Every CVE whose affected-product data names Apache Log4net, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2018-1285 — CVSS 9.8 (critical): Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for…
CVE-2006-0743 — CVSS 5.0 (medium): Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service…