Lucene search
K

2907 matches found

Atlassian
Atlassian
added 2026/04/16 6:22 p.m.21 views

RCE (Remote Code Execution) org.yaml:snakeyaml Dependency in Confluence Data Center

This Confluence release includes updates to our org.yaml:snakeyaml dependency in response to CVE-2022-1471. Our security team has assessed that the current scope of this CVE does not present the same critical risk in our products, as our use of the dependency doesn’t support the known path for...

9.8CVSS6.5AI score0.99615EPSS
Exploits7
Atlassian
Atlassian
added 2026/04/11 10:29 a.m.20 views

File Inclusion node-tar Dependency in Confluence Data Center

This High severity File Inclusion vulnerability was introduced in versions 8.9.0, 9.0.1, 9.0.3, 9.1.0, 9.2.5, 9.5.1, 10.1.2 and 10.2.0 of Confluence Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of...

8.2CVSS5.9AI score0.00253EPSS
Exploits4
Atlassian
Atlassian
added 2026/04/10 10:29 p.m.19 views

DoS (Denial of Service) axios Dependency in Confluence Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 9.0.1, 9.0.3, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS5.7AI score0.02591EPSS
Exploits1
Atlassian
Atlassian
added 2026/04/10 10:29 p.m.23 views

HTTP Request Smuggling io.netty:netty-codec-http Dependency in Confluence Data Center

This High severity HTTP Request Smuggling vulnerability was introduced in version 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, 10.2.0 of Confluence Data Center. This HTTP Request Smuggling vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS5.8AI score0.0064EPSS
Exploits1
Atlassian
Atlassian
added 2026/04/10 10:29 p.m.21 views

DoS (Denial of Service) io.netty:netty-codec-http2 Dependency in Confluence Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 8.7 and a CVSS Vector of...

8.7CVSS5.8AI score0.01125EPSS
Exploits0
Atlassian
Atlassian
added 2026/04/08 4:29 a.m.20 views

DoS (Denial of Service) valibot Dependency in Confluence Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 9.1.1, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.1.2, and 10.2.0 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

7.5CVSS5.7AI score0.00289EPSS
Exploits0
Atlassian
Atlassian
added 2026/04/08 4:29 a.m.23 views

DoS (Denial of Service) org.bitbucket.b_c:jose4j Dependency in Confluence Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.2.14, 9.3.1, 9.4.0, 9.5.1, and 10.2.3 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS5.7AI score0.00244EPSS
Exploits1
Atlassian
Atlassian
added 2026/04/08 4:29 a.m.21 views

DoS (Denial of Service) css Dependency in Confluence Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 9.0.1, 9.2.3, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.2, and 10.2.0 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS5.7AI score0.01121EPSS
Exploits0
Atlassian
Atlassian
added 2026/04/08 4:29 a.m.22 views

File Inclusion node-tar Dependency in Confluence Data Center

This High severity File Inclusion vulnerability was introduced in versions 8.9.0, 9.0.1, 9.0.3, 9.1.0, 9.2.5, 9.5.1, 10.1.2, and 10.2.0 of Confluence Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N allows a...

8.2CVSS6AI score0.00541EPSS
Exploits1
Atlassian
Atlassian
added 2026/04/08 4:29 a.m.20 views

File Inclusion node-tar Dependency in Confluence Data Center

This High severity File Inclusion vulnerability was introduced in versions 8.9.0, 9.0.1, 9.0.3, 9.1.0, 9.2.5, 9.5.1, 10.1.2, and 10.2.0 of Confluence Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of...

8.2CVSS7.2AI score0.00334EPSS
Exploits2
Atlassian
Atlassian
added 2026/04/08 4:29 a.m.20 views

Path Traversal (Arbitrary Write) node-tar Dependency in Confluence Data Center

This High severity Path Traversal vulnerability was introduced in versions 8.9.0, 9.0.1, 9.0.3, 9.1.0, 9.2.5, 9.5.1, 10.1.2, and 10.2.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L allows a...

8.8CVSS5.8AI score0.00233EPSS
Exploits1
Atlassian
Atlassian
added 2026/04/08 4:29 a.m.20 views

File Inclusion node-tar Dependency in Confluence Data Center

This High severity File Inclusion vulnerability was introduced in versions 8.9.0, 9.0.1, 9.0.3, 9.1.0, 9.2.5, 9.5.1, 10.1.2, and 10.2.0 of Confluence Data Center. This File Inclusion vulnerability, with a CVSS Score of 7.1 and a CVSS Vector of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N allows a...

7.1CVSS5.9AI score0.00288EPSS
Exploits1
Atlassian
Atlassian
added 2026/04/08 4:29 a.m.20 views

DOM-based XSS @remix-run/router Dependency in Confluence Data Center

This High severity DOM-based XSS vulnerability was introduced in versions 9.0.1, 9.0.3, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This DOM-based XSS vulnerability, with a CVSS Score of 8 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A...

8CVSS7.6AI score0.0077EPSS
Exploits0
Atlassian
Atlassian
added 2026/04/08 4:29 a.m.23 views

Injection immutable Dependency in Confluence Data Center

This High severity Injection vulnerability was introduced in versions 9.0.1, 9.0.3, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This Injection vulnerability, with a CVSS Score of 8.7 and a CVSS Vector of...

9.8CVSS5.7AI score0.00978EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.5 views

Atlassian Confluence 9.0.1 < 9.0.2 / 9.2.5 < 9.2.15 / 9.5.1 < 10.2.7 (CONFSERVER-102542)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-102542 advisory. - Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a...

7.5CVSS6.9AI score0.03026EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.6 views

CVE-2026-27825

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, the confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool an...

9CVSS6.5AI score0.0226EPSS
Exploits1References1
Atlassian
Atlassian
added 2026/03/23 11:29 p.m.22 views

Injection dompurify Dependency in Confluence Data Center

This High severity Injection vulnerability was introduced in versions 9.0.1, 9.0.3, 9.1.0, 9.2.14, and 10.2.3 of Confluence Data Center. This Injection vulnerability, with a CVSS Score of 7.3 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L allows an unauthenticated attacker to...

7.3CVSS5.2AI score0.00844EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/11 5:29 p.m.3 views

SUSE CVE-2025-13523

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS6AI score0.00189EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/10 8:42 p.m.4 views

External Control of File Name or Path

Overview mcp-atlassian is a The Model Context Protocol MCP Atlassian integration is an open-source implementation that bridges Atlassian products Jira and Confluence with AI language models following Anthropic's MCP specification. This project enables secure, contextual AI interactions with...

9CVSS6.3AI score0.0226EPSS
Exploits1References2
NVD
NVD
added 2026/03/10 8:16 p.m.10 views

CVE-2026-27825

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, the confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool an...

9CVSS0.0226EPSS
Exploits1References2
Rows per page
Query Builder