Lucene search
K

171 matches found

Atlassian
Atlassian
added 2026/06/12 6:50 p.m.7 views

Prototype Pollution axios Dependency in Jira Software Data Center and Server

This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Prototype Pollution vulnerability was introduced in versions 10.3.0 and 11.3.0 of Jira Software Data Center and Server. This...

9CVSS5.7AI score0.01815EPSS
Exploits5
Atlassian
Atlassian
added 2026/06/12 1:31 p.m.9 views

Cryptographic Failure org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center

This High severity Cryptographic Failure vulnerability was introduced in version 11.3.4 of Jira Software Data Center. This Cryptographic Failure vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated attacker to to get...

7.5CVSS5.7AI score0.03494EPSS
Exploits1
Atlassian
Atlassian
added 2026/06/03 4:30 p.m.5 views

SSRF (Server-Side Request Forgery) axios Dependency in Jira Software Data Center

This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity SSRF Server-Side Request Forgery vulnerability was introduced in versions 9.17.2, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0,...

9.9CVSS5.3AI score0.01186EPSS
Exploits1
Atlassian
Atlassian
added 2026/06/03 4:30 p.m.6 views

HTTP Request Smuggling io.netty:netty-codec-http Dependency in Jira Software Data Center

This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This High severity HTTP Request Smuggling vulnerability was introduced in versions 9.12.1, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0,...

9.1CVSS5.3AI score0.00633EPSS
Exploits1
Atlassian
Atlassian
added 2026/05/06 4:29 p.m.6 views

HTTP Request Smuggling io.netty:netty-codec-http Dependency in Jira Software Data Center

This is a vulnerability in a non-Atlassian Jira dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This High severity HTTP Request Smuggling vulnerability was introduced in versions 9.12.1, 10.3.0, 11.3.0 of Jira Software Data Center and Jira...

7.5CVSS5.2AI score0.0064EPSS
Exploits1
Atlassian
Atlassian
added 2026/05/06 4:29 p.m.8 views

DoS (Denial of Service) io.netty:netty-codec-http2 Dependency in Jira Software Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 9.12.1, 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS...

8.7CVSS5.4AI score0.01125EPSS
Exploits0
Atlassian
Atlassian
added 2026/03/12 8:28 p.m.19 views

Path Traversal node-tar Dependency in Jira Software Data Center

This High severity Path Traversal vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.1 of Jira Software Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.8 and a CVS...

8.8CVSS5.8AI score0.00233EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/22 12:20 a.m.4 views

CVE-2025-57681

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...

5.4CVSS5.7AI score0.00187EPSS
Exploits1References1
OSV
OSV
added 2026/01/21 5:16 p.m.4 views

CVE-2025-57681

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...

5.4CVSS5.9AI score0.00187EPSS
Exploits1References2
NVD
NVD
added 2026/01/21 5:16 p.m.4 views

CVE-2025-57681

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...

5.4CVSS0.00187EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/21 12:30 a.m.6 views

CVE-2025-67824

The WorklogPRO - Jira Timesheets plugin in the Jira Data Center before 4.24.2-jira9, 4.24.2-jira10 and 4.24.2-jira11 allows attackers to inject arbitrary HTML or JavaScript via XSS. This is exploited via a crafted payload placed in the name of a filter. This code is executed in the browser when t...

6.1CVSS5.8AI score0.0021EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/21 12:0 a.m.2 views

CVE-2025-57681

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...

5.4CVSS5.6AI score0.00187EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/21 12:0 a.m.16 views

CVE-2025-57681

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...

0.00187EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.5 views

PT-2026-3781

Name of the Vulnerable Software and Affected Versions WorklogPRO - Timesheets for Jira versions prior to 4.23.6-jira10 WorklogPRO - Timesheets for Jira versions prior to 4.23.5-jira9 Description The WorklogPRO - Timesheets for Jira plugin contains a flaw that allows the injection of arbitrary HTM...

5.4CVSS5.6AI score0.00187EPSS
Exploits1References4
EUVD
EUVD
added 2026/01/21 12:0 a.m.4 views

EUVD-2026-3658

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...

5.4CVSS5.7AI score0.00187EPSS
Exploits1References3
CVE
CVE
added 2026/01/21 12:0 a.m.12 views

CVE-2025-57681

The CVE-2025-57681 entry covers a Cross-Site Scripting (XSS) vulnerability in the WorklogPRO - Timesheets for Jira plugin for Jira Data Center. Concrete details from connected sources show: affected software and versions (WorklogPRO - Timesheets for Jira ≤ before 4.23.6-jira10 and ≤ before 4.23.5...

5.4CVSS5.7AI score0.00187EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/01/20 4:16 p.m.9 views

CVE-2025-67824

The WorklogPRO - Jira Timesheets plugin in the Jira Data Center before 4.24.2-jira9, 4.24.2-jira10 and 4.24.2-jira11 allows attackers to inject arbitrary HTML or JavaScript via XSS. This is exploited via a crafted payload placed in the name of a filter. This code is executed in the browser when t...

6.1CVSS0.0021EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/20 12:0 a.m.15 views

CVE-2025-67824

The WorklogPRO - Jira Timesheets plugin in the Jira Data Center before 4.24.2-jira9, 4.24.2-jira10 and 4.24.2-jira11 allows attackers to inject arbitrary HTML or JavaScript via XSS. This is exploited via a crafted payload placed in the name of a filter. This code is executed in the browser when t...

0.0021EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/20 12:0 a.m.3 views

CVE-2025-67824

The WorklogPRO - Jira Timesheets plugin in the Jira Data Center before 4.24.2-jira9, 4.24.2-jira10 and 4.24.2-jira11 allows attackers to inject arbitrary HTML or JavaScript via XSS. This is exploited via a crafted payload placed in the name of a filter. This code is executed in the browser when t...

5.8AI score0.0021EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.6 views

PT-2026-3630

Name of the Vulnerable Software and Affected Versions WorklogPRO - Jira Timesheets plugin versions prior to 4.24.1-jira9 WorklogPRO - Jira Timesheets plugin versions prior to 4.24.1-jira10 WorklogPRO - Jira Timesheets plugin versions prior to 4.24.1-jira11 Description The WorklogPRO - Jira...

6.1CVSS5.3AI score0.0021EPSS
Exploits1References7
Rows per page
Query Builder