{"openapi":"3.1.0","info":{"title":"CVE Vulnerability API","version":"1.0.0","description":"Look up software vulnerabilities by their CVE identifier and get clean, structured details — title, description, CVSS score, severity and vector, CWE weakness types, affected vendors and products with version ranges, and reference links — plus search every CVE that affects a given vendor or product, and stream the most recently published CVEs. Sourced from the CIRCL CVE Search service over the official CVE Record 5.1 data and returned as tidy JSON through a fast, reliable API. Ideal for vulnerability management and SOC tooling, DevSecOps and SCA pipelines, security dashboards, compliance and asset-risk monitoring.","contact":{"name":"PremiumApi","url":"https://www.oanor.com/by/premiumapi"}},"servers":[{"url":"https://api.oanor.com/cve-api","description":"oanor gateway"}],"tags":[{"name":"CVE"}],"components":{"securitySchemes":{"oanorKey":{"type":"apiKey","in":"header","name":"x-oanor-key","description":"Get your key at https://www.oanor.com/developer/keys"}}},"security":[{"oanorKey":[]}],"paths":{"/v1/cve":{"get":{"operationId":"get_v1_cve","tags":["CVE"],"summary":"CVE by id","description":"","parameters":[{"name":"id","in":"query","required":true,"description":"CVE id","schema":{"type":"string"},"example":"CVE-2021-44228"}],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"id":"CVE-2021-44228","cwe":[{"id":"CWE-502","name":"CWE-502 Deserialization of Untrusted Data"},{"id":"CWE-400","name":"CWE-400 Uncontrolled Resource Consumption"},{"id":"CWE-20","name":"CWE-20 Improper Input Validation"}],"url":"https://www.cve.org/CVERecord?id=CVE-2021-44228","cvss":{"score":10,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","version":"V3.1","severity":"CRITICAL"},"state":"PUBLISHED","title":"Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints","updated":"2025-10-21T23:25:23.121Z","affected":[{"vendor":"Apache Software Foundation","product":"Apache Log4j2","versions":["2.0-beta9"]}],"assigner":"apache","published":"2021-12-10T00:00:00.000Z","references":["https://logging.apache.org/log4j/2.x/security.html","http://www.openwall.com/lists/oss-security/2021/12/10/1","http://www.openwall.com/lists/oss-security/2021/12/10/2","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd","http://www.openwall.com/lists/oss-security/2021/12/10/3","https://security.netapp.com/advisory/ntap-20211210-0007/","http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html","https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032","https://www.oracle.com/security-alerts/alert-cve-2021-44228.html","https://www.debian.org/security/2021/dsa-5020","https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/","https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/","http://www.openwall.com/lists/oss-security/2021/12/13/2","http://www.openwall.com/lists/oss-security/2021/12/13/1","http://www.openwall.com/lists/oss-security/2021/12/14/4","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd","https://www.kb.cert.org/vuls/id/930724","https://twitter.com/kurtseifried/status/1469345530182455296","https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf","http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html","http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html","http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd","http://www.openwall.com/lists/oss-security/2021/12/15/3","http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html","http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html","http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html","http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"],"description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects."