Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

28 matches found

SUSE CVE
SUSE CVEadded 2026/04/14 11:26 p.m.2 views

SUSE CVE-2026-34480

Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets producing invalid XML output whenever a log message or M...

6.5CVSS5.7AI score0.00034EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/04/13 5:23 p.m.1 views

CVE-2026-40021

A flaw was found in Apache Log4net. An attacker who can influence specific data fields within log messages can exploit this vulnerability. By injecting characters forbidden by the XML 1.0 specification, the attacker can cause an exception during log serialization, leading to the silent loss of lo...

6.3CVSS5.7AI score0.00285EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/04/12 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-34480

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize...

7.5CVSS5.8AI score0.00034EPSS
Exploits0References4
Snyk
Snykadded 2026/04/10 6:31 p.m.1 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the XmlLayout and XmlLayoutSchemaLog4J layouts due to improper sanitisation of unescaped XML 1.0 forbidden characters in MDC property keys, values, or the identity field. An attacker can cause...

6.3CVSS5.8AI score0.00285EPSS
Exploits0References2
EUVD
EUVDadded 2026/04/10 6:31 p.m.1 views

EUVD-2026-21488

Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list , in versions before 3.3.0, fail to sanitize characters forbidden by the XML 1.0...

6.3CVSS5.8AI score0.00285EPSS
Exploits0References7
EUVD
EUVDadded 2026/04/10 6:31 p.m.2 views

EUVD-2026-21490

Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx11xml11XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets in log messages, NDC, and MDC property keys and values, producin...

6.3CVSS5.8AI score0.00292EPSS
Exploits0References7
OSV
OSVadded 2026/04/10 6:31 p.m.3 views

GHSA-H383-GMXW-35V2 Apache Log4j 1 to Log4j 2 bridge: silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log...

6.9CVSS5.8AI score0.00126EPSS
Exploits1References8
EUVD
EUVDadded 2026/04/10 6:31 p.m.4 views

EUVD-2026-21410

Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets producing invalid XML output whenever a log message or M...

6.9CVSS5.8AI score0.00034EPSS
Exploits0References7
OSV
OSVadded 2026/04/10 6:31 p.m.1 views

GHSA-3PXV-7CMR-FJR4 Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters

Apache Log4j Core's XmlLayout, in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification, producing invalid XML output whenever a log message or MDC value contains such characters. The impact depends on the StAX implementation in use: JRE built-in...

6.9CVSS5.7AI score0.00034EPSS
Exploits0References8
Github Security Blog
Github Security Blogadded 2026/04/10 6:31 p.m.3 views

Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters

Apache Log4j Core's XmlLayout, in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification, producing invalid XML output whenever a log message or MDC value contains such characters. The impact depends on the StAX implementation in use: JRE built-in...

7.5CVSS5.7AI score0.00034EPSS
Exploits0References8Affected Software1
Snyk
Snykadded 2026/04/10 5:8 p.m.3 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the XMLLayout component. An attacker can cause log records to be silently dropped or fail to be indexed by injecting XML 1.0 forbidden characters into logged data, which results in invalid XML...

6.3CVSS5.8AI score0.00292EPSS
Exploits0References2
Snyk
Snykadded 2026/04/10 5:6 p.m.1 views

Improper Encoding or Escaping of Output

Overview org.apache.logging.log4j:log4j-core is a logging library for Java. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the XmlLayout plugin. An attacker can cause log events to be silently lost or malformed by injecting XML 1.0 forbidden...

7.7CVSS5.3AI score0.00034EPSS
Exploits0References2
NVD
NVDadded 2026/04/10 4:16 p.m.1 views

CVE-2026-40021

Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list , in versions before 3.3.0, fail to sanitize characters forbidden by the XML 1.0...

6.3CVSS0.00285EPSS
Exploits0References6
OSV
OSVadded 2026/04/10 4:16 p.m.1 views

DEBIAN-CVE-2026-34480

Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets producing invalid XML output whenever a log message or M...

7.5CVSS5.3AI score0.00034EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/04/10 4:16 p.m.1 views

CVE-2026-34480

Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets producing invalid XML output whenever a log message or M...

7.5CVSS5.7AI score0.00034EPSS
Exploits0References7
CVE
CVEadded 2026/04/10 3:45 p.m.5 views

CVE-2026-40023

CVE-2026-40023 concerns Apache Log4cxx XMLLayout (pre-1.7.0) that fails to sanitize XML 1.0 forbidden characters in log messages, NDC, and MDC keys/values, producing invalid XML. Conforming parsers may reject such documents, potentially dropping or failing to index affected records and impairing ...

6.3CVSS5.8AI score0.00292EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/10 3:45 p.m.0 views

CVE-2026-40023

Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx11xml11XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets in log messages, NDC, and MDC property keys and values, producin...

6.3CVSS5.8AI score0.00292EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/04/10 3:45 p.m.4 views

CVE-2026-40023 Apache Log4cxx, Apache Log4cxx (Conan), Apache Log4cxx (Brew): Silent log event loss in XMLLayout due to unescaped XML 1.0 forbidden characters

Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx11xml11XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets in log messages, NDC, and MDC property keys and values, producin...

6.3CVSS5.8AI score0.00292EPSS
Exploits0References5
CVE
CVEadded 2026/04/10 3:44 p.m.12 views

CVE-2026-40021

Apache Log4net before version 3.3.0 contains a vulnerability in XmlLayout and XmlLayoutSchemaLog4J where characters forbidden by XML 1.0 are not sanitized in MDC keys/values and the identity field. The issue causes a serialization exception and silent loss of the affected log event, which can be ...

6.3CVSS5.8AI score0.00285EPSS
Exploits0References6Affected Software1
Cvelist
Cvelistadded 2026/04/10 3:44 p.m.24 views

CVE-2026-40021 Apache Log4net: Silent log event loss in XmlLayout and XmlLayoutSchemaLog4J due to unescaped XML 1.0 forbidden characters

Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list , in versions before 3.3.0, fail to sanitize characters forbidden by the XML 1.0...

6.3CVSS0.00285EPSS
Exploits0References5
Rows per page
Query Builder