6.9

CVSS4.0

CVE-2026-34479 - Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0…

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log processin…

πŸ“… Published: April 10, 2026, 3:41 p.m. πŸ”„ Last Modified: April 10, 2026, 3:41 p.m.

6.9

CVSS4.0

CVE-2026-34478 - Apache Log4j Core: Log injection in Rfc5424Layout due to silent configuration incompatibility

Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. Two distinct issues affect use…

πŸ“… Published: April 10, 2026, 3:40 p.m. πŸ”„ Last Modified: April 10, 2026, 3:40 p.m.

6.3

CVSS4.0

CVE-2026-34477 - Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostnam…

The fix for CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName system property, bu…

πŸ“… Published: April 10, 2026, 3:36 p.m. πŸ”„ Last Modified: April 10, 2026, 3:36 p.m.

5.5

CVSS3.1

CVE-2026-29043 - HDF5 H5T__ref_mem_setnull Heap Buffer Overflow

HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull method. This can lead to a denial-of-service condition, and potentially further issues such as remo…

πŸ“… Published: April 10, 2026, 3:35 p.m. πŸ”„ Last Modified: April 10, 2026, 3:35 p.m.

6.2

CVSS3.1

CVE-2026-40227 -

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.

πŸ“… Published: April 10, 2026, 3:19 p.m. πŸ”„ Last Modified: April 10, 2026, 4:16 p.m.

6.4

CVSS3.1

CVE-2026-40226 -

In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.

πŸ“… Published: April 10, 2026, 3:18 p.m. πŸ”„ Last Modified: April 10, 2026, 4:16 p.m.

6.4

CVSS3.1

CVE-2026-40225 -

In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.

πŸ“… Published: April 10, 2026, 3:16 p.m. πŸ”„ Last Modified: April 10, 2026, 4:16 p.m.

6.7

CVSS3.1

CVE-2026-40224 -

In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.

πŸ“… Published: April 10, 2026, 3:14 p.m. πŸ”„ Last Modified: April 10, 2026, 4:16 p.m.

8.6

CVSS4.0

CVE-2026-29002 - CouchCMS Privilege Escalation via f_k_levels_list Parameter

CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accounts by tampering with the f_k_levels_list parameter in user creation requests. Attackers can modify the parameter value from 4 to 10 in the HTTP request body to bypass author…

πŸ“… Published: April 10, 2026, 3:11 p.m. πŸ”„ Last Modified: April 10, 2026, 4:20 p.m.

4.7

CVSS3.1

CVE-2026-40223 -

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.

πŸ“… Published: April 10, 2026, 3:10 p.m. πŸ”„ Last Modified: April 10, 2026, 4:16 p.m.
Total resulsts: 343879
Page 11 of 34,388
Β« previous page Β» next page
Filters