All 4 CVE vulnerabilities found in Apache Log4j Core, with AI-generated Chinese analysis, references, and POCs.
Vendor: Apache Software Foundation
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-34480 | Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters CWE-116 | 5.8AI | MediumAI | 2026-04-10 |
| CVE-2026-34478 | Apache Log4j Core: Log injection in Rfc5424Layout due to silent configuration incompatibility CWE-684 | 8.2AI | HighAI | 2026-04-10 |
| CVE-2026-34477 | Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass CWE-297 | 8.2AI | HighAI | 2026-04-10 |
| CVE-2025-68161 | Apache Log4j Core: Missing TLS hostname verification in Socket appender CWE-297 | 7.4AI | HighAI | 2025-12-18 |
All 4 known CVE vulnerabilities affecting Apache Log4j Core with full Chinese analysis, references, and POCs where available.