},"meta":{"timestamp":"2026-05-30T18:16:46.658Z","request_id":"ced34b4f-07f0-4539-be56-d022888a3464"},"status":"ok","message":"CVE retrieved","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}},"/v1/recent":{"get":{"operationId":"get_v1_recent","tags":["CVE"],"summary":"Recently published CVEs","description":"","parameters":[{"name":"limit","in":"query","required":false,"description":"1-30 (default 20)","schema":{"type":"string"},"example":"20"}],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"count":20,"results":[{"cwe":[],"affected":[],"references":[]},{"id":"CVE-2026-10127","cwe":[{"id":"CWE-77","name":"Command Injection"},{"id":"CWE-74","name":"Injection"}],"url":"https://www.cve.org/CVERecord?id=CVE-2026-10127","cvss":{"score":5.3,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","version":"V4.0","severity":"MEDIUM"},"state":"PUBLISHED","title":"Edimax BR-6478AC POST Request formStaDrvSetup command injection","updated":"2026-05-30T16:30:08.799Z","affected":[{"vendor":"Edimax","product":"BR-6478AC","versions":["1.23"]}],"assigner":"VulDB","published":"2026-05-30T16:30:08.799Z","references":["https://vuldb.com/vuln/367304","https://vuldb.com/vuln/367304/cti","https://vuldb.com/submit/818455","https://lavender-bicycle-a5a.notion.site/EDIMAX-BR6478ACV2-formStaDrvSetup-34b53a41781f80ce9e66dbf60c71b960?source=copy_link"],"description":"A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks."},{"cwe":[],"affected":[],"references":[]},{"id":"CVE-2026-10126","cwe":[{"id":"CWE-120","name":"Buffer Overflow"},{"id":"CWE-119","name":"Memory Corruption"}],"url":"https://www.cve.org/CVERecord?id=CVE-2026-10126","cvss":{"score":8.7,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","version":"V4.0","severity":"HIGH"},"state":"PUBLISHED","title":"Edimax BR-6478AC POST Request formQoS buffer overflow","updated":"2026-05-30T16:15:07.823Z","affected":[{"vendor":"Edimax","product":"BR-6478AC","versions":["1.23"]}],"assigner":"VulDB","published":"2026-05-30T16:15:07.823Z","references":["https://vuldb.com/vuln/367303","https://vuldb.com/vuln/367303/cti","https://vuldb.com/submit/818454","https://lavender-bicycle-a5a.notion.site/EDIMAX-BR6478ACV2-formQoS-34b53a41781f804e9ddfe771c426d9b2?source=copy_link"],"description":"A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks."},{"cwe":[],"affected":[],"references":[]},{"cwe":[],"affected":[],"references":[]},{"id":"CVE-2026-8594","cwe":[{"id":"CWE-405","name":"CWE-405 Asymmetric Resource Consumption (Amplification)"},{"id":"CWE-407","name":"CWE-407 Inefficient Algorithmic Complexity"}],"url":"https://www.cve.org/CVERecord?id=CVE-2026-8594","state":"PUBLISHED","title":"Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters","updated":"2026-05-30T15:44:13.279Z","affected":[{"vendor":"NEZUMI","product":"Text::LineFold","versions":["0"]}],"assigner":"CPANSec","published":"2026-05-30T15:32:30.449Z","references":["https://metacpan.org/release/NEZUMI/Unicode-LineBreak-2019.001/source/lib/Text/LineFold.pm#L407-415","https://security.metacpan.org/patches/U/Unicode-LineBreak/2019.001/CVE-2026-8594-r1.patch","https://github.com/hatukanezumi/Unicode-LineBreak/pull/6"],"description":"Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters.\n\nText::LineFold splits the input string by specific line break characters (such as VT, FF and others) into segments, but applies the break function to the entire string, not just the segment.\n\nA side effect of this is that the full input can be duplicated for each segment.  Besides being incorrect, this can lead to unexpected resource consumption and possible denial of service.\n\nNote that Text::LineFold is part of the Unicode-LineBreak distribution, which may have a higher version number than the module."},{"cwe":[],"affected":[],"references":[]},{"id":"CVE-2026-10125","cwe":[{"id":"CWE-121","name":"Stack-based Buffer Overflow"},{"id":"CWE-119","name":"Memory Corruption"}],"url":"https://www.cve.org/CVERecord?id=CVE-2026-10125","cvss":{"score":8.7,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","version":"V4.0","severity":"HIGH"},"state":"PUBLISHED","title":"Edimax BR-6478AC POST Request formPPPoESetup stack-based overflow","updated":"2026-05-30T16:00:12.552Z","affected":[{"vendor":"Edimax","product":"BR-6478AC","versions":["1.23"]}],"assigner":"VulDB","published":"2026-05-30T16:00:12.552Z","references":["https://vuldb.com/vuln/367302","https://vuldb.com/vuln/367302/cti","https://vuldb.com/submit/818453","https://lavender-bicycle-a5a.notion.site/EDIMAX-BR6478ACV2-formPPPoESetup-34b53a41781f80a1b029cb5ca5570afa?source=copy_link"],"description":"A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used."