Skip to main content

Briefing Zero-days CVEs IOCs NewsActors Vendors Licenses Help

⌘+KWorkspace→

Real-time security intelligence — KEV, CVEs, exploits, threat actors and IOCs unified into one live view.

Sources Status API docs Licenses Help Security disclosure

© 2026 ZeroDayAttack · Public data from CISA · NIST · MITRE · FIRST · OSV · GitHub · abuse.ch — not a security advisory.

Built by Kiril Urbonas

ZeroDayAttack — AppSec intelligence aggregator

Search

29 results

For "log4j" across CVEs, vendor advisories, threat actors, IOCs, security research, and news.

All29 Vulnerabilities11 Threat actors0 Vendor advisories5 Research13 News0 IOCs0

Vulnerabilities

11

CVE-2021-44832Medium· 6.614 d ago
Improper Input Validation and Injection in Apache Log4j2
CVE-2020-9488Low· 3.714 d ago
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender
CVE-2021-45105Medium· 5.915 d ago
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion

CVE-2019-17571Critical· 9.815 d ago

Deserialization of Untrusted Data in Log4j

CVE-2022-23305Critical· 9.817 d ago

SQL Injection in Log4j 1.2.x

CVE-2026-34480High· 7.52026-04-24

Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters

CVE-2026-34478High· 7.52026-04-24

Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility

OSV-GHSA-3qpm-h9ch-px3c—2024-12-04

Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library

OSV-GHSA-3w6p-8f82-gw8r—2024-12-03

Using JMSAppender in log4j configuration may lead to deserialization of untrusted data

CVE-2021-45046Critical· 9.0KEVEXPLOIT23 h ago

Apache Log4j2 Deserialization of Untrusted Data Vulnerability

CVE-2021-44228Critical· 10.0KEVEXPLOIT23 h ago

Apache Log4j2 Remote Code Execution Vulnerability

Vendor advisories

5

amazon-linuxALAS2-2022-18062022-06-15
ALAS2-2022-1806 (important): log4j-cve-2021-44228-hotpatch
amazon-linuxALAS2-2022-17732022-04-19
ALAS2-2022-1773 (important): log4j-cve-2021-44228-hotpatch
amazon-linuxALAS2-2022-17502022-02-22
ALAS2-2022-1750 (important): log4j
amazon-linuxALAS2-2022-17392022-01-20
ALAS2-2022-1739 (medium): log4j
amazon-linuxALAS2-2021-17322021-12-23
ALAS2-2021-1732 (important): log4j-cve-2021-44228-hotpatch

Research

13

owasp
Advisory on Software Bill of Materials and Real-time Vulnerability Monitoring for Open-Source Software and Third-Party Dependencies
The OWASP Foundation, in collaboration with the Cyber Security Agency (CSA) of Singapore , presents this advisory on using Software Bill of Materials (SBOM) for enhanced vulnerability management, highlighting OWASP CycloneDX -a format st
2025-02-24
snyk
The persistent threat: Why major vulnerabilities like Log4Shell and Spring4Shell remain significant
Read on to learn about the danger of the continued use of vulnerable Log4j and Spring Framework versions in many projects.
2024-08-29
snyk
FTC highlights the importance of securing Log4j and software supply chain
Earlier this week, the FTC issued a warning to companies regarding the Log4j vulnerability. Given the rampant exploitation of the recently discovered vulnerabilities in this ubiquitous open source logging package, it's encouraging to see th
2022-01-07
snyk
Log4Shell webinar: What you need to know
Here's a recap of our latest Log4Shell webinar about mitigating the Log4j vulnerability.
2022-01-05
snyk
New Log4j 2.17.1 fixes CVE-2021-44832 remote code execution (but it's not as bad as it sounds)
This new CVE-2021-44832 security vulnerability is affecting versions up to 2.17.0, which was previously thought to be fixed. This vulnerability is similar in nature to CVE-2021-4104 which affected the 1.x branch of Log4j.
CVE-2021-44832 · CVE-2021-4104
2021-12-29
wiz
Log4Shell: Wrap all your Log4j fixes before the holidays
The main challenge with Log4j is understanding your existing infrastructure, and identifying the location of all vulnerable Log4j libraries. Follow Wiz's recommendations to wrap it all before the Holidays!
2021-12-21
snyk
Log4j 2.16 High Severity Vulnerability (CVE-2021-45105) Discovered
Overnight, it was disclosed by Apache that Log4j version 2.16 is also vulnerable by way of a Denial of Service attack with the impact being a full application crash, the severity for this is classified as High (7.5).
CVE-2021-45105
2021-12-18
snyk
Find Log4Shell vulnerabilities in your unmanaged and shaded jars with the Snyk CLI
Announcing a new Snyk CLI command (snyk log4shell) to find affected Log4j libraries that were not disclosed in the manifest file, forked, or repackaged.
2021-12-18
snyk
Log4j 2.15 vulnerability CVE-2021-45046 upgraded to a critical severity arbitrary code execution
It has been discovered that Log4j version 2.15.0 is still susceptible to arbitrary code execution (CVE-2021-45046) in certain circumstances. Upgrade to 2.16.0.
CVE-2021-45046
2021-12-17
snyk
The Log4j vulnerability and its impact on software supply chain security
Learn more about the massive impact of Log4Shell, the recently disclosed Log4j vulnerability. Learn how far spread it is, how it affects supply chain security, how to prioritize your response, and how to fix it quickly.
2021-12-13
snyk
Log4j vulnerability explained: Prevent Log4Shell RCE by updating to version 2.17.1
A new critical vulnerability was disclosed for log4j, a very popular Java logging framework from the Apache foundation. All current versions of log4j2 up to 2.14.1 are vulnerable. You can remediate this vulnerability by updating to version
2021-12-10
huntress
Critical RCE Vulnerability Updates (log4j - CVE-2021-44228) | Huntress
Read about how our team investigated CVE-2021-44228, a critical vulnerability that was affecting a Java logging package.
CVE-2021-44228
2021-12-10
huntress
Critical RCE Vulnerability: log4j - CVE-2021-44228 | Huntress
Our team is currently investigating CVE-2021-44228, a critical vulnerability that's affecting a Java logging package.
CVE-2021-44228
2021-12-10