Lucene search
K

2907 matches found

Nuclei
Nuclei
added 17 hours ago56 views

Atlassian Confluence <5.8.17 - Information Disclosure

Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to 1 spaces/viewdefaultdecorator.action or 2 admin/viewdefaultdecorator.action. id: CVE-2015-8399 info: name: Atlassian...

4.3CVSS6AI score0.61114EPSS
Exploits5References3
Nuclei
Nuclei
added 17 hours ago51 views

Atlassian Jira Confluence - Cross-Site Scripting

Atlassian Jira Confluence before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4, and from version 7.9.0 before version 7.9.2, allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the error messa...

6.1CVSS6.8AI score0.37611EPSS
Exploits0References5
Nuclei
Nuclei
added 17 hours ago10 views

Atlassian Confluence < 5.8.6 - Server-Side Request Forgery

Confluence Server and Data Center before 5.8.6 contain a blind server-side request forgery caused by the WidgetConnector plugin, letting remote attackers manipulate internal network resources, exploit requires network access to the server. id: CVE-2021-26072 info: name: Atlassian Confluence 5.8.6...

4.3CVSS6AI score0.38845EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday82 views

Atlassian Confluence Data Center and Server - Remote Code Execution

Detects a Remote Code Execution vulnerability in Confluence Data Center and Server versions prior to X.X affected versions. This issue allows authenticated attackers to execute arbitrary code. id: CVE-2024-21683 info: name: Atlassian Confluence Data Center and Server - Remote Code Execution autho...

8.8CVSS7.5AI score0.88267EPSS
Exploits9References5
OSV
OSV
added 4 days ago4 views

PYSEC-2026-408 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

Summary The confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the serv...

9CVSS6.7AI score0.0226EPSS
Exploits1References6
Nuclei
Nuclei
added 2026/06/25 1:31 a.m.53 views

Atlassian Confluence - Privilege Escalation

Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence. id: CVE-2023-22515 info: name: Atlassian Confluence - Privilege Escalation author:...

10CVSS7.5AI score0.99156EPSS
Exploits39References5
Nuclei
Nuclei
added 2026/06/23 5:8 a.m.51 views

Atlassian Questions For Confluence - Hardcoded Credentials

Atlassian Questions For Confluence contains a hardcoded credentials vulnerability. When installing versions 2.7.34, 2.7.35, and 3.0.2, a Confluence user account is created in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attack...

9.8CVSS7.5AI score0.9817EPSS
Exploits1References5
Nuclei
Nuclei
added 2026/06/23 5:8 a.m.67 views

Atlassian Confluence Download Attachments - Remote Code Execution

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this pat...

9CVSS8AI score0.97153EPSS
Exploits10References5
CVE
CVE
added 2026/06/16 11:20 a.m.32 views

CVE-2026-12225

CVE-2026-12225 affects syracom Secure Login (2FA) for Atlassian Jira, Confluence and Bitbucket (v3.4.0.x). The vulnerability enables an authentication bypass: an attacker with valid credentials can bypass 2FA by sending requests with a crafted User-Agent (e.g., AtlassianMobileApp, JIRA), allowing...

8.7CVSS5.6AI score0.00481EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/16 11:20 a.m.31 views

CVE-2026-12225 syracom Secure Login (2FA) for Confluence allows 2FA bypass via spoofed User-Agent

syracom AG Secure Login 2FA for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass the two-factor authentication flow by sending HTTP requests with a crafted User-Agent header containi...

8.7CVSS0.00481EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/16 11:20 a.m.6 views

EUVD-2026-37066

syracom AG Secure Login 2FA for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass the two-factor authentication flow by sending HTTP requests with a crafted User-Agent header containi...

8.7CVSS5.5AI score0.00481EPSS
Exploits0References4
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.71 views

Atlassian Confluence Server - Local File Inclusion

Atlassian Confluence Server allows remote attackers to view restricted resources via local file inclusion in the /s/ endpoint. id: CVE-2021-26085 info: name: Atlassian Confluence Server - Local File Inclusion author: princechaddha severity: medium description: Atlassian Confluence Server allows...

5.3CVSS5.6AI score0.99937EPSS
Exploits6References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.216 views

Confluence Server - Remote Code Execution

Confluence Server and Data Center contain an OGNL injection vulnerability that could allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version...

9.8CVSS8.5AI score0.99999EPSS
Exploits45References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.56 views

Confluence - Remote Code Execution

Confluence Server and Data Center is susceptible to an unauthenticated remote code execution vulnerability. id: CVE-2022-26134 info: name: Confluence - Remote Code Execution author: pdteam,jbertman severity: critical description: | Confluence Server and Data Center is susceptible to an...

9.8CVSS9.2AI score0.99999EPSS
Exploits75References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.210 views

Atlassian Confluence - Remote Code Execution

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server...

10CVSS8.7AI score0.99984EPSS
Exploits31References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.65 views

Atlassian Confluence Server - Improper Authorization

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an...

10CVSS8.6AI score0.99999EPSS
Exploits14References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.62 views

Atlassian Confluence Server - Path Traversal

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 the fixed version for 6.6.x, from version 6.7.0 before 6.12.3 the fixed version for 6.12.x, from version 6.13.0 before 6.13.3 the fixed version for 6.13.x, and from version 6.14.0 before 6.14.2 the fixed version for...

10CVSS9.4AI score0.99913EPSS
Exploits20References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-49655

Name of the Vulnerable Software and Affected Versions syracom AG Secure Login 2FA for Atlassian Jira, Confluence, and Bitbucket versions 3.4.0.x Description An authentication bypass exists where an attacker with valid user credentials can circumvent the two-factor authentication 2FA flow. By...

8.7CVSS6AI score0.00481EPSS
Exploits0References8
Atlassian
Atlassian
added 2026/06/03 2:30 p.m.6 views

Information Disclosure org.apache.tomcat:tomcat-websocket Dependency in Confluence Data Center

This High severity Information Disclosure vulnerability was introduced in versions 6.13.0, 7.4.0, 7.13.0, 7.19.0, 8.5.0, 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.1, and 10.2.0 of Confluence Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.3 and a...

7.3CVSS5.3AI score0.00548EPSS
Exploits0
Atlassian
Atlassian
added 2026/06/02 4:30 p.m.8 views

Injection io.netty:netty-codec-dns Dependency in Confluence Data Center

This is a vulnerability in a non-Atlassian Confluence dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Injection vulnerability was introduced in versions 7.0.1, 7.4.0, 7.13.0, 7.19.0, 8.5.0, 8.9.0, 9.0.1, 9.1.0, 9.2.0,...

9.1CVSS5.3AI score0.00818EPSS
Exploits1
Rows per page
Query Builder