},{"cwe":[],"affected":[],"references":[]},{"id":"CVE-2026-10124","cwe":[{"id":"CWE-121","name":"Stack-based Buffer Overflow"},{"id":"CWE-119","name":"Memory Corruption"}],"url":"https://www.cve.org/CVERecord?id=CVE-2026-10124","cvss":{"score":8.7,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","version":"V4.0","severity":"HIGH"},"state":"PUBLISHED","title":"Shibby Tomato Zserv ripd rip_zebra_read_ipv4 stack-based overflow","updated":"2026-05-30T15:45:17.819Z","affected":[{"vendor":"Shibby","product":"Tomato","versions":["1.0","1.1","1.2","1.3","1.4","1.5","1.6","1.7","1.8","1.9","1.10","1.11","1.12","1.13","1.14","1.15","1.16","1.17","1.18","1.19"]}],"assigner":"VulDB","published":"2026-05-30T15:45:17.819Z","references":["https://vuldb.com/vuln/367301","https://vuldb.com/vuln/367301/cti","https://vuldb.com/submit/818239","https://gitee.com/Fengyi-Wang/CVE/issues/IJ9FFG"],"description":"A vulnerability was determined in Shibby Tomato up to 1.28. Affected is the function rip_zebra_read_ipv4 of the file /usr/sbin/ripd of the component Zserv Handler. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer."},{"cwe":[],"affected":[],"references":[]},{"id":"CVE-2026-10123","cwe":[{"id":"CWE-121","name":"Stack-based Buffer Overflow"},{"id":"CWE-119","name":"Memory Corruption"}],"url":"https://www.cve.org/CVERecord?id=CVE-2026-10123","cvss":{"score":8.7,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","version":"V4.0","severity":"HIGH"},"state":"PUBLISHED","title":"TRENDnet TEW-432BRP formSetDomainFilter stack-based overflow","updated":"2026-05-30T15:30:09.461Z","affected":[{"vendor":"TRENDnet","product":"TEW-432BRP","versions":["3.10B20"]}],"assigner":"VulDB","published":"2026-05-30T15:30:09.461Z","references":["https://vuldb.com/vuln/367300","https://vuldb.com/vuln/367300/cti","https://vuldb.com/submit/814767","https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_10/10.md"],"description":"A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetDomainFilter of the file /goform/formSetDomainFilter. Performing a manipulation of the argument blocked_domain/permitted_domain/blocked_domain_list/permitted_domain_list results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor explains: \"This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities.\" This vulnerability only affects products that are no longer supported by the maintainer."},{"cwe":[],"affected":[],"references":[]},{"id":"CVE-2026-10122","cwe":[{"id":"CWE-121","name":"Stack-based Buffer Overflow"},{"id":"CWE-119","name":"Memory Corruption"}],"url":"https://www.cve.org/CVERecord?id=CVE-2026-10122","cvss":{"score":8.7,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","version":"V4.0","severity":"HIGH"},"state":"PUBLISHED","title":"TRENDnet TEW-432BRP formSetProtocolFilter stack-based overflow","updated":"2026-05-30T15:15:07.889Z","affected":[{"vendor":"TRENDnet","product":"TEW-432BRP","versions":["3.10B20"]}],"assigner":"VulDB","published":"2026-05-30T15:15:07.889Z","references":["https://vuldb.com/vuln/367299","https://vuldb.com/vuln/367299/cti","https://vuldb.com/submit/814766","https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_9/9.md"],"description":"A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocol_name leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor explains: \"This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities.\" This vulnerability only affects products that are no longer supported by the maintainer."},{"cwe":[],"affected":[],"references":[]},{"id":"CVE-2026-10121","cwe":[{"id":"CWE-121","name":"Stack-based Buffer Overflow"},{"id":"CWE-119","name":"Memory Corruption"}],"url":"https://www.cve.org/CVERecord?id=CVE-2026-10121","cvss":{"score":8.7,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","version":"V4.0","severity":"HIGH"},"state":"PUBLISHED","title":"TRENDnet TEW-432BRP formSetUrlFilter stack-based overflow","updated":"2026-05-30T15:00:13.791Z","affected":[{"vendor":"TRENDnet","product":"TEW-432BRP","versions":["3.10B20"]}],"assigner":"VulDB","published":"2026-05-30T15:00:13.791Z","references":["https://vuldb.com/vuln/367298","https://vuldb.com/vuln/367298/cti","https://vuldb.com/submit/814763","https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_8/8.md"],"description":"A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keyword_list/keyword causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor explains: \"This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities.