CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

603 matches found

JIRA Workflow Designer Plugin in Atlassian JIRA Server > 6.3.0 - Remote Code Execution (XXE)

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. id: CVE-2017-5983 info: name:...

9.8CVSS7.6AI score0.04301EPSS

Exploits1References2

Atlassian•added 2026/01/08 11:27 p.m.•16 views

DoS (Denial of Service) ansi-regex Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 9.15.2, 9.16.0, 9.17.0, 10.1.1, 10.3.13, 11.2.0 of Jira Software Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of code:java...

7.8CVSS8.1AI score0.00215EPSS

Exploits1

CNNVD•added 2025/12/22 12:0 a.m.•1 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability in Mattermost versions 11.1.0 and prior to 11.1.x, 11.0.5 and prior to 11.0.x, 10.12.3 and prior to 10.12.x, and 10.11.7 and prior to 10.11.x, which stems from the Jira plugin'...

8.3CVSS6.5AI score0.00125EPSS

Exploits0References2

Atlassian•added 2025/12/10 2:3 a.m.•16 views

XXE (XML External Entity Injection) Tika Dependency in Jira Software Data Center and Server

This Jira Software release includes updates to our Apache Tika dependency in response to CVE-2025-66516. Our security team has assessed that the current scope of this CVE does not present the same critical risk in our products, as our use of the dependency doesn’t support the known path for...

9.8CVSS8.4AI score0.01579EPSS

Exploits5

Atlassian•added 2025/12/09 11:5 p.m.•11 views

DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2024-21634 was introduced in 9.12.1 of Jira Software Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to take...

7.5CVSS7.8AI score0.0033EPSS

Exploits0

Atlassian•added 2025/12/09 7:35 a.m.•11 views

DoS (Denial of Service) minimatch Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2022-3517 was introduced in 10.3.13 of Jira Software Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to take...

7.5CVSS7.5AI score0.00476EPSS

Exploits0

RedhatCVE•added 2025/10/23 1:17 a.m.•7 views

CVE-2025-22167

This High severity Path Traversal Arbitrary Write vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0 of Jira Software Data Center and Server. This Path Traversal Arbitrary Write vulnerability, with a CVSS Score of 8.7, allows an attacker to modify any filesystem...

8.7CVSS6.7AI score0.00083EPSS

Exploits1References1

CVE•added 2025/10/22 1:0 a.m.•47 views

CVE-2025-22167

CVE-2025-22167 is a high-severity path traversal with arbitrary file write in Atlassian Jira Software Data Center and Server. It affects Jira instances in the 9.12.0, 10.3.0, and 11.0.0 lineages, allowing an attacker to modify any filesystem path writable by the Jira JVM process. The CVSS v4.0 ba...

8.7CVSS6.3AI score0.00083EPSS

Exploits1References2Affected Software2