Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

0day.today
0day.todayadded 2024/01/29 12:0 a.m.558 views

Atlassian Confluence SSTI Injection Exploit

This Metasploit module exploits an SSTI injection in Atlassian Confluence servers. A specially crafted HTTP request uses the injection to evaluate an OGNL expression resulting in OS command execution. Versions 8.5.0 through 8.5.3 and 8.0 to 8.4 are known to be vulnerable. This module requires...

9.8CVSS7.6AI score0.99984EPSS
Exploits31
GithubExploit
GithubExploitadded 2022/09/23 11:5 a.m.345 views

Exploit for Argument Injection in Atlassian Bitbucket

Original Project https://github.com/BenHays142/CVE-2022-3680...

8.8CVSS9.1AI score0.99174EPSS
Exploits24
The Hacker News
The Hacker Newsadded 2022/07/21 8:41 a.m.225 views

Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability

Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. The flaw, tracked as CVE-2022-26138, arises when the app in question is enable...

1AI score0.9817EPSS
Exploits1
Tenable Nessus
Tenable Nessusadded 2022/07/06 12:0 a.m.11 views

Atlassian Jira 8.13.x < 8.14.0 SQLI (JRASERVER-71833)

The version of Atlassian Jira installed on the remote host is prior to 8.13.x 8.14.0. It is, therefore, affected by a vulnerability as referenced in the JRASERVER-71833 advisory. - Affected versions of Jira Server have a SQL injection vulnerability that has now been fixed by removing the vulnerab...

5.9AI score
Exploits0References1
Rapid7 Blog
Rapid7 Blogadded 2021/09/02 3:44 p.m.179 views

Active Exploitation of Confluence Server & Confluence Data Center: CVE-2021-26084

This attack is ongoing. See the Updates section at the end of this post for new information as it comes to light. On August 25, 2021, Atlassian published details on CVE-2021-26084, a critical remote code execution vulnerability in Confluence Server and Confluence Data Center. The vulnerability...

7.5CVSS0.3AI score0.99999EPSS
Exploits45
Hacker One
Hacker Oneadded 2019/10/14 12:47 p.m.253 views

QIWI: Unauthenticated SSRF in jira.tochka.com leading to RCE in confluence.bank24.int

Summary This report describes a combination of two separate vulnerabilities in two separate services. This chain of vulnerabilities allows unauthenticated attacker to run arbitrary code on a server inside the company's internal network. Vulnerability 1 Jira at https://jira.tochka.com is vulnerabl...

10CVSS0.1AI score0.99913EPSS
Exploits22
Atlassian
Atlassianadded 2017/12/21 5:4 a.m.47 views

Git LFS: Arbitrary command execution in repositories with Git LFS enabled - CVE-2017-17831

The embedded version of Git LFS|https://git-lfs.github.com used in Sourcetree for macOS was vulnerable to CVE-2017-17831. An attacker can exploit this issue if they can commit to a git repository linked in Sourcetree for macOS by adding a .lfsconfig file containing a malicious lfs url, allowing...

8.8CVSS9.3AI score0.03677EPSS
Exploits1
Rows per page
Query Builder