Log4Shell (CVE-2021-45046)
- Risk:
High
- Type:
- Active
- CWE:
- CWE-117
- Summary
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments.
- Solution
Upgrade Log4j2 to version 2.17.1 or newer.
AWS outage crashes Amazon, Prime Video, Fortnite, Perplexity and more
Oracle silently fixes zero-day exploit leaked by ShinyHunters
CISA: High-severity Windows SMB flaw now exploited in attacks
Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950)
CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw
Hackers exploiting critical "SessionReaper" flaw in Adobe Magento
Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)
Over 75,000 WatchGuard security devices vulnerable to critical RCE
Russian hackers evolve malware pushed in "I am not a robot" captchas
PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign
CVE-2025-54236 Adobe Commerce and Magento Improper Input Validation Vulnerability
CVE-2025-61884 Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability
CVE-2025-33073 Microsoft Windows SMB Client Improper Access Control Vulnerability
CVE-2022-48503 Apple Multiple Products Unspecified Vulnerability
CVE-2025-54253 Adobe Experience Manager Forms Code Execution Vulnerability
CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
Free online web security scanner