Lucene search
K

193 matches found

RedHat Linux
RedHat Linux
added 5 days ago4 views

org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging

A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML outpu...

7.5CVSS5.9AI score0.0086EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 5 days ago5 views

org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames

A flaw was found in Apache Log4j Core. This vulnerability allows for log injection through the use of Carriage Return Line Feed CRLF sequences. This occurs because security-related configuration attributes were silently renamed, impacting users who directly configure Rfc5424Layout with stream-bas...

7.5CVSS6.4AI score0.00831EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.3 views

org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging

A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML outpu...

7.5CVSS5.9AI score0.0086EPSS
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 10:42 a.m.7 views

Security Bulletin: Multiple Vulnerabilities affects IBM License Metric Tool v9

Summary Multiple vulnerabilities have been addressed in components used by IBM License Metric Tool Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when...

7.5CVSS5.8AI score0.0086EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/06/21 8:3 a.m.21 views

ROOT-APP-MAVEN-CVE-2026-34478 CVE-2026-34478 in io.root.org.apache.logging.log4j:log4j-core - Patched by Root

Root has patched CVE-2026-34478 in the io.root.org.apache.logging.log4j:log4j-core package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.00831EPSS
Exploits0
OSV
OSV
added 2026/06/21 8:3 a.m.7 views

ROOT-APP-MAVEN-CVE-2025-68161 CVE-2025-68161 in io.root.org.apache.logging.log4j:log4j-core - Patched by Root

Root has patched CVE-2025-68161 in the io.root.org.apache.logging.log4j:log4j-core package for Root:Maven. Multiple fixed versions available...

4.8CVSS5.8AI score0.00743EPSS
Exploits1
OSV
OSV
added 2026/06/21 8:3 a.m.18 views

ROOT-APP-MAVEN-CVE-2026-34480 CVE-2026-34480 in io.root.org.apache.logging.log4j:log4j-core - Patched by Root

Root has patched CVE-2026-34480 in the io.root.org.apache.logging.log4j:log4j-core package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.0086EPSS
Exploits0
OSV
OSV
added 2026/06/21 8:3 a.m.16 views

ROOT-APP-MAVEN-CVE-2026-34477 CVE-2026-34477 in io.root.org.apache.logging.log4j:log4j-core - Patched by Root

Root has patched CVE-2026-34477 in the io.root.org.apache.logging.log4j:log4j-core package for Root:Maven. Multiple fixed versions available...

5.9CVSS5.8AI score0.00395EPSS
Exploits0
OSV
OSV
added 2026/06/21 7:54 a.m.10 views

ROOT-APP-MAVEN-CVE-2021-44832 CVE-2021-44832 in io.root.org.apache.logging.log4j:log4j-core - Patched by Root

Root has patched CVE-2021-44832 in the io.root.org.apache.logging.log4j:log4j-core package for Root:Maven. Multiple fixed versions available...

8.5CVSS7.6AI score0.97906EPSS
Exploits9
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/19 8:43 a.m.6 views

Security Bulletin: Multiple Vulnerabilities affect IBM Decision Optimization for Cloud Pak for Data.

Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 5.3.1 patch 6 Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname...

9.3CVSS6.3AI score0.00952EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 4:1 p.m.6 views

Security Bulletin: Multiple Vulnerabilities in IBM Datacap

Summary Multiple vulnerabilities were addressed in IBM Datacap version 9.1.9 Interim Fix 008. Vulnerability Details CVEID:CVE-2026-45205 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a...

7.5CVSS5AI score0.00743EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 9:17 p.m.8 views

Security Bulletin: The Apache Log4J 2 package that is shipped with IBM ApplinX is vulnerable to multiple vulnerabilities (CVE-2026-34480, CVE-2026-34477, CVE-2026-34478, CVE-2026-34479).

Summary The Apache Log4J 2 package that is shipped with IBM ApplinX is vulnerable to an Improper Encoding or Escaping of Output vulnerability, an Improper Validation of Certificate with Host Mismatch vulnerability and an Improper Output Neutralization for Logs vulnerability CVE-2026-34480,...

7.5CVSS6.4AI score0.0086EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/03 4:27 a.m.12 views

Security Bulletin: Due to use of log4j-core-2.25.3.jar, IBM Sterling Connect:Direct Web Services is vulnerable to log injection via CRLF sequences.

Summary log4j-core-2.25.3.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-34477, CVE-2026-34478, CVE-2026-34479, CVE-2026-34480. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplet...

7.5CVSS5.7AI score0.0086EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 12:15 p.m.22 views

Security Bulletin: Multiple Vulnerabilities in Apache Log4j Core shipped in Tivoli Netcool/OMNIbus

Summary The Netcool/Omnibus 'Administrator GUI' and 'Accelerated Event Notification GUI' desktop components use a version of Apache Log4j that contains known vulnerabilities. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in...

7.5CVSS6.5AI score0.0086EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 9:56 a.m.14 views

Security Bulletin: There is a vulnerability in log4j-core-2.25.3.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-34477, CVE-2026-34478, CVE-2026-34480)

Summary There is a vulnerability in log4j-core-2.25.3.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed...

7.5CVSS6.5AI score0.0086EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 9:54 a.m.17 views

Security Bulletin: There is a vulnerability in log4j-core-2.25.3.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-34477, CVE-2026-34478, CVE-2026-34480)

Summary There is a vulnerability in log4j-core-2.25.3.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed...

7.5CVSS6.5AI score0.0086EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 8:56 a.m.15 views

Security Bulletin: There is a vulnerability in log4j-core-2.25.3.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-34480 ,CVE-2026-34477, CVE-2026-34478, CVE-2026-34479)

Summary There is a vulnerability in log4j-core-2.25.3.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed...

7.5CVSS6.5AI score0.0086EPSS
Exploits1Affected Software1
GithubExploit
GithubExploit
added 2026/05/28 8:38 a.m.344 views

osv-java-poc

OSV Scanner CVE Detection POC — Vulnerable Java App ⚠️ WA...

10CVSS7.2AI score0.99999EPSS
Exploits475
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/27 5:36 p.m.14 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in Apache Log4j

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in Apache Log4j. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname...

7.5CVSS6.4AI score0.0086EPSS
Exploits2Affected Software1
GithubExploit
GithubExploit
added 2026/05/26 1:35 p.m.95 views

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4shell-poc-maven ⚠️ INTENTIONALLY VULNERABLE FOR SCA T...

10CVSS7AI score0.99999EPSS
Exploits352
Rows per page
Query Builder