Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.7 views

EUVD-2022-0575

Malicious code in bioql PyPI...

9CVSS7.5AI score0.52458EPSS
Exploits0References40
OSV
OSVadded 2022/07/26 11:4 a.m.5 views

OESA-2022-1781 log4j12 security update

With log4j it is possible to enable logging at runtime without modifying the application binary. Security Fixes: By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converte...

9.8CVSS9.5AI score0.67466EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletinsadded 2022/02/18 5:30 a.m.61 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to SQL injection due to Apache Log4j (CVE-2022-23305)

Summary Apache Log4j is used by IBM Sterling Connect:Direct Web Services as part of its logging infrastructure. JDBCAppender in Apache Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The fix includes Apache Log4j...

9.8CVSS7AI score0.67466EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessusadded 2022/01/28 12:0 a.m.53 views

SUSE SLES15 Security Update : log4j (SUSE-SU-2022:0214-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0214-1 advisory. - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the...

9.8CVSS8.8AI score0.67466EPSS
Exploits1References10
Github Security Blog
Github Security Blogadded 2022/01/21 11:26 p.m.201 views

SQL Injection in Log4j 1.2.x

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...

9.8CVSS2.7AI score0.67466EPSS
Exploits1References8Affected Software2
OSV
OSVadded 2022/01/18 4:15 p.m.38 views

CVE-2022-23305

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...

9.8CVSS7.3AI score
Exploits0References6
Prion
Prionadded 2022/01/18 4:15 p.m.35 views

Design/Logic Flaw

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...

6.8CVSS9.6AI score0.67466EPSS
Exploits1References6Affected Software26
CVE
CVEadded 2022/01/18 3:25 p.m.707 views

CVE-2022-23307

CVE-2022-23307 concerns a deserialization vulnerability in the Chainsaw component of Apache Log4j 1.x (Chainsaw bundled with Log4j 1.2.x). The root cause is unsafe deserialization of untrusted data via Chainsaw, allowing potential code execution. Multiple Atlassian products initially bundled Chai...

9CVSS9.2AI score0.52458EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder