GHSA-W35J-PV5H-Q9Q9 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout

Apache Log4j's JsonTemplateLayout, in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to ind...

CVE-2026-34480 Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters

Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets producing invalid XML output whenever a log message or M...

CVE-2026-34478

CVE-2026-34478 (Log4j Core) affects Apache Log4j Core 2.21.0 through 2.25.3 and involves CRLF log-injection risks in stream-based syslog output due to undocumented renames of configuration attributes in Rfc5424Layout. Specifically, the newLineEscape attribute was silently renamed, breaking newlin...

Security Bulletin: Vulnerablity in Apache Log4j may affect IBM APM Internet Service Monitoring Agent

Summary There is a vulnerability in the Apache log4j library used by IBM APM Internet Service Monitoring Agent. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer...

Linux Distros Unpatched Vulnerability : CVE-2023-53952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through th...

CVE-2023-53952

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...

CVE-2023-53952 Dotclear 2.25.3 Authenticated Remote Code Execution via File Upload

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...

PT-2025-52523

Name of the Vulnerable Software and Affected Versions Dotclear version 2.25.3 Description Dotclear version 2.25.3 contains a remote code execution issue. Authenticated attackers can upload malicious PHP files with a .phar extension through the blog post creation interface. Uploading files...

CVE-2025-68161

CVE-2025-68161 affects Apache Log4j Core Socket Appender (versions 2.0-beta9–2.25.2). Root cause: TLS hostname verification is not performed for peer certificates when configured via verifyHostName or the log4j2.sslVerifyHostName setting. Impact: potential MITM interception/redirection of log tra...

CVE-2023-32513

Deserialization of Untrusted Data vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.3...

CSV Injection

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to CSV Injection through the csvexport.php API. An attacker can execute arbitrary code or access sensitive information by embedding malicious formulas in the CSV content that is executed when the...

Security fix for the ALT Linux 9 package git version 2.25.3-alt1

2.25.3-alt1 built April 15, 2020 Dmitry V. Levin in task 249983 --- March 18, 2020 Dmitry V. Levin - 2.25.2 - 2.25.3 fixes: CVE-2020-5260...

Security fix for the ALT Linux 10 package git version 2.25.3-alt1

March 18, 2020 Dmitry V. Levin 2.25.3-alt1 - 2.25.2 - 2.25.3 fixes: CVE-2020-5260...