Trending Zero-Day Explore Browse Search Saved

CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Home Trending Zero-Day Watch Attack Types Browse CVEs Search

Legal

Privacy Policy Terms of Service Data Disclaimer

© 2026CVEInsight. For informational use only — not a substitute for professional security advice.

CVE data sourced from NVD / NIST & public disclosures.

apache

log4net

1 known vulnerability · sorted by CVSS score

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.

apache / log4net+10

Published May 11, 2020