CVE-2025-41061

appRain CMF 4.0.5 contains a stored authenticated XSS vulnerability in the /apprain/developer/addons/update/uploadify endpoint, caused by insufficient validation of user input in data[Addon][layouts] and data[Addon][layouts_except]. Public descriptions from CNVD/CNNVD and SNYK corroborate that th...

CVE-2025-41049 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/appform...

NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN

...

PT-2025-35930

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...

Jump over ASLR - Branch Predictors

This project demonstrates applied research in C that illustrates concepts related to branch predictors, speculative execution, and cache-based side channels in the context of Address Space Layout Randomization ASLR...

Linux Distros Unpatched Vulnerability : CVE-2025-54812

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HT...

Exploit for Out-of-bounds Write in Apple Macos

CVE-2025-31200: CoreAudio APAC Channel Remapping Buffer Overfl...

Apache Log4cxx Cross-Site Scripting Vulnerability

Apache Log4cxx is the United States Apache Apache Foundation of a C + + logging framework patterned on Apache log4j . A cross-site scripting vulnerability exists in Apache Log4cxx versions prior to 1.5.0, which stems from HTMLLayout not properly escaping logger names, and can be exploited by an...

CVE-2025-54812

A flaw was found in log4cxx. When using HTMLLayout, logger names are not properly escaped. This vulnerability allows an attacker to provide untrusted data as a logger name to inject arbitrary HTML content into log output files. This issue can lead to cross-site scripting vulnerabilities if the HT...

CVE-2025-54813

A flaw was found in apache-log4cxx. When utilizing JSONLayout, the component fails to properly escape certain payload bytes, allowing attacker-supplied messages containing specific non-printable characters to be passed through unescaped. This allows an attacker to inject arbitrary data into log...

Improper Output Neutralization for Logs

Overview Affected versions of this package are vulnerable to Improper Output Neutralization for Logs in the HTMLLayout class. An attacker can execute arbitrary HTML or JavaScript code by injecting malicious content into the logger name, which is then written to the HTML log file and subsequently...

CVE-2025-54813

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON...

CVE-2025-54812

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HTML file. If untrusted data is used to retrieve the name of a logger, an attacker could theoretically inject HTML or Javascript in order t...

UBUNTU-CVE-2025-54813

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON...

CVE-2025-54812 Apache Log4cxx: Improper HTML escaping in HTMLLayout

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HTML file. If untrusted data is used to retrieve the name of a logger, an attacker could theoretically inject HTML or Javascript in order t...

CVE-2025-54812 Apache Log4cxx: Improper HTML escaping in HTMLLayout

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HTML file. If untrusted data is used to retrieve the name of a logger, an attacker could theoretically inject HTML or Javascript in order t...

CVE-2025-54813 Apache Log4cxx: Improper escaping with JSONLayout

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON...

Apache Log4cxx 安全漏洞

Apache Log4cxx is the United States Apache Apache Foundation of a C + + logging framework patterned on Apache log4j . A cross-site scripting vulnerability exists in Apache Log4cxx versions prior to 1.5.0, which stems from HTMLLayout not properly escaping logger names, and can be exploited by an...

Apache Log4cxx 安全漏洞

Apache Log4cxx is the United States Apache Apache Foundation of a C + + logging framework patterned on Apache log4j . An input validation error vulnerability exists in Apache Log4cxx versions prior to 1.5.0, which stems from JSONLayout not properly escaping all payload bytes, and can be exploited...

SUSE SLES15 Security Update : kernel (SUSE-SU-2025:02923-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02923-1 advisory. The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes. The following security bugs...