Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
confluence vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-3395
The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 prior to 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 prior to 6.9.3 (the fixed version for 6.9.x) allows remote malicious user...
Atlassian Confluence Server
Atlassian Confluence
10
CVSSv2
CVE-2019-3396
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 prior to 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 prior to 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 prior to 6...
Atlassian Confluence
Atlassian Confluence Server
1 EDB exploit
18 Github repositories
1 Article
4
CVSSv2
CVE-2018-20237
Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.
Atlassian Confluence Server
Atlassian Confluence Data Center
5
CVSSv2
CVE-2018-18289
The MESILAT Zabbix plugin prior to 1.1.15 for Atlassian Confluence allows malicious users to read arbitrary files.
Mesilat Zabbix
4.3
CVSSv2
CVE-2018-13394
The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote malicious users to modify a comment into an answer via a Cross-site request forg...
Atlassian Questions For Confluence
4.3
CVSSv2
CVE-2018-13393
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote malicious users to modify a comment into an answer via a Cross-site re...
Atlassian Questions For Confluence
4
CVSSv2
CVE-2018-1999039
A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and previous versions in ConfluenceSite.java that allows malicious users to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified cr...
Jenkins Confluence Publisher
4.3
CVSSv2
CVE-2018-13389
The attachment resource in Atlassian Confluence before version 6.6.1 allows remote malicious users to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml.
Atlassian Confluence
5
CVSSv2
CVE-2018-8012
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper prior to 3.4.10, and 3.5.0-alpha up to and including 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the lead...
Apache Zookeeper 3.5.3
Apache Zookeeper 3.5.0
Apache Zookeeper
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Oracle Goldengate Stream Analytics
4.3
CVSSv2
CVE-2017-18085
The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.
Atlassian Confluence
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »