Briefing Zero-days CVEs IOCs NewsActors Vendors Licenses Help

⌘+KWorkspace→

Real-time security intelligence — KEV, CVEs, exploits, threat actors and IOCs unified into one live view.

Sources Status API docs Licenses Help Security disclosure

Built by Kiril Urbonas

ZeroDayAttack — AppSec intelligence aggregator

29 results

For "log4j" across CVEs, vendor advisories, threat actors, IOCs, security research, and news.

All29 Vulnerabilities11 Threat actors0 Vendor advisories5 Research13 News0 IOCs0

Research

owasp
Advisory on Software Bill of Materials and Real-time Vulnerability Monitoring for Open-Source Software and Third-Party Dependencies
The OWASP Foundation, in collaboration with the Cyber Security Agency (CSA) of Singapore , presents this advisory on using Software Bill of Materials (SBOM) for enhanced vulnerability management, highlighting OWASP CycloneDX -a format st
2025-02-24
snyk
The persistent threat: Why major vulnerabilities like Log4Shell and Spring4Shell remain significant
Read on to learn about the danger of the continued use of vulnerable Log4j and Spring Framework versions in many projects.
2024-08-29

snyk

FTC highlights the importance of securing Log4j and software supply chain

Earlier this week, the FTC issued a warning to companies regarding the Log4j vulnerability. Given the rampant exploitation of the recently discovered vulnerabilities in this ubiquitous open source logging package, it's encouraging to see th

2022-01-07

snyk

Log4Shell webinar: What you need to know

Here's a recap of our latest Log4Shell webinar about mitigating the Log4j vulnerability.

2022-01-05

snyk

New Log4j 2.17.1 fixes CVE-2021-44832 remote code execution (but it's not as bad as it sounds)

This new CVE-2021-44832 security vulnerability is affecting versions up to 2.17.0, which was previously thought to be fixed. This vulnerability is similar in nature to CVE-2021-4104 which affected the 1.x branch of Log4j.

CVE-2021-44832 · CVE-2021-4104

2021-12-29

wiz

Log4Shell: Wrap all your Log4j fixes before the holidays

The main challenge with Log4j is understanding your existing infrastructure, and identifying the location of all vulnerable Log4j libraries. Follow Wiz's recommendations to wrap it all before the Holidays!

2021-12-21

snyk

Log4j 2.16 High Severity Vulnerability (CVE-2021-45105) Discovered

Overnight, it was disclosed by Apache that Log4j version 2.16 is also vulnerable by way of a Denial of Service attack with the impact being a full application crash, the severity for this is classified as High (7.5).

CVE-2021-45105

2021-12-18

snyk

Find Log4Shell vulnerabilities in your unmanaged and shaded jars with the Snyk CLI

Announcing a new Snyk CLI command (snyk log4shell) to find affected Log4j libraries that were not disclosed in the manifest file, forked, or repackaged.

2021-12-18

snyk

Log4j 2.15 vulnerability CVE-2021-45046 upgraded to a critical severity arbitrary code execution

It has been discovered that Log4j version 2.15.0 is still susceptible to arbitrary code execution (CVE-2021-45046) in certain circumstances. Upgrade to 2.16.0.

CVE-2021-45046

2021-12-17

snyk

The Log4j vulnerability and its impact on software supply chain security

Learn more about the massive impact of Log4Shell, the recently disclosed Log4j vulnerability. Learn how far spread it is, how it affects supply chain security, how to prioritize your response, and how to fix it quickly.

2021-12-13

snyk

Log4j vulnerability explained: Prevent Log4Shell RCE by updating to version 2.17.1

A new critical vulnerability was disclosed for log4j, a very popular Java logging framework from the Apache foundation. All current versions of log4j2 up to 2.14.1 are vulnerable. You can remediate this vulnerability by updating to version

2021-12-10

huntress

Critical RCE Vulnerability Updates (log4j - CVE-2021-44228) | Huntress

Read about how our team investigated CVE-2021-44228, a critical vulnerability that was affecting a Java logging package.

CVE-2021-44228

2021-12-10

huntress

Critical RCE Vulnerability: log4j - CVE-2021-44228 | Huntress

Our team is currently investigating CVE-2021-44228, a critical vulnerability that's affecting a Java logging package.

CVE-2021-44228

2021-12-10