Lucene search
K

33 matches found

Tenable Nessus
Tenable Nessus
added 2 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-49844

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issu...

7.5CVSS6.2AI score0.0078EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43102

Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issue affects Apache Log4j API versions 2.13.1 through 2.25.4 and version 2.26.0. The fix for CVE-2026-34481 did not cover all code paths: wh...

6.3CVSS6.1AI score0.0078EPSS
Exploits0References5
NVD
NVD
added 5 days ago6 views

CVE-2026-49844

Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issue affects Apache Log4j API versions 2.13.1 through 2.25.4 and version 2.26.0. The fix for CVE-2026-34481 did not cover all code paths: wh...

6.3CVSS0.0078EPSS
Exploits0References4
OSV
OSV
added 5 days ago4 views

CVE-2026-49844 Apache Log4j API: Improper serialization of non-finite floating-point values in MapMessage.asJson()

Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issue affects Apache Log4j API versions 2.13.1 through 2.25.4 and version 2.26.0. The fix for CVE-2026-34481 did not cover all code paths: wh...

6.3CVSS6.2AI score0.0078EPSS
Exploits0References7
CVE
CVE
added 5 days ago53 views

CVE-2026-49844

CVE-2026-49844 describes an issue in the Apache Log4j API where MapMessage.asJson() can emit non-finite IEEE 754 values (NaN, Infinity, -Infinity) as bare tokens during JSON serialization. This affects Log4j API versions 2.13.1–2.25.4 and 2.26.0. The fault occurs when a MapMessage contains an att...

6.3CVSS6.1AI score0.0078EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-57319

Name of the Vulnerable Software and Affected Versions Apache Log4j API versions 2.13.1 through 2.25.4 Apache Log4j API version 2.26.0 Description Improper encoding of non-finite IEEE 754 floating-point values NaN, Infinity, or -Infinity during MapMessage JSON serialization produces output that is...

6.3CVSS6.1AI score0.0078EPSS
Exploits0References7
Snyk
Snyk
added 2026/06/17 2:2 p.m.7 views

Improper Validation of Specified Type of Input

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to improper validation of the temperature parameter while sampling. An attacker can cause the...

8.7CVSS5.9AI score0.00261EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.19 views

SUSE SLED15 / SLES15 Security Update : log4j (SUSE-SU-2026:1843-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1843-1 advisory. - CVE-2026-34477: TLS connections vulnerable to interception due to incomplete hostname verification...

7.5CVSS5.8AI score0.0086EPSS
Exploits1References13
SUSE Linux
SUSE Linux
added 2026/05/13 3:24 p.m.8 views

Security update for log4j

This update for log4j fixes the following issues: CVE-2026-34477: TLS connections vulnerable to interception due to incomplete hostname verification configuration checks bsc1262050. CVE-2026-34479: silent log event loss due to improper XML escaping in Log4j1XmlLayout bsc1262091. CVE-2026-34480:...

6.5CVSS5.8AI score0.0086EPSS
Exploits1References16
OSV
OSV
added 2026/05/13 3:24 p.m.4 views

SUSE-SU-2026:1843-1 Security update for log4j

This update for log4j fixes the following issues: - CVE-2026-34477: TLS connections vulnerable to interception due to incomplete hostname verification configuration checks bsc1262050. - CVE-2026-34479: silent log event loss due to improper XML escaping in Log4j1XmlLayout bsc1262091. -...

7.5CVSS5.8AI score0.0086EPSS
Exploits1References9
Snyk
Snyk
added 2026/05/11 2:53 p.m.14 views

Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the emission of non-finite color values in the content stream. An attacker can cause PDF viewers to reject the content stream, affected page, or entire document by supplying special...

5.3CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/11 2:53 p.m.13 views

oxidize-pdf: NaN/inf bypass in colour content-stream emission causes PDF rejection (DoS)

Impact oxidize-pdf defines Color as a pub enum with public tuple-struct variants Rgbf64, f64, f64, Grayf64, and Cmykf64, f64, f64, f64. The constructors Color::rgb, Color::gray, and Color::cmyk clamp incoming components to 0.0, 1.0, but because the variants are pub, callers can construct values...

5.9AI score
Exploits0References2Affected Software2
Snyk
Snyk
added 2026/05/11 2:53 p.m.8 views

Improper Validation of Specified Quantity in Input

Overview oxidize-pdf is a Python bindings for oxidize-pdf — generate, parse, split, merge, and manipulate PDF files Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the emission of non-finite color values in the content stream. An attacker...

5.3CVSS5.8AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/14 11:26 p.m.17 views

SUSE CVE-2026-34481

Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...

5.3CVSS6.1AI score0.00555EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/12 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-34481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces inval...

7.5CVSS6.1AI score0.0078EPSS
Exploits0References4
Veracode
Veracode
added 2026/04/11 5:22 a.m.6 views

Improper Output Handling

Apache Log4j is vulnerable to Improper Output Handling. The vulnerability is due to JsonTemplateLayout generating invalid JSON when processing non-finite floating-point values e.g., NaN, Infinity, which are not compliant with RFC 8259, allowing attacker-controlled data in log events to produce...

7.5CVSS5.8AI score0.00555EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/04/10 6:31 p.m.13 views

EUVD-2026-21412

Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...

6.3CVSS5.8AI score0.00555EPSS
Exploits0References7
OSV
OSV
added 2026/04/10 6:31 p.m.5 views

GHSA-W35J-PV5H-Q9Q9 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout

Apache Log4j's JsonTemplateLayout, in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to ind...

6.3CVSS5.8AI score0.00555EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/04/10 6:31 p.m.9 views

Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout

Apache Log4j's JsonTemplateLayout, in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to ind...

7.5CVSS5.8AI score0.00555EPSS
Exploits0References8Affected Software1
Snyk
Snyk
added 2026/04/10 5:6 p.m.2 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output when JsonTemplateLayout logs a MapMessage. An attacker can cause downstream log processing systems to reject or fail to index affected records by supplying non-finite floating-point values such as...

7.7CVSS5.3AI score0.00555EPSS
Exploits0References2
Rows per page
Query Builder