Lucene search
K

36 matches found

Chainguard
Chainguard
added 2 days ago3 views

CVE-2026-11226 vulnerabilities

Vulnerabilities for packages: chromium...

6.5CVSS5.8AI score0.00151EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/24 5:41 a.m.35 views

CVE-2026-13006 Incomplete protection against CVE-2025-11226

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.36 in Java applications, allows an attacker to execute arbitrary code circumventing existing protections against CVE-2025-11226 by compromising an existing logback configuration...

7CVSS0.00122EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 5:41 a.m.53 views

CVE-2026-13006

CVE-2026-13006 affects Java applications using logback-core up to version 1.5.34. The issue arises in conditional configuration file processing, allowing an attacker to execute arbitrary code while bypassing protections against CVE-2025-11226. A successful attack requires Janino on the classpath ...

7CVSS6.1AI score0.00122EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 12:8 p.m.10 views

ROOT-APP-MAVEN-CVE-2025-11226 CVE-2025-11226 in io.root.ch.qos.logback:logback-core - Patched by Root

Root has patched CVE-2025-11226 in the io.root.ch.qos.logback:logback-core package for Root:Maven. Multiple fixed versions available...

6.4CVSS5.2AI score0.00181EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/19 5:23 p.m.5 views

Security Bulletin: Vulnerabilities exists in IBM Netezza Software

Summary Vulnerabilities identified in IBM Netezza Software have been addressed in version 11.3.1.1. Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications...

9.8CVSS6.9AI score0.01916EPSS
Exploits11Affected Software1
Circl
Circl
added 2026/06/05 1:24 p.m.7 views

CVE-2026-11226

creationtimestamp| type| source ---|---|--- 2026-06-05 13:24:30+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116697713800926918 2026-06-07 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260608 2026-06-09 18:00:00+00:00| seen|...

6.5CVSS5.3AI score0.00151EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-11226

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in PreviewTab in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in...

6.5CVSS5.5AI score0.00151EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:17 p.m.7 views

CVE-2026-11226

Insufficient policy enforcement in PreviewTab in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

6.5CVSS0.00151EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/25 4:54 p.m.18 views

Security Bulletin: A logback-core-1.5.18.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in logback-core-1.5.18.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in conditional configuration file processing by QOS.C...

7CVSS6.2AI score0.00181EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 2:40 p.m.8 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use os qOS.ch Logback-core

Summary Due to use of qOS.ch Logback-core, DevOps Test Performance and Rational Performance Tester contain a potential Remote Code Execution RCE vulnerability. Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in conditional configuration file processing by QOS.CH...

7CVSS6.3AI score0.00181EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 12:54 a.m.6 views

Security Bulletin: IBM Storage Protect Server is affected by a vulnerability in the logback-core library that could lead to denial-of-service under specific conditions (CVE-2025-11226).

Summary IBM Storage Protect Server uses the logback-core library in certain components; the library is vulnerable to improper handling of certain inputs that could lead to denial-of-service under specific conditions. Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in...

7CVSS6.2AI score0.00181EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/10 10:13 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses logback-core which is vulnerable to CVE-2025-11226

Summary IBM Maximo Application Suite - Visual Inspection component uses logback-core which is vulnerable to CVE-2025-11226. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in conditional...

7CVSS6.1AI score0.00181EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/05 8:20 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in logback-core-1.3.15.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in logback-core-1.3.15.jar Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows...

7CVSS6.2AI score0.00181EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/02 6:36 a.m.9 views

Security Bulletin: Arbitrary Code Execution in Logback-Core via Conditional Configuration Processing, affects watsonx.data

Summary QOS.CH logback-core up to and including version 1.5.18 is vulnerable to arbitrary code execution due to unsafe conditional configuration file processing. An attacker with existing privileges can exploit this by modifying an existing Logback configuration file or injecting a malicious...

7CVSS6.7AI score0.00181EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 5:42 a.m.7 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "tomcat-embed-core-10.1.46.jar, js-yaml-4.1.0.tgz, keras-2.14.0-py3-none-any.whl, logback-core-1.5.18.jar, werkzeug-3.0.6-py3-none-any.whl" which are vulnerable to "CVE-2025-61795, CVE-2025-64718, CVE-2025-12058, CVE-2025-11226, CVE-2025-66221". This...

7CVSS7.6AI score0.01139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 2:28 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to improper input validation in logback-core [CVE-2025-11226]

Summary IBM Watson Speech Services Cartridge is vulnerable to improper input validation, due to an issue with conditional configuration file processing in logback-core CVE-2025-11226. Logback-core is used in our java microservices. This vulnerabilitiy has been addressed. Please read the details f...

7CVSS7.7AI score0.00181EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/18 5:11 p.m.22 views

Security Bulletin: Logback-Core ≤1.5.18 Conditional Config Processing Flaw Enables ACE via Malicious Config or Env Variable

Summary ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before...

7CVSS7.8AI score0.00181EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2025/10/09 12:0 a.m.5 views

openSUSE Security Advisory (SUSE-SU-2025:03456-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7CVSS6.8AI score0.00181EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-11226

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacke...

7CVSS6.2AI score0.00181EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/10/07 7:8 a.m.5 views

Security update for logback

This update for logback fixes the following issues: CVE-2025-11226: fixed the ACE vulnerability in conditional configuration file processing bsc1250715 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

5.3CVSS6.8AI score0.00181EPSS
Exploits0References4
Rows per page
Query Builder