Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
confluence vulnerabilities and exploits
(subscribe to this query)
6.9
CVSSv2
CVE-2021-43940
Affected versions of Atlassian Confluence Server and Data Center allow authenticated local malicious users to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence...
Atlassian Confluence Server
Atlassian Confluence Data Center
4.3
CVSSv2
CVE-2021-37412
The TechRadar app 1.1 for Confluence Server allows XSS via the Title field of a Radar.
It-economics Techradar 1.1
7.5
CVSSv2
CVE-2021-26084
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated malicious user to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from ve...
Atlassian Confluence Server
Atlassian Confluence Data Center
47 Github repositories
2 Articles
5
CVSSv2
CVE-2021-26085
Affected versions of Atlassian Confluence Server allow remote malicious users to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 prior to 7.12.3.
Atlassian Confluence Server
Atlassian Confluence Data Center
4 Github repositories
7.5
CVSSv2
CVE-2021-37843
The resolution SAML SSO apps for Atlassian products allow a remote malicious user to login to a user account when only the username is known (i.e., no other authentication is provided). The fixed versions are for Jira: 3.6.6.1, 4.0.12, 5.0.5; for Confluence 3.6.6, 4.0.12, 5.0.5; ...
Atlassian Saml Single Sign On
3.5
CVSSv2
CVE-2020-29444
Affected versions of Team Calendar in Confluence Server prior to 7.11.0 allow malicious users to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters.
Atlassian Confluence Server
Atlassian Confluence Data Center
4
CVSSv2
CVE-2020-29445
Affected versions of Confluence Server prior to 7.4.8, and versions from 7.5.0 prior to 7.11.0 allow malicious users to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters.
Atlassian Confluence Server
4
CVSSv2
CVE-2021-26072
The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote malicious users to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability.
Atlassian Confluence Server
Atlassian Confluence Data Center
5
CVSSv2
CVE-2020-29448
The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 prior to 7.4.6, and from 7.5.0 prior to 7.8.3 allowed unauthenticated remote malicious users to read arbitrary files within WEB-INF and META-INF dir...
Atlassian Confluence Server
Atlassian Confluence Data Center
4
CVSSv2
CVE-2020-29450
Affected versions of Atlassian Confluence Server and Data Center allow remote malicious users to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.
Atlassian Confluence Server
Atlassian Confluence Data Center
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »