Security Bulletin: There is a vulnerability in log4j-core-2.25.3.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-34477, CVE-2026-34478, CVE-2026-34480)

Summary There is a vulnerability in log4j-core-2.25.3.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed...

ROOT-APP-MAVEN-CVE-2026-34478 CVE-2026-34478 in io.root.org.apache.logging.log4j:log4j-core - Patched by Root

Root has patched CVE-2026-34478 in the io.root.org.apache.logging.log4j:log4j-core package for Root:Maven. Multiple fixed versions available...

Security Bulletin: IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Apache Log4j and Bouncy Castle.

Summary IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Apache Log4j and Bouncy Castle. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostnam...

Apache Log4j 2.21.0 < 2.25.4 Rfc5424Layout Log Injection (CVE-2026-34478)

The version of Apache Log4j on the remote host is 2.21.0 through 2.25.3. It is, therefore, affected by a vulnerability: - The Rfc5424Layout is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. The newLineEscape attribute was...

ch.cern:cerndb-sw-zkpolicy (=1.0.1-21), cloud.metaapi.sdk:metaapi-common-java (>=1.0.0 <=1.0.1) +256 more potentially affected by CVE-2026-34478 via org.apache.logging.log4j:log4j-core (>=3.0.0-beta1 <=3.0.0-beta3)

org.apache.logging.log4j:log4j-core MAVEN version =3.0.0-beta1, =1.0.0, =0.0.2, =00.00.03, =1.0.6, =1.0.7, =1.0.0, =2.0.21, =1.0, =1.0.2 - com.frostphyr:customappender =1.1.0 and more Source cves: CVE-2026-34478 Source advisory: SNYK:JAVA-ORGAPACHELOGGINGLOG4J-15967739...

CVE-2026-34478

creationtimestamp| type| source ---|---|--- 2026-04-10 16:05:00+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mj5p7rwcg32m 2026-04-24 19:22:23+00:00| seen| Telegram/VmN8f5p2u92gs4jEsEEqNusAAFK4tqyRCmSO0VkIRHhWQI 2026-04-24 19:22:45+00:00| seen|...

CVE-2024-34478

btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable directory traversal due to Apache Shiro (CVE-2023-34478)

Summary IBM Sterling Partner Engagement Manager uses Apache Shiro. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-34478 DESCRIPTION: Apache Shiro could allow a remote authenticated attacker to traverse directories on the system, cause...

VulnCheck KEV: CVE-2023-34478

Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or...

CVE-2023-34478

creationtimestamp| type| source ---|---|--- 2023-07-24 22:26:15+00:00| seen| https://t.me/cibsecurity/67180 2025-02-13 19:20:10+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/4326 2025-08-18 21:02:48+00:00| seen|...

cloud.opencode.base:opencode-base-token (=1.0.0), io.github.junxworks:junx-ep-auth (>=2.0.0 <=2.1.0) +11 more potentially affected by CVE-2023-34478 via org.apache.shiro:shiro-web (>=2.0.0-alpha-1 <=2.0.0-alpha-2)

org.apache.shiro:shiro-web MAVEN version =2.0.0-alpha-1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-1, =2.0.0-alpha-2 Source cves: CVE-2023-34478 Source advisory: OSV:GHSA-PMHC-2G4F-85CG...

ca.ibodrov.concord:testcontainers-concord-core (>=2.0.0 <=2.0.2), ca.ibodrov.mica:mica-concord-server-plugin (>=0.0.2 <=0.0.21) +257 more potentially affected by CVE-2023-34478 via org.apache.shiro:shiro-web (>=1.0.0-incubating <=1.11.0)

org.apache.shiro:shiro-web MAVEN version =1.0.0-incubating, =2.0.0, =0.0.2, =2.2.0, =2.2.0, =2.2.0, =2.8.0, =2.8.0, =2.8.0, =2.8.0, =3.0.0, =2.8.0, =5.0, =5.0, =5.5 and more Source cves: CVE-2023-34478 Source advisory: OSV:GHSA-PMHC-2G4F-85CG...

CVE-2023-34478

Apache Shiro prior to 1.12.0 or 2.0.0-alpha-3 is vulnerable to a path traversal issue that can enable an authentication bypass when used with APIs or web frameworks that route requests based on non-normalized paths. Affected versions include Shiro before 1.12.0 and 2.0.0-alpha-3, with the mitigat...

CVE-2022-34478

creationtimestamp| type| source ---|---|--- 2022-12-22 22:23:55+00:00| seen| https://t.me/cibsecurity/55159 2025-10-01 21:02:27+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m25wrraazo26...

CVE-2022-34478

The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild although we know of none exploited through Thunderbird, so in this release...

CVE-2022-34478

The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild although we know of none exploited through Thunderbird, so in this release...

CVE-2022-34478

Summary: CVE-2022-34478 affects Thunderbird on Windows, where the ms-msdt, search, and search-ms protocols could deliver content to Microsoft apps via prompts opened by user interaction. The underlying risk is exploitation of a prompt-based handling in these protocols that bypasses the browser. T...

CVE-2022-34478

The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild although we know of none exploited through Thunderbird, so in this release...

CVE-2022-34478

The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild although we know of none exploited through Thunderbird, so in this release...

CVE-2022-34478

The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild although we know of none exploited through Thunderbird, so in this release...