| CVE-2021-44228 |
critical |
— |
10.0 |
|
|
|
5y ago |
Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution. |
| CVE-2017-5645 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Deserialization of Untrusted Data in Log4j |
| CVE-2026-34477 |
medium |
5.9 |
5.9 |
|
|
|
2mo ago |
Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration |
| CVE-2021-45046 |
unknown |
— |
2.5 |
|
|
|
5y ago |
Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in… |
| CVE-2026-34480 |
unknown |
— |
— |
|
|
|
2mo ago |
Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters |
| CVE-2026-34478 |
unknown |
— |
— |
|
|
|
2mo ago |
Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility |
| CVE-2025-68161 |
unknown |
— |
— |
|
|
|
5mo ago |
Apache Log4j does not verify the TLS hostname in its Socket Appender |
| CVE-2023-26464 |
unknown |
— |
— |
|
|
|
3y ago |
Apache Log4j 1.x (EOL) allows Denial of Service (DoS) |
| CVE-2021-44832 |
unknown |
— |
— |
|
|
|
5y ago |
Improper Input Validation and Injection in Apache Log4j2 |
| CVE-2021-45105 |
unknown |
— |
— |
|
|
|
5y ago |
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion |
| CVE-2020-9488 |
unknown |
— |
— |
|
|
|
6y ago |
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender |