ROOT-APP-MAVEN-CVE-2026-1225 CVE-2026-1225 in io.root.ch.qos.logback:logback-core - Patched by Root

Root has patched CVE-2026-1225 in the io.root.ch.qos.logback:logback-core package for Root:Maven. Multiple fixed versions available...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses logback-core-1.5.21.jar, spring-web-6.2.14.jar, pygments-2.19.2-py3-none-any.whl, and cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl, which are vulnerable to CVE-2026-1225, CVE-2026-22735, CVE-2026-4539, and CVE-2026-34073. This bulletin contains information...

SUSE SLES15 Security Update : kernel (Live Patch 16 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:1225-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1225-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.73 fixes various security issues The following security issues were fixed: -...

CLEANSTART-2026-TX96881 Security fixes for CVE-2024-6763, CVE-2026-1225, ghsa-25qh-j22f-pwp8, ghsa-72hv-8253-57qq, ghsa-qh8g-58pp-2wxh, ghsa-qqpg-mvqg-649v applied in versions: 4.0.1-r2

Multiple security vulnerabilities affect the cassandra-reaper-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

Security Bulletin: IBM Storage Protect Server is affected by a vulnerability in the logback-core library that could allow denial-of-service through specially crafted inputs (CVE-2026-1225).

Summary IBM Storage Protect Server uses the logback-core library in certain components; the library is affected by an input handling flaw that could allow specially crafted inputs to trigger a denial-of-service condition. Vulnerability Details CVEID:CVE-2026-1225 DESCRIPTION: ACE vulnerability in...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Input Validation in QOS.CH logback-core [CVE-2026-1225]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Input Validation in logback-core, caused by an ACE vulnerability in configuration file processing that allows an attacker to instantiate classes already present on the class path by compromising an existing logback configurati...

Security Bulletin: Vulnerabilities in logback-core-1.5.16.jar, logback-core-1.5.19.jar, logback-core-1.5.22.jar affecting MongoDB Enterprised Advanced (CVE-2026-1225)

Summary There are vulnerabilities in logback-core-1.5.16.jar, logback-core-1.5.19.jar, logback-core-1.5.22.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-1225. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-1225 DESCRIPTION: ACE vulnerability i...

openSUSE Security Advisory (SUSE-SU-2026:0361-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : logback (SUSE-SU-2026:0361-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0361-1 advisory. - CVE-2026-1225: ACE vulnerability in configuration file bsc1257094 Tenable has extracted the preceding description block directly from the SUSE security...

logback-1.2.13-2.1 on GA media (moderate)

logback-1.2.13-2.1 on GA media Announcement ID: openSUSE-SU-2026:10114-1 Rating: moderate Cross-References: CVE-2026-1225 CVSS scores: CVE-2026-1225 SUSE : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be...

CVE-2026-1225

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

CVE-2026-1225 vulnerabilities

Vulnerabilities for packages: sonar-scanner-cli, keycloak-config-cli, cassandra-reaper, kserve-modelmesh, nextflow, trino, cassandra, akhq, apache-nifi-registry, zookeeper, apache-nifi, management-api-for-apache-cassandra-5.0, sonarqube, dependency-track...

CVE-2026-1225 vulnerabilities

Vulnerabilities for packages: cassandra-reaper, localstack, akhq, management-api-for-apache-cassandra-4.1, cassandra, apache-nifi, sonar-scanner-cli, zookeeper-fips, management-api-for-apache-cassandra-4.0, zookeeper, dependency-track, kafbat-ui-fips, dependency-track-apiserver, nacos-docker,...

SUSE CVE-2026-1225

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

CVE-2026-1225 Malicious logback.xml configuration file allows instantiation of arbitrary classes

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

CVE-2026-1225

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

Linux Distros Unpatched Vulnerability : CVE-2026-1225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to...

MiracleLinux 7 : gstreamer-plugins-good-0.10.31-12.el7 (AXSA:2017-1225:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2017-1225:01 advisory. GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything fr...

CVE-2022-1225

Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6...

CVE-2020-1225

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1226...