Skip to main content

Briefing Zero-days CVEs IOCs NewsActors Vendors Licenses Help

⌘+KWorkspace→

Real-time security intelligence — KEV, CVEs, exploits, threat actors and IOCs unified into one live view.

Sources Status API docs Licenses Help Security disclosure

© 2026 ZeroDayAttack · Public data from CISA · NIST · MITRE · FIRST · OSV · GitHub · abuse.ch — not a security advisory.

Built by Kiril Urbonas

ZeroDayAttack — AppSec intelligence aggregator

Search

38 results

For "log4shell" across CVEs, vendor advisories, threat actors, IOCs, security research, and news. Also searching: CVE-2021-44228, log4j, Log4j2

All38 Vulnerabilities11 Threat actors0 Vendor advisories0 Research27 News0 IOCs0

Instant answer

log4shell

Apache Log4j2 RCE via JNDI lookup. December 2021.

Featured CVEs

CVE-2021-44228Critical· 10.0Apache Log4j2 Remote Code Execution Vulnerability22 h ago

CVE-2021-44228 Search "log4j"Search "Log4j2"

Research

27

snyk
The persistent threat: Why major vulnerabilities like Log4Shell and Spring4Shell remain significant
Read on to learn about the danger of the continued use of vulnerable Log4j and Spring Framework versions in many projects.
2024-08-29
snyk
How Atlassian used Snyk to solve Log4Shell
In this post, we'll recap Walz's experience using Snyk to detect and remediate Log4Shell at Atlassian, as well as Silverman's more in-depth talk about the impact of Log4Shell.
2022-11-16

Reviewing CVE-2022-42889: The arbitrary code execution vulnerability in Apache Commons Text

In this post we'll review CVE-2022-42889, the recent Arbitrary Code Execution Vulnerability in Apache Commons Text, including what it is, how to remediate it, and why it's not the new Log4Shell.

CVE-2022-42889

Exploring CVE-2022-33980: the Apache Commons configuration RCE vulnerability

In this post, we'll explore CVE-2022-33980, the Apache Commons configuration RCE vulnerability. However, we want to make it clear that there's no need for panic. This is not Log4Shell all over again. This is simple configuration manipulatio

CVE-2022-33980

Fighting Log4Shell with Huntress Managed EDR | Huntress

Read how our ThreatOps team used Huntress Managed EDR and Managed Antivirus to stop bad actors who were exploiting Log4Shell vulnerabilities.

How LiveRamp used Snyk to remediate Log4Shell

When Log4Shell hit in mid-December 2021, LiveRamp had just completed its POC (proof of concept) trial with Snyk. While LiveRamp's main motivation for deploying Snyk was to secure its CI/CD pipeline, Snyk was able to discover and remediate t

Log4Shell remediation with Snyk by the numbers

Check out this handy infographic to learn more about the Log4Shell timeline, how much time and money our customers have saved by using Snyk, and what some of those customers have said about their experience.

Stranger Danger: Live hack of how a Log4Shell exploit works

Learn about a recent Stranger Danger live hack where Simon Maple, Field CTO at Snyk, Eric Smalling, Senior Developer Advocate at Snyk, and Micah Silverman, Director of DevSecOps Acceleration discussed the Log4Shell vulnerability and demonst

Log4Shell webinar: What you need to know

Here's a recap of our latest Log4Shell webinar about mitigating the Log4j vulnerability.

It takes a community: Responding to open source criticism post-Log4Shell

The truth of the matter is this: open source is never going to be perfect (nothing is!). It's up to us (as community members) to leave things better than we found them, and help improve the state of open source.

Log4Shell: Wrap all your Log4j fixes before the holidays

The main challenge with Log4j is understanding your existing infrastructure, and identifying the location of all vulnerable Log4j libraries. Follow Wiz's recommendations to wrap it all before the Holidays!

