Category: Vulnerabilities

In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output. More information : https://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx

In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file. More information : https://github.com/systemd/systemd/security/advisories/GHSA-9mj4-rrc3-gjcx

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element. More information : https://github.com/systemd/systemd/security/advisories/GHSA-848h-497j-8vjq

In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a “logger -p emerg” command is executed, if ForwardToWall=yes is set. More information : https://www.openwall.com/lists/oss-security/2026/04/08/1

Apache Log4cxx’s XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx_1_1xml_1_1XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/#charsets in log messages, NDC, and MDC property keys and values, producing invalid XML output....

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running. More information : https://github.com/systemd/systemd/security/advisories/GHSA-x4h8-rrrg-q78f

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja’s link share authentication (GetLinkShareFromClaims in pkg/models/link_sharing.go) constructs authorization objects entirely from JWT claims without any server-side database validation. When a project owner...

Apache Log4net’s XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.html#layout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.html#layout-list , in versions before 3.3.0, fail to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/#charsets in MDC property keys and values, as well as the identity...

Apache Log4j Core’s Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. Two distinct issues affect users of stream-based...

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters...

Apache Log4j Core’s XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/#charsets producing invalid XML output whenever a log message or MDC...

Apache Log4j’s JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values (NaN, Infinity, or -Infinity), which are prohibited by RFC 8259. This...

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local...

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained...