| CVE-2020-9488 |
low |
3.7 |
3.7 |
|
|
|
6y ago |
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log mess… |
| CVE-2021-45046 |
unknown |
— |
2.5 |
|
|
|
5y ago |
Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in… |
| CVE-2026-34478 |
unknown |
— |
— |
|
|
|
2mo ago |
Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility |
| CVE-2026-34480 |
unknown |
— |
— |
|
|
|
2mo ago |
Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 spec… |
| CVE-2025-68161 |
unknown |
— |
— |
|
|
|
6mo ago |
Apache Log4j does not verify the TLS hostname in its Socket Appender |
| CVE-2023-26464 |
unknown |
— |
— |
|
|
|
3y ago |
Apache Log4j 1.x (EOL) allows Denial of Service (DoS) |
