Where
-Infinity
0

Trending

Last week
Last month
Last year

Apache Log4jApache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout

Risk 43
Severity
6.3
First published (updated )
CVE-2026-34481

Apache Log4jApache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters

Risk 46
Severity
6.9
First published (updated )
CVE-2026-34480

Apache Log4jApache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters

Risk 46
Severity
6.9
First published (updated )
CVE-2026-34479

Apache Log4jApache Log4j Core: Log injection in Rfc5424Layout due to silent configuration incompatibility

Risk 46
Severity
6.9
First published (updated )
CVE-2026-34478

Apache Log4jApache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass

Risk 30
Severity
6.3
First published (updated )
CVE-2026-34477
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache Log4jApache Log4j Core: Missing TLS hostname verification in Socket appender

Risk 31
Severity
6.3
First published (updated )
CVE-2025-68161

BleepingComputerOver 30% of Log4J apps use a vulnerable version of the library

Zeroday
First published (updated )
News
BleepingComputer

maven/org.apache.logging.log4j:log4j-coreApache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender

Risk 46
Severity
7.5
First published (updated )
CVE-2023-26464

Apache Log4jA deserialization flaw was found in Apache log4j 1.2.x. While reading serialized log events, they ar…

Risk 32
Severity
7
First published (updated )
REDHAT-BUG-2041967

Apache Log4jBy design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter whe…

Risk 32
Severity
7
First published (updated )
REDHAT-BUG-2041959
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache Log4jJMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the att…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2041949

Apache Log4jA deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.

Risk 99
Severity
9.8
Zeroday
First published (updated )
CVE-2022-23307

Apache Log4jSQL injection in JDBC Appender in Apache Log4j V1

Risk 99
Severity
9.8
Zeroday
First published (updated )
CVE-2022-23305

Apache Log4jDeserialization of untrusted data in JMSSink in Apache Log4j 1.x

Risk 94
Severity
8.8
Zeroday
First published (updated )
CVE-2022-23302

Apache Log4jApache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack

Risk 96
Severity
9
Exploited
First published (updated )
CVE-2021-45046
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache Log4jApache log4j2 log messages substitution (CVE-2021-44228)

Risk 87
Severity
9.8
First published (updated )
Advisory
FG-IR-21-245

Oracle Retail Integration BusApache log4j2 log messages substitution (CVE-2021-44228)

Risk 90
Severity
9.8
First published (updated )
CVE-2021-45105

Apache Log4jApache log4j2 log messages substitution (CVE-2021-44228)

Risk 99
Severity
9.8
Zeroday
First published (updated )
CVE-2021-44832

redhat/log4jDeserialization of untrusted data in JMSAppender in Apache Log4j 1.2

Risk 79
Severity
8.1
First published (updated )
CVE-2021-4104

Cisco Webex Meetings ServerApache log4j2 log messages substitution (CVE-2021-44228)

Risk 100
Severity
10
Exploited
Zeroday
First published (updated )
CVE-2021-44228
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache ChainsawJava deserialization in Chainsaw

Risk 88
Severity
9.8
First published (updated )
CVE-2020-9493

Oracle Retail Order Broker Cloud ServiceImproper validation of certificate with host mismatch in Apache Log4j SMTP appender prior to version…

Risk 24
Severity
3.7
First published (updated )
CVE-2020-9488

redhat/log4jLast updated 24 July 2024

Risk 90
Severity
9.8
First published (updated )
CVE-2019-17571

Oracle Policy AutomationIn Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive s…

Risk 87
Severity
9.8
First published (updated )
CVE-2017-5645

Apache Software Foundation Log4j 2.3Reached end of life

EOL
Sep 20, 2015
First published (updated )
EOL-log4j-2.3
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache Software Foundation Log4j 2.3Reached end of life

EOL
Sep 20, 2015
First published (updated )
latest-version-log4j-2.3

Apache Log4jApache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability

Risk 27
Severity
5.3
Advisory
ZDI-21-1541

Apache Log4jApache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability

Risk 27
Severity
5.3
ZDI-CAN-16160

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203