\" This vulnerability only affects products that are no longer supported by the maintainer."},{"cwe":[],"affected":[],"references":[]},{"id":"CVE-2018-25426","cwe":[{"id":"CWE-120","name":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}],"url":"https://www.cve.org/CVERecord?id=CVE-2018-25426","cvss":{"score":8.7,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N","version":"V4.0","severity":"HIGH"},"state":"PUBLISHED","title":"WinMTR 0.91 Denial of Service via Buffer Overflow","updated":"2026-05-30T14:55:29.422Z","affected":[{"vendor":"Winmtr","product":"WinMTR","versions":["0.91"]}],"assigner":"VulnCheck","published":"2026-05-30T14:55:29.422Z","references":["https://www.exploit-db.com/exploits/45769","http://winmtr.net","http://winmtr.net/winmtr_download/","https://www.vulncheck.com/advisories/winmtr-denial-of-service-via-buffer-overflow"],"description":"WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload file containing a large buffer of repeated characters. Attackers can create a specially crafted input file with 238 bytes of data to trigger a buffer overflow condition that causes the application to crash."},{"cwe":[],"affected":[],"references":[]}]},"meta":{"timestamp":"2026-05-30T18:16:46.768Z","request_id":"e5398f6b-d342-4fe7-b746-3ff58410e495"},"status":"ok","message":"Recent CVEs retrieved","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}},"/v1/search":{"get":{"operationId":"get_v1_search","tags":["CVE"],"summary":"CVEs by vendor / product","description":"","parameters":[{"name":"vendor","in":"query","required":true,"description":"Vendor","schema":{"type":"string"},"example":"apache"},{"name":"product","in":"query","required":false,"description":"Product (defaults to vendor)","schema":{"type":"string"},"example":"log4j"},{"name":"page","in":"query","required":false,"description":"Page (default 1)","schema":{"type":"string"},"example":"1"},{"name":"limit","in":"query","required":false,"description":"1-50 (default 20)","schema":{"type":"string"},"example":"20"}],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"page":1,"count":5,"total":52,"vendor":"apache","product":"log4j","results":[{"id":"CVE-2026-34481","cwe":[{"id":"CWE-116","name":"CWE-116 Improper Encoding or Escaping of Output"}],"url":"https://www.cve.org/CVERecord?id=CVE-2026-34481","cvss":{"score":6.3,"vector":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N","version":"V4.0","severity":"MEDIUM"},"state":"PUBLISHED","title":"Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout","updated":"2026-04-10T17:41:38.229Z","affected":[{"vendor":"Apache Software Foundation","product":"Apache Log4j JSON Template Layout","versions":["2.14.0","3.0.0-alpha1"]}],"assigner":"apache","published":"2026-04-10T15:43:00.100Z","references":["https://github.com/apache/logging-log4j2/pull/4080","https://logging.apache.org/security.html#CVE-2026-34481","https://logging.apache.org/cyclonedx/vdr.xml","https://logging.apache.org/log4j/2.x/manual/json-template-layout.html","https://lists.apache.org/thread/n34zdv00gbkdbzt2rx9rf5mqz6lhopcv"],"description":"Apache Log4j's  JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values (NaN, Infinity, or -Infinity), which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to index affected records.\n\nAn attacker can exploit this issue only if both of the following conditions are met:\n\n  *  The application uses JsonTemplateLayout.\n  *  The application logs a MapMessage containing an attacker-controlled floating-point value.\n\n\nUsers are advised to upgrade to Apache Log4j JSON Template Layout 2.25.4, which corrects this issue."