6.3
CVE-2026-40021 - Apache Log4net: Silent log event loss in XmlLayout and XmlLayoutSchemaLog4J due to unescaped XML 1.β¦
Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.html#layout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.html#layout-list , in versions before 3.3.0, fail to sanitize characters forbidden by the XML 1.0 β¦
6.3
CVE-2026-34481 - Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in Jsβ¦
Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values (NaN, Infinity, or -Infinity), which are prohibited by RFC 8259. Tβ¦
6.9
CVE-2026-34480 - Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters
Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/#charsets producing invalid XML output whenever a log message oβ¦
6.9
CVE-2026-34479 - Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0β¦
The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log processinβ¦
6.9
CVE-2026-34478 - Apache Log4j Core: Log injection in Rfc5424Layout due to silent configuration incompatibility
Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. Two distinct issues affect useβ¦
6.3
CVE-2026-34477 - Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostnamβ¦
The fix for CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName system property, buβ¦
5.5
CVE-2026-29043 - HDF5 H5T__ref_mem_setnull Heap Buffer Overflow
HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull method. This can lead to a denial-of-service condition, and potentially further issues such as remoβ¦
6.2
CVE-2026-40227 - systemd: systemd: Denial of Service via malicious IPC API call with null element
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.
6.4
CVE-2026-40226 -
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
6.4
CVE-2026-40225 -
In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.