Lucene search
K

6 matches found

EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-43102

Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issue affects Apache Log4j API versions 2.13.1 through 2.25.4 and version 2.26.0. The fix for CVE-2026-34481 did not cover all code paths: wh...

6.3CVSS6.1AI score
Exploits0References5
CVE
CVE
added yesterday4 views

CVE-2026-49844

CVE-2026-49844 describes an issue in the Apache Log4j API where MapMessage.asJson() can emit non-finite IEEE 754 values (NaN, Infinity, -Infinity) as bare tokens during JSON serialization. This affects Log4j API versions 2.13.1–2.25.4 and 2.26.0. The fault occurs when a MapMessage contains an att...

6.3CVSS6.1AI score
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/04/10 6:31 p.m.6 views

io.github.braully:bpp-cobranca (>=1.0.0 <=1.0.1), org.opencadc:cadc-access-control (>=1.1.21 <=1.1.31) +78 more potentially affected by CVE-2026-34479 via org.apache.logging.log4j:log4j-1.2-api (=3.0.0-beta2)

org.apache.logging.log4j:log4j-1.2-api MAVEN version =3.0.0-beta2 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.logging.log4j:log4j-1.2-api and may be impacted: - io.github.braully:bpp-cobranca =1.0.0, =1.1.21, =1.0.8, =1.2.0, =1.1.10, =1....

7.5CVSS6.5AI score0.00535EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/10 4:52 p.m.65 views

Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerabilities(CVE-2021-45105, CVE-2021-45046)

Summary Based on current information and analysis, IBM Jazz for Service Management does not use Apache log4j-core library which is vulnerable to CVE-2021-45105, CVE-2021-45046 . However, IBM Jazz for Service Management may be impacted because the old version of Log4j-1.2-api and Log4j-api are use...

10CVSS1AI score0.99999EPSS
Exploits355Affected Software1
CERT
CERT
added 2021/12/15 12:0 a.m.1217 views

Apache Log4j allows insecure JNDI lookups

Overview Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j. CISA has published Apache Log4j Vulnerability Guidance and provides a Software List. Description Th...

10CVSS10AI score0.99999EPSS
Exploits354References22
OSV
OSV
added 2021/12/10 12:40 a.m.14 views

GHSA-JFH8-C2JP-5V3Q Remote code injection in Log4j

Summary Log4j versions prior to 2.16.0 are subject to a remote code execution vulnerability via the ldap JNDI parser. As per Apache's Log4j security guide: Apache Log4j2 =2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and...

10CVSS7.6AI score0.99999EPSS
Exploits351References75
Rows per page
Query Builder