| CVE-2026-34477 |
medium |
5.9 |
5.9 |
2mo ago |
Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration |
|
| CVE-2021-45046 |
unknown |
— |
1.5 |
5y ago |
Incomplete fix for Apache Log4j vulnerability |
|
| CVE-2026-34480 |
unknown |
— |
— |
2mo ago |
Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters |
|
| CVE-2026-34478 |
unknown |
— |
— |
2mo ago |
Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility |
|
| CVE-2025-68161 |
unknown |
— |
— |
5mo ago |
Apache Log4j does not verify the TLS hostname in its Socket Appender |
|
| CVE-2023-26464 |
unknown |
— |
— |
3y ago |
Apache Log4j 1.x (EOL) allows Denial of Service (DoS) |
|
| CVE-2021-44832 |
unknown |
— |
— |
5y ago |
Improper Input Validation and Injection in Apache Log4j2 |
|
| CVE-2021-45105 |
unknown |
— |
— |
5y ago |
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion |
|
| CVE-2020-9488 |
unknown |
— |
— |
6y ago |
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender |
|