Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

EUVD
EUVDadded 2026/04/10 6:31 p.m.0 views

EUVD-2026-21407

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

6.3CVSS6.6AI score0.00029EPSS
Exploits1References6
NVD
NVDadded 2026/04/10 4:16 p.m.2 views

CVE-2026-34477

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

6.3CVSS0.00029EPSS
Exploits0References5
OSV
OSVadded 2026/04/10 4:16 p.m.1 views

UBUNTU-CVE-2026-34477

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

6.3CVSS5.8AI score0.00029EPSS
Exploits0References7
CVE
CVEadded 2026/04/10 3:36 p.m.36 views

CVE-2026-34477

CVE-2025-68161 (and CVE-2026-34477) affect Apache Log4j Core Socket Appender where TLS hostname verification was silently ignored when configured via verifyHostName, leaving potential MITM scenarios under SMTP, Socket, or Syslog Appenders using a nested element. The issue spans versions 2.0-beta...

6.3CVSS6.6AI score0.00029EPSS
Exploits0References5Affected Software1
CNNVD
CNNVDadded 2026/04/10 12:0 a.m.4 views

Apache Log4j 安全漏洞

Apache Log4j is an open-source logging tool based on Java, developed by the Apache Foundation in the United States. Versions of Apache Log4j Core 2.25.3 and earlier contain security vulnerabilities. These vulnerabilities stem from the silent ignoring of the verifyHostName configuration property,...

6.3CVSS5.8AI score0.00029EPSS
Exploits0References5
Veracode
Veracodeadded 2025/12/13 4:20 a.m.4 views

Improper Certificate Validation

com.squareup.okhttp3, okhttp is vulnerable to improper certificate validation. The vulnerability is due to improper use of cryptographic hostname verification in verifyHostName, which allows an attacker to present a certificate for an incorrect domain and potentially perform remote information...

7.5CVSS6.6AI score0.01387EPSS
Exploits0References6Affected Software1
RedHat Linux
RedHat Linuxadded 2023/05/10 1:41 p.m.3 views

okhttp: information disclosure via improperly used cryptographic function

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

7.5CVSS7.4AI score0.01387EPSS
Exploits0References5
Rows per page
Query Builder