CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

644 matches found

Atlassian Confluence <5.8.17 - Information Disclosure

Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to 1 spaces/viewdefaultdecorator.action or 2 admin/viewdefaultdecorator.action. id: CVE-2015-8399 info: name: Atlassian...

4.3CVSS5.9AI score0.93251EPSS

Exploits5References3

Positive Technologies•added 3 days ago•8 views

PT-2026-45412

🔒 CyberSecurity CVE-2026-37890: Atlassian Confluence OGNL Injection — Detection and Emergency P… "Critical OGNL injection flaw CVE-2026-37890 in Atlassian Confluence…" 🔗 https://t.co/RLZcRST2d3 CyberSecurity ThreatIntel penetrationtesting redteam offensivesecurity...

5.8AI score

Exploits0References1

EUVD•added 2026/03/10 6:56 p.m.•0 views

EUVD-2026-10810

MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained downloadpath in confluencedownloadattachment...

9CVSS6.3AI score0.00021EPSS

Exploits1References2

Cvelist•added 2026/03/10 6:53 p.m.•24 views

CVE-2026-27825 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, the confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool an...

9CVSS0.00021EPSS

Exploits1References2

GithubExploit•added 2026/03/10 8:1 a.m.•169 views

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE Docker Lab A collection of Docker-based reproduction envi...

10CVSS7.1AI score0.9444EPSS

Exploits1065

GithubExploit•added 2026/02/26 5:52 p.m.•118 views

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2022-26134 - Atlassian Confluence OGNL RCE This script is...

9.8CVSS6.5AI score0.94408EPSS

Exploits75

Tenable Nessus•added 2026/02/20 12:0 a.m.•3 views

Atlassian Confluence 9.0.0 < 9.2.14 / 9.2.15 / 9.3.1 < 10.2.3 / 10.2.6 (CONFSERVER-102186)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-102186 advisory. - Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of...

7.5CVSS6.9AI score0.01453EPSS

Exploits2References2

Tenable Nessus•added 2026/01/06 12:0 a.m.•2 views

Atlassian Confluence < 8.5.18 / 8.6.x < 9.2.1 / 9.3.x < 9.3.1 / 9.4.x < 9.5.4 / 10.0.x < 10.0.2 / 10.1.0 (CONFSERVER-101486)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101486 advisory. - decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. CVE-2022-38900 Note that Nessus has not tested for this...

7.5CVSS6.8AI score0.00429EPSS

Exploits1References2

GithubExploit•added 2025/12/05 10:43 a.m.•174 views

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

╔═══════════════════════════════════════════════════════════...

9.8CVSS8.7AI score0.94408EPSS

Exploits88

GithubExploit•added 2025/10/24 6:38 a.m.•159 views

Exploit for Improper Input Validation in Atlassian Confluence_Data_Center

LetsDefend-SOC235-Atlassian-Confluence-Broken-Access-Control-0...

10CVSS7.8AI score0.94326EPSS

Exploits39