Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
confluence vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2016-10750
In Hazelcast prior to 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrar...
Hazelcast Hazelcast
1 Article
NA
CVE-2022-26138
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded passw...
Atlassian Questions For Confluence 3.0.2
Atlassian Questions For Confluence 2.7.35
Atlassian Questions For Confluence 2.7.34
3 Github repositories
1 Article
NA
CVE-2024-21677
This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated malicious user to exploit an undefinable vulnerability which has high impact to confi...
6.9
CVSSv2
CVE-2021-43940
Affected versions of Atlassian Confluence Server and Data Center allow authenticated local malicious users to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence...
Atlassian Confluence Server
Atlassian Confluence Data Center
7.5
CVSSv2
CVE-2019-10100
In JetBrains YouTrack Confluence plugin versions prior to 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the link-text-tem...
Jetbrains Youtrack Integration
5
CVSSv2
CVE-2018-18289
The MESILAT Zabbix plugin prior to 1.1.15 for Atlassian Confluence allows malicious users to read arbitrary files.
Mesilat Zabbix
4.3
CVSSv2
CVE-2021-37412
The TechRadar app 1.1 for Confluence Server allows XSS via the Title field of a Radar.
It-economics Techradar 1.1
NA
CVE-2023-30452
The MoroSystems EasyMind - Mind Maps plugin prior to 2.15.0 for Confluence allows persistent XSS when saving a Mind Map with the hyperlink parameter.
Morosystems Easymind
4.3
CVSSv2
CVE-2019-15233
The Live:Text Box macro in the Old Street Live Input Macros app prior to 2.11 for Confluence has XSS, leading to theft of the Administrator Session Cookie.
Oldstreetsolutions Live Input Macros
1 Github repository
6
CVSSv2
CVE-2019-15053
The "HTML Include and replace macro" plugin prior to 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element.
Atlassian Html Include And Replace Macro
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »