Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
confluence vulnerabilities and exploits
(subscribe to this query)
606
VMScore
CVE-2016-10750
In Hazelcast prior to 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrar...
Hazelcast Hazelcast
1 Article
NA
CVE-2022-26138
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded passw...
Atlassian Questions For Confluence 3.0.2
Atlassian Questions For Confluence 2.7.35
Atlassian Questions For Confluence 2.7.34
3 Github repositories
1 Article
NA
CVE-2024-21677
This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated malicious user to exploit an undefinable vulnerability which has high impact to confi...
614
VMScore
CVE-2021-43940
Affected versions of Atlassian Confluence Server and Data Center allow authenticated local malicious users to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence...
Atlassian Confluence Server
Atlassian Confluence Data Center
668
VMScore
CVE-2019-10100
In JetBrains YouTrack Confluence plugin versions prior to 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the link-text-tem...
Jetbrains Youtrack Integration
445
VMScore
CVE-2018-18289
The MESILAT Zabbix plugin prior to 1.1.15 for Atlassian Confluence allows malicious users to read arbitrary files.
Mesilat Zabbix
383
VMScore
CVE-2021-37412
The TechRadar app 1.1 for Confluence Server allows XSS via the Title field of a Radar.
It-economics Techradar 1.1
NA
CVE-2023-30452
The MoroSystems EasyMind - Mind Maps plugin prior to 2.15.0 for Confluence allows persistent XSS when saving a Mind Map with the hyperlink parameter.
Morosystems Easymind
383
VMScore
CVE-2019-15233
The Live:Text Box macro in the Old Street Live Input Macros app prior to 2.11 for Confluence has XSS, leading to theft of the Administrator Session Cookie.
Oldstreetsolutions Live Input Macros
1 Github repository
534
VMScore
CVE-2019-15053
The "HTML Include and replace macro" plugin prior to 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element.
Atlassian Html Include And Replace Macro
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »