18 matches found
CVE-2026-13006
A flaw was found in logback-core, a logging framework for Java applications. This vulnerability allows an attacker with existing privileges and write access to a configuration file, or the ability to inject a malicious environment variable, to execute arbitrary code. This can be achieved by...
DEBIAN-CVE-2026-13006
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.36 in Java applications, allows an attacker to execute arbitrary code circumventing existing protections against CVE-2025-11226 by compromising an existing logback configuration...
CVE-2026-13006
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.36 in Java applications, allows an attacker to execute arbitrary code circumventing existing protections against CVE-2025-11226 by compromising an existing logback configuration...
CVE-2026-13006 Incomplete protection against CVE-2025-11226
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.36 in Java applications, allows an attacker to execute arbitrary code circumventing existing protections against CVE-2025-11226 by compromising an existing logback configuration...
CVE-2026-13006 Incomplete protection against CVE-2025-11226
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.36 in Java applications, allows an attacker to execute arbitrary code circumventing existing protections against CVE-2025-11226 by compromising an existing logback configuration...
CVE-2026-13006
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.35 in Java applications, allows an attacker to execute arbitrary code circumventing existing protections against CVE-2025-11226 by compromising an existing logback configuration...
PT-2026-51676
Name of the Vulnerable Software and Affected Versions logback-core versions prior to 1.5.35 Description An arbitrary code execution issue exists in the conditional configuration file processing of Java applications. An attacker can execute arbitrary code by compromising an existing logback...
Security Bulletin: Logback-Core ≤1.5.18 Conditional Config Processing Flaw Enables ACE via Malicious Config or Env Variable
Summary ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before...
EUVD-2025-31861
A vulnerability was detected in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/editorderdetails.php. The manipulation of the argument orderid results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...
SUSE CVE-2025-11226
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...
GHSA-25QH-J22F-PWP8 QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing
QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment...
QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing
QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment...
CVE-2025-11226
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...
CVE-2025-11226
CVE-2025-11226 is an ACE vulnerability in logback-core’s conditional configuration file processing. The attackable path is present in Java applications using logback-core versions up to 1.5.18 (some sources reference up to 1.5.34); exploitation can enable arbitrary code execution by compromising ...
CVE-2025-11226 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...
CVE-2025-11226
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...
QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing
QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment...
PT-2022-16896 · Jai-Ext +2 · Jai-Ext +2
Name of the Vulnerable Software and Affected Versions: JAI-EXT versions prior to 1.2.22 GeoServer affected versions not specified Description: Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via...