VDB

GCVE-110-NCSC-2026-202

GCVE-110-NCSC-2026-202
Advisory PublishedCVSS 7.5/10
Vulnetix · Advisory published June 17, 2026
Apache Log4j's JsonTemplateLayout up to version 2.25.3 improperly serializes non-finite floating-point values, producing invalid JSON that can disrupt log processing, while Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 have a critical vulnerability allowing unauthenticated data modification.

Weaknesses (CWE)

CWE-116Improper Encoding or Escaping of Output

Risk Scores

CVSS 3.1
7.5/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersionsPlatforms
Oraclevers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›