Log4Shell 10 days later: Enterprises halfway through patching

Wiz and EY (Ernest & Young) analyzed more than 200 enterprise cloud environments with thousands of cloud accounts. The results were striking: While 93% of all cloud environments are at risk from Log4Shell, on average organizations have patc

Snyk makes it easier to fix Log4Shell with extended free scans

Due to the recently discovered Log4Shell vulnerability, and to support the tremendous effort being mounted by the community to address it, we are happy to announce that we are increasing the free test limit in Snyk Open Source!

Find Log4Shell vulnerabilities in your unmanaged and shaded jars with the Snyk CLI

Announcing a new Snyk CLI command (snyk log4shell) to find affected Log4j libraries that were not disclosed in the manifest file, forked, or repackaged.

Log4Shell: A Tradecraft Tuesday Recap | Huntress

We recap our December 2021 episode of Tradecraft Tuesday where we dive into the Log4Shell vulnerability.

Log4Shell in a nutshell (for non-developers & non-Java developers)

In this post, we'll give an explanation of Log4Shell for non-developers and an overview of the Log4Shell vulnerability for non-Java developers.

Log4Shell remediation cheat sheet

This Log4Shell remediation cheat sheet summarizes the main fixes and recommendations being used to limit exposure to the vulnerability and to reduce the risk of this vulnerability being exploited in production systems.

The Log4j vulnerability and its impact on software supply chain security

Learn more about the massive impact of Log4Shell, the recently disclosed Log4j vulnerability. Learn how far spread it is, how it affects supply chain security, how to prioritize your response, and how to fix it quickly.

Find and fix the Log4Shell exploit fast with Snyk

See how easy (and fast) it is to find and automatically fix Log4Shell with Snyk.

Log4j vulnerability explained: Prevent Log4Shell RCE by updating to version 2.17.1

A new critical vulnerability was disclosed for log4j, a very popular Java logging framework from the Apache foundation. All current versions of log4j2 up to 2.14.1 are vulnerable. You can remediate this vulnerability by updating to version

Log4Shell Meltdown: How to protect your cloud from this critical RCE threat

Log4Shell Meltdown: How to protect your cloud from this critical RCE threat. In this post, we'll provide a quick overview of Log4Shell: what it is, its impact, and recommendations for security teams.

FTC highlights the importance of securing Log4j and software supply chain

Earlier this week, the FTC issued a warning to companies regarding the Log4j vulnerability. Given the rampant exploitation of the recently discovered vulnerabilities in this ubiquitous open source logging package, it's encouraging to see th

New Log4j 2.17.1 fixes CVE-2021-44832 remote code execution (but it's not as bad as it sounds)

This new CVE-2021-44832 security vulnerability is affecting versions up to 2.17.0, which was previously thought to be fixed. This vulnerability is similar in nature to CVE-2021-4104 which affected the 1.x branch of Log4j.

CVE-2021-44832 · CVE-2021-4104

Log4j 2.16 High Severity Vulnerability (CVE-2021-45105) Discovered

Overnight, it was disclosed by Apache that Log4j version 2.16 is also vulnerable by way of a Denial of Service attack with the impact being a full application crash, the severity for this is classified as High (7.5).

CVE-2021-45105

Log4j 2.15 vulnerability CVE-2021-45046 upgraded to a critical severity arbitrary code execution

It has been discovered that Log4j version 2.15.0 is still susceptible to arbitrary code execution (CVE-2021-45046) in certain circumstances. Upgrade to 2.16.0.

CVE-2021-45046

Critical RCE Vulnerability: log4j - CVE-2021-44228 | Huntress

Our team is currently investigating CVE-2021-44228, a critical vulnerability that's affecting a Java logging package.

CVE-2021-44228

Critical RCE Vulnerability Updates (log4j - CVE-2021-44228) | Huntress

Read about how our team investigated CVE-2021-44228, a critical vulnerability that was affecting a Java logging package.

CVE-2021-44228