Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
confluence vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-42977
The Netic User Export add-on prior to 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be ...
Atlassian Confluence Data Center
NA
CVE-2022-42978
In the Netic User Export add-on prior to 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system.
Atlassian Confluence Data Center
NA
CVE-2022-44724
The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Data Center 3.x prior to 3.5.5 allows remote malicious users to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability.
Stiltsoft Handy Macros For Confluence
NA
CVE-2020-36290
The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 prior to 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site sc...
Atlassian Confluence Server
Atlassian Confluence Data Center
NA
CVE-2022-26136
A vulnerability in multiple Atlassian products allows a remote, unauthenticated malicious user to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in au...
Atlassian Confluence Data Center 7.18.0
Atlassian Confluence Data Center
Atlassian Confluence Server 7.18.0
Atlassian Confluence Server
Atlassian Bitbucket 8.0.0
Atlassian Bitbucket 8.1.0
Atlassian Crowd
Atlassian Crowd 5.0.0
Atlassian Crucible
Atlassian Fisheye
Atlassian Jira Data Center
Atlassian Jira Server
Atlassian Jira Service Management
Atlassian Bamboo
Atlassian Bitbucket
Atlassian Jira Service Desk
1 Article
NA
CVE-2022-26137
A vulnerability in multiple Atlassian products allows a remote, unauthenticated malicious user to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with t...
Atlassian Confluence Data Center 7.18.0
Atlassian Confluence Data Center
Atlassian Confluence Server 7.18.0
Atlassian Confluence Server
Atlassian Bitbucket 8.0.0
Atlassian Bitbucket 8.1.0
Atlassian Crowd
Atlassian Crowd 5.0.0
Atlassian Crucible
Atlassian Fisheye
Atlassian Jira Data Center
Atlassian Jira Server
Atlassian Jira Service Management
Atlassian Bamboo
Atlassian Bitbucket
Atlassian Jira Service Desk
1 Article
NA
CVE-2022-26138
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded passw...
Atlassian Questions For Confluence 3.0.2
Atlassian Questions For Confluence 2.7.35
Atlassian Questions For Confluence 2.7.34
3 Github repositories
1 Article
7.5
CVSSv2
CVE-2022-26134
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated malicious user to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 prior to 7.4.17, fro...
Atlassian Confluence Data Center 7.18.0
Atlassian Confluence Data Center
Atlassian Confluence Server 7.18.0
Atlassian Confluence Server
99 Github repositories
3 Articles
4.3
CVSSv2
CVE-2022-1231
XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml before 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in d...
Plantuml Plantuml
Fedoraproject Fedora 35
Fedoraproject Fedora 36
6.5
CVSSv2
CVE-2021-39114
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, f...
Atlassian Confluence Server
Atlassian Confluence Data Center
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »