Skip to main content

Briefing Zero-days CVEs IOCs NewsActors Vendors Licenses Help

⌘+KWorkspace→

Real-time security intelligence — KEV, CVEs, exploits, threat actors and IOCs unified into one live view.

Sources Status API docs Licenses Help Security disclosure

© 2026 ZeroDayAttack · Public data from CISA · NIST · MITRE · FIRST · OSV · GitHub · abuse.ch — not a security advisory.

Built by Kiril Urbonas

ZeroDayAttack — AppSec intelligence aggregator

Search

38 results

For "log4shell" across CVEs, vendor advisories, threat actors, IOCs, security research, and news. Also searching: CVE-2021-44228, log4j, Log4j2

All38 Vulnerabilities11 Threat actors0 Vendor advisories0 Research27 News0 IOCs0

Instant answer

log4shell

Apache Log4j2 RCE via JNDI lookup. December 2021.

Featured CVEs

CVE-2021-44228Critical· 10.0Apache Log4j2 Remote Code Execution Vulnerability22 h ago

CVE-2021-44228 Search "log4j"Search "Log4j2"

Vulnerabilities

11

CVE-2021-44228Critical· 10.0KEVEXPLOIT22 h ago
Apache Log4j2 Remote Code Execution Vulnerability
CVE-2021-45046Critical· 9.0KEVEXPLOIT22 h ago
Apache Log4j2 Deserialization of Untrusted Data Vulnerability

CVE-2021-44832Medium· 6.614 d ago

Improper Input Validation and Injection in Apache Log4j2

CVE-2020-9488Low· 3.714 d ago

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender

CVE-2021-45105Medium· 5.915 d ago

Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion

CVE-2019-17571Critical· 9.815 d ago

Deserialization of Untrusted Data in Log4j

CVE-2022-23305Critical· 9.817 d ago

SQL Injection in Log4j 1.2.x

CVE-2026-34480High· 7.52026-04-24

Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters

CVE-2026-34478High· 7.52026-04-24

Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility

OSV-GHSA-3qpm-h9ch-px3c—2024-12-04

Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library

OSV-GHSA-3w6p-8f82-gw8r—2024-12-03

Using JMSAppender in log4j configuration may lead to deserialization of untrusted data