VDB

GCVE-110-NCSC-2026-27

GCVE-110-NCSC-2026-27
Advisory PublishedCVSS 10.0/10
Vulnetix · Advisory published January 21, 2026
Multiple vulnerabilities across Apache Log4j, Oracle products, and various dependencies expose systems to denial-of-service and remote code execution risks, necessitating updates to secure versions.

Weaknesses (CWE)

CWE-674Uncontrolled RecursionCWE-404Improper Resource Shutdown or ReleaseCWE-20Improper Input ValidationCWE-918Server-Side Request Forgery (SSRF)CWE-150Improper Neutralization of Escape, Meta, or Control SequencesCWE-400Uncontrolled Resource ConsumptionCWE-787Out-of-bounds WriteCWE-611Improper Restriction of XML External Entity ReferenceCWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-284Improper Access ControlCWE-209Generation of Error Message Containing Sensitive InformationCWE-289Authentication Bypass by Alternate NameCWE-285Improper AuthorizationCWE-476NULL Pointer DereferenceCWE-770Allocation of Resources Without Limits or ThrottlingCWE-125Out-of-bounds ReadCWE-252Unchecked Return ValueCWE-457Use of Uninitialized Variable

Risk Scores

CVSS 3.0
10.0/10
Critical · CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
Oraclevers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›