antiker-fehler-in-ms-excel-wird-angegriffen/

#Empfehlung #Hintergrund #Warnung #cybercrime #exploits #Microsoft #office #sicherheit #unplugMicrosoft

1
0
0
16h ago