All 4 CVE vulnerabilities found in Apache Log4cxx, with AI-generated Chinese analysis, references, and POCs.
Vendor: Apache Software Foundation
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40023 | Apache Log4cxx, Apache Log4cxx (Conan), Apache Log4cxx (Brew): Silent log event loss in XMLLayout due to unescaped XML 1.0 forbidden characters CWE-116 | 5.3 | - | 2026-04-10 |
| CVE-2025-54812 | Apache Log4cxx: Improper HTML escaping in HTMLLayout CWE-117 | 6.1AI | MediumAI | 2025-08-22 |
| CVE-2025-54813 | Apache Log4cxx: Improper escaping with JSONLayout CWE-117 | 5.3AI | MediumAI | 2025-08-22 |
| CVE-2023-31038 | Apache Log4cxx: SQL injection when using ODBC appender CWE-89 | 7.2 | - | 2023-05-08 |
All 4 known CVE vulnerabilities affecting Apache Log4cxx with full Chinese analysis, references, and POCs where available.