CVE-2019-3395 — CVSS 9.8 (critical): The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0…
CVE-2022-26136 — CVSS 9.8 (critical): A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third…
CVE-2012-2926 — CVSS 9.1 (critical): Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6…
CVE-2023-22522 — CVSS 8.8 (high): This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input…
CVE-2019-3394 — CVSS 8.8 (high): There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with…
CVE-2021-39114 — CVSS 8.8 (high): Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to…
CVE-2022-26137 — CVSS 8.8 (high): A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked…
CVE-2023-22505 — CVSS 8.8 (high): This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data…
CVE-2023-22508 — CVSS 8.8 (high): This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data…
CVE-2023-22526 — CVSS 8.8 (high): This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote…
CVE-2024-21672 — CVSS 8.8 (high): This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote…
CVE-2024-21673 — CVSS 8.8 (high): This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote…
CVE-2024-21677 — CVSS 8.8 (high): This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal…
CVE-2024-21683 — CVSS 8.8 (high): This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE…
CVE-2024-21686 — CVSS 8.7 (high): This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS…
CVE-2024-21678 — CVSS 8.5 (high): This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with…
CVE-2024-21690 — CVSS 8.2 (high): This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0…
CVE-2019-20406 — CVSS 7.8 (high): The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version…
CVE-2021-43940 — CVSS 7.8 (high): Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the…
CVE-2016-6668 — CVSS 7.5 (high): The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17…
CVE-2017-7415 — CVSS 7.5 (high): Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST…
CVE-2024-21674 — CVSS 7.5 (high): This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote…
CVE-2025-22166 — CVSS 7.5 (high): This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS (Denial of…
CVE-2023-22512 — CVSS 7.5 (high): This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6.0 of Confluence Data Center and Server. With a CVSS…
CVE-2012-6342 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the…
CVE-2020-29450 — CVSS 6.5 (medium): Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a…
CVE-2019-15006 — CVSS 6.5 (medium): There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data…
CVE-2018-20237 — CVSS 6.5 (medium): Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word…
CVE-2023-22504 — CVSS 6.5 (medium): Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to…
CVE-2012-2928 — CVSS 6.4 (medium): The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of…
CVE-2024-21703 — CVSS 6.4 (medium): This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for…
CVE-2019-20102 — CVSS 6.1 (medium): The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before…
CVE-2020-14175 — CVSS 5.4 (medium): Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a…
CVE-2018-20239 — CVSS 5.4 (medium): Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before…
CVE-2020-36290 — CVSS 5.4 (medium): The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0…
CVE-2020-29444 — CVSS 5.4 (medium): Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross…
CVE-2020-29448 — CVSS 5.3 (medium): The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before…
CVE-2023-22503 — CVSS 5.3 (medium): Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and…
CVE-2020-4027 — CVSS 4.7 (medium): Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass…
CVE-2020-29445 — CVSS 4.3 (medium): Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and…
CVE-2021-26072 — CVSS 4.3 (medium): The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the…