Lucene search
K

19 matches found

Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.8 views

PT-2026-49121

This crate provides Rust bindings to SPHINCS+/SLH-DSA FIPS 205 via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As a result,...

5.3AI score
Exploits0References4
EUVD
EUVD
added 2026/04/10 6:31 p.m.3 views

EUVD-2026-21409

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log...

6.9CVSS5.8AI score0.00535EPSS
Exploits1References7
OSV
OSV
added 2026/04/10 6:31 p.m.4 views

GHSA-H383-GMXW-35V2 Apache Log4j 1 to Log4j 2 bridge: silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log...

6.9CVSS5.8AI score0.00535EPSS
Exploits1References8
NVD
NVD
added 2026/04/10 4:16 p.m.6 views

CVE-2026-34479

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log...

7.5CVSS0.00535EPSS
Exploits1References6
OSV
OSV
added 2026/04/10 4:16 p.m.9 views

UBUNTU-CVE-2026-34479

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log...

7.5CVSS5.8AI score0.00535EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/04/10 3:41 p.m.3 views

CVE-2026-34479 Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log...

6.9CVSS5.8AI score0.00535EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2026/04/10 3:41 p.m.4 views

CVE-2026-34479

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log...

7.5CVSS5.2AI score0.00535EPSS
Exploits1
Spring Security Advisories
Spring Security Advisories
added 2025/10/07 12:0 a.m.6 views

Introducing Jackson 3 support in Spring

This is a new blog post in the Road to GA series, this time sharing more details on the new Jackson 3 support, just a few days after Jackson 3.0.0 GA release, about to be introduced in Spring Boot 4 and related Spring portfolio projects. Jackson is by far the most used JSON library on the JVM, an...

6.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/27 11:44 p.m.11 views

CVE-2025-30222

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

5.9CVSS6.7AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/25 11:0 p.m.11 views

CVE-2025-30222 Shescape has potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

5.9CVSS0.0018EPSS
Exploits0References4
CVE
CVE
added 2025/03/25 11:0 p.m.72 views

CVE-2025-30222

Shescape vulnerability (CVE-2025-30222) affects versions 1.7.2–2.1.1 of the JavaScript shell-escape library. On Windows, when shell: 'cmd.exe' or shell: true is configured and any of quote/quoteAll/escape/escapeAll is used, an attacker may gain read-only access to environment variables due to env...

5.9CVSS7AI score0.0018EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/25 11:0 p.m.4 views

CVE-2025-30222 Shescape has potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

5.9CVSS7AI score0.0018EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.6 views

PT-2024-33272 · Unknown · Messagepack-Csharp

Name of the Vulnerable Software and Affected Versions: MessagePack-CSharp versions prior to 2.5.187 and 3.0.214 Description: The vulnerability occurs when the library is used to deserialize messagepack data from an untrusted source, leading to a risk of a denial of service attack by an attacker...

8.7CVSS6.8AI score0.00356EPSS
Exploits0References12
Friends Of PHP
Friends Of PHP
added 2024/04/24 12:2 p.m.37 views

mdanter/ecc affected by timing vulnerability in cryptographic side-channels

phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...

4.3CVSS4.5AI score0.00408EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2024/04/24 12:0 a.m.16 views

Cryptographic side-channels in PHPECC

ECDSA Canonicalization PHPECC is vulnerable to malleable ECDSA signature attacks. Constant-Time Signer When generating a new ECDSA signature, the GMPMath adapter was used. This class wraps the GNU Multiple Precision arithmetic library GMP, which does not aim to provide constant-time implementatio...

6.5AI score
Exploits0Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2023/01/17 11:0 a.m.21 views

The new Spring Boot version validation and upgrade support in Spring Tools

New releases of Spring Boot are being released on a quite frequent schedule and updating your projects to newer versions of Spring Boot is something that many teams and organizations around the globe do as part of their daily work. Sometimes those upgrades are simple and easy, for example for new...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/01/17 12:0 a.m.15 views

The new Spring Boot version validation and upgrade support in Spring Tools

New releases of Spring Boot are being released on a quite frequent schedule and updating your projects to newer versions of Spring Boot is something that many teams and organizations around the globe do as part of their daily work. Sometimes those upgrades are simple and easy, for example for new...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2022/05/24 4:0 p.m.17 views

Preparing for Spring Boot 3.0

Spring Boot 2.0 was the first release in the 2.x line and was published on Feburary 28th 2018. Weve just released Spring Boot 2.7 which means that, so far, weve been maintaining the 2.x line for just over 4 years. In total weve published 95 distinct releases over that timeframe! The entire Spring...

0.2AI score
Exploits0
Debian
Debian
added 2008/07/08 5:3 p.m.45 views

[SECURITY] [DSA 1604-1] BIND 8 deprecation notice

------------------------------------------------------------------------ Debian Security Advisory DSA-1604-1 [email protected] http://www.debian.org/security/ Florian Weimer July 08, 2008 http://www.debian.org/security/faq -...

6.8CVSS6.8AI score0.95182EPSS
Exploits20
Rows per page
Query Builder