CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/07 2:58 p.m.•14 views

CVE-2026-9828

A flaw was found in logback. An attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer could exploit a deserialization of untrusted data vulnerability, allowing for object injection. This could enable the instantiation of objects from certain Java classes...

6.3CVSS6.4AI score0.0037EPSS

SUSE CVE•added 2026/06/02 1:44 a.m.•10 views

SUSE CVE-2026-10532

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection, albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer...

6.3CVSS6.4AI score0.00342EPSS

Exploits0References3

NVD•added 2026/06/01 1:16 p.m.•13 views

CVE-2026-10532

6.3CVSS0.00342EPSS

ATTACKERKB•added 2026/06/01 11:30 a.m.•10 views

CVE-2026-10532

6.3CVSS6.4AI score0.00342EPSS

EUVD•added 2026/06/01 11:30 a.m.•9 views

EUVD-2026-33632

6.3CVSS6.4AI score0.00342EPSS

Positive Technologies•added 2026/06/01 12:0 a.m.•14 views

PT-2026-45408

Name of the Vulnerable Software and Affected Versions logback-core versions prior to 1.5.34 Description Deserialization of untrusted data in the HardenedObjectInputStream module allows for Object Injection, although the impact is heavily restricted. An attacker capable of influencing serialized...

6.3CVSS6.1AI score0.00342EPSS

Exploits0References11

Tenable Nessus•added 2026/05/29 12:0 a.m.•14 views

Linux Distros Unpatched Vulnerability : CVE-2026-9828

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albei...

6.3CVSS6.5AI score0.0037EPSS

Exploits0References3

NVD•added 2026/05/28 2:16 p.m.•11 views

CVE-2026-9828

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer c...

6.3CVSS0.0037EPSS

ATTACKERKB•added 2026/05/28 12:52 p.m.•9 views

CVE-2026-9828

2.1CVSS6.4AI score0.0037EPSS

CNNVD•added 2026/05/28 12:0 a.m.•6 views

logback-core 安全漏洞

logback-core is the core module of the QOS.CH open-source logging framework. Versions of logback-core 1.5.32 and earlier contain security vulnerabilities. These vulnerabilities stem from the HardenedObjectInputStream module’s ability to deserialize untrusted data, which may lead to object injecti...

6.3CVSS5.8AI score0.0037EPSS

IBM Security Bulletins•added 2026/05/25 4:54 p.m.•12 views

Security Bulletin: A logback-core-1.5.18.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in logback-core-1.5.18.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in conditional configuration file processing by QOS.C...

5.9CVSS6.2AI score0.00151EPSS

IBM Security Bulletins•added 2026/05/25 4:49 p.m.•10 views

Security Bulletin: A logback-core-1.5.18.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in logback-core-1.5.18.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2026-1225 DESCRIPTION: ACE vulnerability in configuration file processing by QOS.CH logback-cor...

1.8CVSS6AI score0.00151EPSS

IBM Security Bulletins•added 2026/05/05 9:41 a.m.•6 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses logback-core-1.5.21.jar which is vulnerable to CVE-2026-1225

Summary IBM Maximo Application Suite - Visual Inspection component uses logback-core-1.5.21.jar which is vulnerable to CVE-2026-1225, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-1225 DESCRIPTION: ACE vulnerability in...

1.8CVSS5.7AI score0.00151EPSS

IBM Security Bulletins•added 2026/04/27 7:44 a.m.•8 views

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses logback-core-1.5.21.jar, spring-web-6.2.14.jar, pygments-2.19.2-py3-none-any.whl, and cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl, which are vulnerable to CVE-2026-1225, CVE-2026-22735, CVE-2026-4539, and CVE-2026-34073. This bulletin contains information...

6.3CVSS4.6AI score0.00156EPSS

IBM Security Bulletins•added 2026/04/16 2:40 p.m.•5 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use os qOS.ch Logback-core

Summary Due to use of qOS.ch Logback-core, DevOps Test Performance and Rational Performance Tester contain a potential Remote Code Execution RCE vulnerability. Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in conditional configuration file processing by QOS.CH...

5.9CVSS6.3AI score0.00151EPSS