},{"id":"CVE-2026-34480","cwe":[{"id":"CWE-116","name":"CWE-116 Improper Encoding or Escaping of Output"}],"url":"https://www.cve.org/CVERecord?id=CVE-2026-34480","cvss":{"score":6.9,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N","version":"V4.0","severity":"MEDIUM"},"state":"PUBLISHED","title":"Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters","updated":"2026-04-10T17:45:07.434Z","affected":[{"vendor":"Apache Software Foundation","product":"Apache Log4j Core","versions":["2.0-alpha1","3.0.0-alpha1"]}],"assigner":"apache","published":"2026-04-10T15:42:03.843Z","references":["https://github.com/apache/logging-log4j2/pull/4077","https://logging.apache.org/security.html#CVE-2026-34480","https://logging.apache.org/cyclonedx/vdr.xml","https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout","https://lists.apache.org/thread/5x0hcnng0chhghp6jgjdp3qmbbhfjzhb"],"description":"Apache Log4j Core's  XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the  XML 1.0 specification https://www.w3.org/TR/xml/#charsets  producing invalid XML output whenever a log message or MDC value contains such characters.\n\nThe impact depends on the StAX implementation in use:\n\n  *  JRE built-in StAX: Forbidden characters are silently written to the output, producing malformed XML. Conforming parsers must reject such documents with a fatal error, which may cause downstream log-processing systems to drop the affected records.\n  *  Alternative StAX implementations (e.g.,  Woodstox https://github.com/FasterXML/woodstox , a transitive dependency of the Jackson XML Dataformat module): An exception is thrown during the logging call, and the log event is never delivered to its intended appender, only to Log4j's internal status logger.\n\n\nUsers are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue by sanitizing forbidden characters before XML output."},{"id":"CVE-2026-34479","cwe":[{"id":"CWE-116","name":"CWE-116 Improper Encoding or Escaping of Output"}],"url":"https://www.cve.org/CVERecord?id=CVE-2026-34479","cvss":{"score":6.9,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N","version":"V4.0","severity":"MEDIUM"},"state":"PUBLISHED","title":"Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters","updated":"2026-04-10T17:47:34.402Z","affected":[{"vendor":"Apache Software Foundation","product":"Apache Log4j 1 to Log4j 2 bridge","versions":["2.7","3.0.0-alpha1"]}],"assigner":"apache","published":"2026-04-10T15:41:07.888Z","references":["https://github.com/apache/logging-log4j2/pull/4078","https://logging.apache.org/security.html#CVE-2026-34479","https://logging.apache.org/cyclonedx/vdr.xml","https://logging.apache.org/log4j/2.x/migrate-from-log4j1.html","https://lists.apache.org/thread/gd0hp6mj17rn3kj279vgy4p7kd4zz5on"],"description":"The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log processing systems to drop or fail to index affected records.\n\nTwo groups of users are affected:\n\n  *  Those using Log4j1XmlLayout directly in a Log4j Core 2 configuration file.\n  *  Those using the Log4j 1 configuration compatibility layer with org.apache.log4j.xml.XMLLayout specified as the layout class.\n\n\nUsers are advised to upgrade to Apache Log4j 1-to-Log4j 2 bridge version 2.25.4, which corrects this issue.\n\nNote: The Apache Log4j 1-to-Log4j 2 bridge is deprecated and will not be present in Log4j 3. Users are encouraged to consult the  Log4j 1 to Log4j 2 migration guide https://logging.apache.org/log4j/2.x/migrate-from-log4j1.html , and specifically the section on eliminating reliance on the bridge."},{"id":"CVE-2026-34478","cwe":[{"id":"CWE-684","name":"CWE-684 Incorrect Provision of Specified Functionality"},{"id":"CWE-117","name":"CWE-117 Improper Output Neutralization for Logs"}],"url":"https://www.cve.org/CVERecord?id=CVE-2026-34478","cvss":{"score":6.9,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N","version":"V4.0","severity":"MEDIUM"},"state":"PUBLISHED","title":"Apache Log4j Core: Log injection in Rfc5424Layout due to silent configuration incompatibility","updated":"2026-04-10T17:50:12.484Z","affected":[{"vendor":"Apache Software Foundation","product":"Apache Log4j Core","versions":["2.21.0","3.0.0-beta1"]}],"assigner":"apache","published":"2026-04-10T15:40:17.713Z","references":["https://github.com/apache/logging-log4j2/pull/4074","https://logging.apache.org/security.html#CVE-2026-34478","https://logging.apache.org/cyclonedx/vdr.xml","https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout","https://lists.apache.org/thread/3k1clr2l6vkdnl4cbhjrnt1nyjvb5gwt"],"description":"Apache Log4j Core's  Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes.