Lucene search
K

310 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:47 a.m.10 views

CVE-2024-21703

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitiv...

6.4CVSS6.2AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:45 a.m.13 views

CVE-2023-22527

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server...

10CVSS9.8AI score0.99984EPSS
Exploits32References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:44 a.m.8 views

CVE-2023-22526

This High severity RCE Remote Code Execution vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high...

8.8CVSS7.6AI score0.01565EPSS
Exploits0References1
Atlassian
Atlassian
added 2025/05/22 11:8 p.m.15 views

DoS (Denial of Service) Third-Party Dependency in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in version 7.19 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to...

7.5CVSS7.3AI score0.01119EPSS
Exploits1
Atlassian
Atlassian
added 2025/05/07 5:9 a.m.32 views

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to...

7.5CVSS6.9AI score0.66933EPSS
Exploits5
Atlassian
Atlassian
added 2025/04/09 12:12 p.m.36 views

DoS (Denial of Service) com.thoughtworks.xstream:xstream Dependency in Confluence Data Center and Server

This High severity com.thoughtworks.xstream:xstream Dependency vulnerability was introduced in versions 2.2 of Confluence Data Center and Server. This com.thoughtworks.xstream:xstream Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.6AI score0.02015EPSS
Exploits0
Atlassian
Atlassian
added 2025/04/04 7:12 a.m.44 views

XXE (XML External Entity Injection) org.codehaus.jackson:jackson-mapper-asl Dependency in Confluence Data Center and Server

This High severity XXE XML External Entity Injection org.codehaus.jackson:jackson-mapper-asl Dependency vulnerability was introduced in versions 8.5 of Confluence Data Center and Server. This org.codehaus.jackson:jackson-mapper-asl Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS...

9.8CVSS6.9AI score0.17044EPSS
Exploits0
Atlassian
Atlassian
added 2025/04/03 6:12 a.m.23 views

DoS (Denial of Service) io.netty:netty-handler Dependency in Confluence Data Center and Server

This High severity io.netty:netty-handler Dependency vulnerability was introduced in versions 7.19 of Confluence Data Center and Server. This io.netty:netty-handler Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS6.8AI score0.01966EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.5 views

PT-2025-12012

Name of the Vulnerable Software and Affected Versions BCryptPasswordEncoder affected versions not specified Description The issue concerns the BCryptPasswordEncoder, where the matchesCharSequence, String function will incorrectly return true for passwords larger than 72 characters, as long as the...

7.4CVSS7.8AI score0.00568EPSS
Exploits0References27
RedhatCVE
RedhatCVE
added 2025/03/19 11:25 p.m.13 views

CVE-2023-22512

This High severity DoS Denial of Service vulnerability was introduced in version 5.6.0 of Confluence Data Center and Server. With a CVSS Score of 7.5, this vulnerability allows an unauthenticated attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely...

7.5CVSS7.1AI score0.13734EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/17 10:34 p.m.7 views

CVE-2023-22512

This High severity DoS Denial of Service vulnerability was introduced in version 5.6.0 of Confluence Data Center and Server. With a CVSS Score of 7.5, this vulnerability allows an unauthenticated attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely...

7.5CVSS7.5AI score0.13734EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/15 7:37 a.m.16 views

CVE-2024-21683

This High severity RCE Remote Code Execution vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentialit...

8.8CVSS7.4AI score0.88267EPSS
Exploits9References1
Atlassian
Atlassian
added 2025/02/14 8:12 a.m.37 views

RCE (Remote Code Execution) org.apache.tomcat:tomcat-catalina Dependency in Confluence Data Center and Server

This Critical severity org.apache.tomcat:tomcat-catalina Dependency vulnerability was introduced in version 6.10 of Confluence Data Center and Server. This org.apache.tomcat:tomcat-catalina Dependency vulnerability, with a CVSS Score of 9.8 and a CVSS Vector of...

9.8CVSS7.5AI score0.43663EPSS
Exploits13
Atlassian
Atlassian
added 2025/02/14 8:12 a.m.32 views

RCE (Remote Code Execution) org.apache.tomcat:tomcat-catalina Dependency in Confluence Data Center and Server

This Critical severity org.apache.tomcat:tomcat-catalina Dependency vulnerability was introduced in version 6.10 of Confluence Data Center and Server. This org.apache.tomcat:tomcat-catalina Dependency vulnerability, with a CVSS Score of 9.8 and a CVSS Vector of...

9.8CVSS7.4AI score0.43663EPSS
Exploits13
RedhatCVE
RedhatCVE
added 2025/02/05 11:16 a.m.10 views

CVE-2024-21677

This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact...

8.8CVSS6.8AI score0.00926EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:15 a.m.10 views

CVE-2024-21686

This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...

8.7CVSS6AI score0.0089EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:11 a.m.9 views

CVE-2024-21673

This High severity Remote Code Execution RCE vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution RCE vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker t...

8.8CVSS7.1AI score0.01504EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:51 a.m.11 views

CVE-2024-21672

This High severity Remote Code Execution RCE vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution RCE vulnerability, with a CVSS Score of 8.3 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H allows an unauthenticated attacker t...

8.8CVSS7.5AI score0.01363EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:40 a.m.9 views

CVE-2024-21678

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...

8.5CVSS6AI score0.00471EPSS
Exploits0References1
Atlassian
Atlassian
added 2024/12/19 7:14 p.m.30 views

IDOR (Insecure Direct Object Reference) org.springframework:spring-webmvc Dependency in Confluence Data Center and Server

This High severity org.springframework:spring-webmvc Dependency vulnerability was introduced in version 3.0 of Confluence Data Center and Server. This org.springframework:spring-webmvc Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.6AI score0.54862EPSS
Exploits6
Rows per page
Query Builder