Every CVE whose affected-product data names Apache Log4cxx, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2023-31038 — CVSS 8.8 (high): SQL injection in Log4cxx when using the ODBC appender to send log messages to a database. No fields sent to the database were properly…
CVE-2025-54813 — CVSS 7.5 (high): Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped…
CVE-2025-54812 — CVSS 5.4 (medium): Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when…
CVE-2026-40023 — CVSS 5.3 (medium): Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx_1_1xml_1_1XMLLayout.html , in versions before 1.7.0, fails…