Atlassian Confluence Data Center — known CVE vulnerabilities
Every CVE whose affected-product data names Atlassian Confluence Data Center, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2022-26136 — CVSS 9.8 (critical): A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third…
CVE-2023-22508 — CVSS 8.8 (high): This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data…
CVE-2023-22522 — CVSS 8.8 (high): This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input…
CVE-2024-21677 — CVSS 8.8 (high): This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal…
CVE-2024-21673 — CVSS 8.8 (high): This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote…
CVE-2024-21672 — CVSS 8.8 (high): This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote…
CVE-2021-39114 — CVSS 8.8 (high): Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to…
CVE-2022-26137 — CVSS 8.8 (high): A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked…
CVE-2023-22526 — CVSS 8.8 (high): This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote…
CVE-2023-22505 — CVSS 8.8 (high): This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data…
CVE-2024-21683 — CVSS 8.8 (high): This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE…
CVE-2024-21686 — CVSS 8.7 (high): This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS…
CVE-2024-21678 — CVSS 8.5 (high): This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with…
CVE-2024-21690 — CVSS 8.2 (high): This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0…
CVE-2021-43940 — CVSS 7.8 (high): Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the…
CVE-2025-22166 — CVSS 7.5 (high): This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS (Denial of…
CVE-2022-42977 — CVSS 7.5 (high): The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application…
CVE-2022-42978 — CVSS 7.5 (high): In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could…
CVE-2023-22512 — CVSS 7.5 (high): This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6.0 of Confluence Data Center and Server. With a CVSS…
CVE-2024-21674 — CVSS 7.5 (high): This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote…
CVE-2018-20237 — CVSS 6.5 (medium): Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word…
CVE-2020-29450 — CVSS 6.5 (medium): Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a…
CVE-2024-21703 — CVSS 6.4 (medium): This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for…
CVE-2020-36290 — CVSS 5.4 (medium): The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0…
CVE-2020-14175 — CVSS 5.4 (medium): Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a…
CVE-2020-29444 — CVSS 5.4 (medium): Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross…
CVE-2018-20239 — CVSS 5.4 (medium): Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before…
CVE-2023-22503 — CVSS 5.3 (medium): Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and…
CVE-2020-29448 — CVSS 5.3 (medium): The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before…
CVE-2021-26072 — CVSS 4.3 (medium): The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the…