238 matches found
CVE-2025-66150
Missing Authorization vulnerability in merkulove Appender appender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appender: from n/a through = 1.1.1...
PT-2026-3646
Name of the Vulnerable Software and Affected Versions logback-core versions prior to 1.5.25 Description A configuration file processing issue exists in QOS.CH logback-core, potentially allowing an attacker to instantiate classes already present on the system's class path by manipulating a logback...
EUVD-2025-206066
Missing Authorization vulnerability in merkulove Appender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appender: from n/a through 1.1.1...
CVE-2025-66150
Missing Authorization vulnerability in merkulove Appender appender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appender: from n/a through = 1.1.1...
CVE-2025-66150 WordPress Appender plugin <= 1.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Appender appender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appender: from n/a through = 1.1.1...
CVE-2025-66150
Technical details for CVE-2025-66150 (Appender WordPress plugin: Missing Authorization) are not publicly provided in the supplied documents. No vendor/version/impact information is disclosed here. Monitor for official advisories or updates from trusted sources.
CVE-2025-66150 WordPress Appender plugin <= 1.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Appender appender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appender: from n/a through = 1.1.1...
WordPress Appender plugin <= 1.1.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Appender versions = 1.1.1...
WordPress plugin Appender 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2025-54432
Name of the Vulnerable Software and Affected Versions merkulove Appender versions through 1.1.1 Description A missing authorization issue exists in merkulove Appender, allowing exploitation due to incorrectly configured access control security levels. Recommendations At the moment, there is no...
CVE-2025-68161
The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostName configuration attribut...
SUSE CVE-2025-68161
The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostName configuration attribut...
Apache Log4j 2.x < 2.25.3 Missing TLS Hostname Verification Vulnerability - Windows
Apache Log4j is prone to a missing TLS hostname verification vulnerability in the socket appender. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Apache Log4j 2.x < 2.25.3 Missing TLS Hostname Verification Vulnerability - Linux
Apache Log4j is prone to a missing TLS hostname verification vulnerability in the socket appender. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Improper Validation of Certificate with Host Mismatch
Overview org.apache.logging.log4j:log4j-core is a logging library for Java. Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to the lack of TLS hostname verification in the SocketAppender component. An attacker can intercept or redirect...
Apache Log4j does not verify the TLS hostname in its Socket Appender
The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName configuration attribute or the log4j2.sslVerifyHostName system property is set to true. This issue may allow a...
GHSA-VC5P-V9HR-52MJ Apache Log4j does not verify the TLS hostname in its Socket Appender
The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName configuration attribute or the log4j2.sslVerifyHostName system property is set to true. This issue may allow a...
CVE-2025-68161
The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostName configuration attribut...
DEBIAN-CVE-2025-68161
The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostName configuration attribut...
CVE-2025-68161
The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostName configuration attribut...