\n\nTwo distinct issues affect users of stream-based syslog services who configure Rfc5424Layout directly:\n\n  *  The newLineEscape attribute was silently renamed, causing newline escaping to stop working for users of TCP framing (RFC 6587), exposing them to CRLF injection in log output.\n  *  The useTlsMessageFormat attribute was silently renamed, causing users of TLS framing (RFC 5425) to be silently downgraded to unframed TCP (RFC 6587), without newline escaping.\n\n\nUsers of the SyslogAppender are not affected, as its configuration attributes were not modified.\n\nUsers are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue."},{"id":"CVE-2026-34477","cwe":[{"id":"CWE-297","name":"CWE-297 Improper Validation of Certificate with Host Mismatch"}],"url":"https://www.cve.org/CVERecord?id=CVE-2026-34477","cvss":{"score":6.3,"vector":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N","version":"V4.0","severity":"MEDIUM"},"state":"PUBLISHED","title":"Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass","updated":"2026-04-10T17:38:57.154Z","affected":[{"vendor":"Apache Software Foundation","product":"Apache Log4j Core","versions":["2.12.0","3.0.0-alpha1"]}],"assigner":"apache","published":"2026-04-10T15:36:19.740Z","references":["https://github.com/apache/logging-log4j2/pull/4075","https://logging.apache.org/security.html#CVE-2026-34477","https://logging.apache.org/cyclonedx/vdr.xml","https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName","https://lists.apache.org/thread/lkx8cl46t2bvkcwfcb2pd43ygc097lq4"],"description":"The fix for  CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68161  was incomplete: it addressed hostname verification only when enabled via the  log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName  system property, but not when configured through the  verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName  attribute of the <Ssl> element.\n\nAlthough the verifyHostName configuration attribute was introduced in Log4j Core 2.12.0, it was silently ignored in all versions through 2.25.3, leaving TLS connections vulnerable to interception regardless of the configured value.\n\nA network-based attacker may be able to perform a man-in-the-middle attack when all of the following conditions are met:\n\n  *  An SMTP, Socket, or Syslog appender is in use.\n  *  TLS is configured via a nested <Ssl> element.\n  *  The attacker can present a certificate issued by a CA trusted by the appender's configured trust store, or by the default Java trust store if none is configured.\nThis issue does not affect users of the HTTP appender, which uses a separate  verifyHostname https://logging.apache.org/log4j/2.x/manual/appenders/network.html#HttpAppender-attr-verifyHostName  attribute that was not subject to this bug and verifies host names by default.\n\nUsers are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue."}]},"meta":{"timestamp":"2026-05-30T18:16:46.885Z","request_id":"a6b86a31-ca22-4c84-82e4-24755fe40394"},"status":"ok","message":"Search completed","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}}},"x-oanor-pricing":[{"slug":"free","name":"Free","price_cents_month":0,"monthly_call_quota":1500,"rps_limit":1,"hard_limit":true},{"slug":"basic","name":"Basic","price_cents_month":400,"monthly_call_quota":25000,"rps_limit":5,"hard_limit":true},{"slug":"pro","name":"Pro","price_cents_month":1600,"monthly_call_quota":150000,"rps_limit":15,"hard_limit":true},{"slug":"mega","name":"Mega","price_cents_month":4000,"monthly_call_quota":600000,"rps_limit":40,"hard_limit":true}],"x-oanor-marketplace-url":"https://www.oanor.com/api/cve-api"}