Vulnerability intelligence

CVE-2023-30845 describes an authentication bypass vulnerability found in Google's Extensible Service Proxy (ESPv2), affecting versions 2.20.0 through 2.42.0. This flaw allows malicious API clients to circumvent JSON Web Token (JWT) authentication. The bypass is achieved by crafting a request with a specially manipulated `X-HTTP-Method-Override` header. This vulnerability can be exploited under specific conditions: when the requested HTTP method is not defined in the API service specification (such as an OpenAPI spec or gRPC `google.api.http` proto annotations), and the `X-HTTP-Method-Override` value itself corresponds to a valid HTTP method within that API service definition.

CVE-2026-34197 is an improper input validation and code injection vulnerability affecting Apache ActiveMQ Classic. This flaw resides in the Jolokia JMX-HTTP bridge, exposed on the web console, which by default permits `exec` operations on ActiveMQ MBeans, including `BrokerService.addNetworkConnector(String)` and `BrokerService.addConnector(String)`. An authenticated attacker can exploit this by invoking these operations with a specially crafted discovery URI. This URI triggers the VM transport's `brokerConfig` parameter to load a remote Spring XML application context, which then instantiates singleton beans and executes arbitrary code on the broker's Java Virtual Machine (JVM) through methods like `Runtime.exec()`. While exploitation typically requires authentication, certain versions of Apache ActiveMQ Classic (6.0.0 through 6.1.1) are also affected by CVE-2024-32114, which inadvertently exposes the Jolokia API without authentication. In these specific versions, CVE-2026-34197 can be exploited without credentials, effectively becoming an unauthenticated remote code execution vulnerability. This vulnerability has been present in the codebase for approximately 13 years and affects Apache ActiveMQ Broker versions before 5.19.4 and from 6.0.0 before 6.2.3.

CVE-2024-32114 is an authentication bypass vulnerability found in Apache ActiveMQ 6.x, stemming from an insecure default configuration. This flaw exposes critical API endpoints, specifically the Jolokia JMX REST API and the Message REST API, without requiring any authentication. As a result, unauthenticated users can gain access to these interfaces. This lack of authentication allows unauthorized individuals to interact with the message broker. This interaction can involve producing or consuming messages, modifying broker configurations, and purging or deleting message destinations. The vulnerability affects Apache ActiveMQ versions 6.0.0 through 6.1.1, with the issue being addressed in version 6.1.2 where the default configuration was updated to include authentication.

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.