VYPR
Vendor

Rabbitmq

Products
3
CVEs
16
Across products
16
Status
Private

Products

3

Recent CVEs

16
  • CVE-2016-0929HigSep 18, 2016
    risk 0.49cvss 7.5epss 0.01

    The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain sensitive information by reading the log data, as demonstrated by a syslog message that…

  • CVE-2026-44838HigMay 27, 2026
    risk 0.46cvss 8.1epss 0.00

    RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^{client_id}-sensors$ to restrict user access to…

  • CVE-2015-8786MedDec 9, 2016
    risk 0.43cvss 6.5epss 0.04

    The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter.

  • CVE-2024-51988MedNov 6, 2024
    risk 0.42cvss 6.5epss 0.00

    RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the `configure` permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target…

  • CVE-2025-30219MedMar 25, 2025
    risk 0.33cvss 6.1epss 0.00

    RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScript code execution in…

  • CVE-2026-44839MedMay 27, 2026
    risk 0.24cvss 4.8epss 0.00

    RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13.

  • CVE-2025-50200Jun 19, 2025
    risk 0.00cvss epss 0.00

    RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including…

  • CVE-2023-46118Oct 24, 2023
    risk 0.00cvss epss 0.01

    RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large…

  • CVE-2023-46120Oct 24, 2023
    risk 0.00cvss epss 0.01

    The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error.…

  • CVE-2022-31008Oct 6, 2022
    risk 0.00cvss epss 0.00

    RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of…

  • CVE-2021-32719Jun 28, 2021
    risk 0.00cvss epss 0.01

    RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper tag sanitization.…

  • CVE-2021-32718Jun 28, 2021
    risk 0.00cvss epss 0.01

    RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `` tag sanitization, potentially allowing for…

  • CVE-2020-35196Dec 17, 2020
    risk 0.00cvss epss 0.02

    The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. System using the rabbitmq docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access…

  • CVE-2014-9650Jan 27, 2015
    risk 0.00cvss epss 0.03

    CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.

  • CVE-2014-9649Jan 27, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message.

  • CVE-2014-9494Jan 20, 2015
    risk 0.00cvss epss 0.01

    RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.