All vulnerabilities
45759 / 45759
Sort
5.3
CVE-2023-23752CVE KEV
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unautho…
2023-01-01KEV
EPSS94.5%
pct 100
9.8
CVE-2017-8917CVE
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary…
2017-01-01Pre-auth
EPSS94.5%
pct 99
9.8
CVE-2018-7600DEB KEV
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote …
2018-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2021-22986CVE KEV
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x…
2021-01-01KEV
EPSS94.5%
pct 99
8.8
CVE-2018-1000861DEB KEV
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and ea…
2018-01-01KEV
EPSS94.5%
pct 99
8.1
CVE-2017-1000353DEB KEV
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauth…
2017-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2018-13379CVE KEV
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet F…
2018-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2019-3396CVE KEV
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed vers…
2019-01-01KEV
EPSS94.5%
pct 99
7.5
CVE-2019-17558DEB KEV
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the Ve…
2019-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2022-46169DEB KEV
Cacti is an open source platform which provides a robust and extensible operational monitoring …
2022-01-01KEV
EPSS94.5%
pct 99
7.6
CVE-2020-1938DEB KEV
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connectio…
2020-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2024-6670CVE KEV
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unau…
2024-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2019-2725CVE KEV
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent…
2019-01-01KEV
EPSS94.5%
pct 99
10.0
CVE-2021-22205ANC KEV
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab …
2021-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2024-23897DEB KEV
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI comman…
2024-01-01KEV
EPSS94.5%
pct 99
7.5
CVE-2014-0160DEB KEV
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle …
2014-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2022-22963CVE KEV
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routi…
2022-01-01KEV
EPSS94.5%
pct 99
10.0
CVE-2019-11510CVE KEV
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 bef…
2019-01-01KEV
EPSS94.5%
pct 99
10.0
CVE-2022-22947CVE KEV
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a …
2022-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2021-44529CVE KEV
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unaut…
2021-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2019-16662CVE
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by s…
2019-01-01Pre-auth
EPSS94.5%
pct 99
9.8
CVE-2019-15107DEB KEV
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a …
2019-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2022-44877CVE KEV
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows r…
2022-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2022-1388CVE KEV
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versi…
2022-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2020-14882CVE KEV
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Con…
2020-01-01KEV
EPSS94.5%
pct 99
9.8
CVE-2019-0708MSR KEV
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Termi…
2019-01-01MicrosoftKEV
EPSS94.5%
pct 99
9.8
CVE-2022-30525CVE KEV
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versi…
2022-01-01KEV
EPSS94.4%
pct 99
9.8
CVE-2021-22005CVE KEV
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A …
2021-01-01KEV
EPSS94.4%
pct 99
9.8
CVE-2022-22954CVE KEV
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability …
2022-01-01KEV
EPSS94.4%
pct 99
8.8
CVE-2019-1003000CVE
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/ja…
2019-01-01
EPSS94.4%
pct 99
9.8
CVE-2019-19781CVE KEV
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1,…
2019-01-01KEV
EPSS94.4%
pct 99
7.5
CVE-2023-32315CVE KEV
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administra…
2023-01-01KEV
EPSS94.4%
pct 99
9.8
CVE-2021-26084CVE KEV
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exis…
2021-01-01KEV
EPSS94.4%
pct 99
9.8
CVE-2022-24112CVE KEV
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction o…
2022-01-01KEV
EPSS94.4%
pct 99
9.8
CVE-2022-1040CVE KEV
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker…
2022-01-01KEV
EPSS94.4%
pct 99
7.2
CVE-2020-14883CVE KEV
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Con…
2020-01-01KEV
EPSS94.4%
pct 99
7.5
CVE-2017-10271CVE KEV
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent…
2017-01-01KEV
EPSS94.4%
pct 99
9.8
CVE-2023-35078CVE KEV
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restr…
2023-01-01KEV
EPSS94.4%
pct 99
7.5
CVE-2021-43798DEB KEV
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-bet…
2021-01-01KEV
EPSS94.4%
pct 99
9.8
CVE-2020-14750CVE KEV
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Con…
2020-01-01KEV
EPSS94.4%
pct 99
CVE-2019-3396Critical KEVConfirmedExploit available
CVE
CVE
National Vulnerability Database
NVD is the U.S. government repository of standards-based vulnerability management data, built on top of the MITRE CVE list. Every record includes CPE applicability statements, CVSS v2 and v3.x base scores, CWE mappings and cross-references to advisories.
Region
US
Updates
15 min
License
Public Domain
Comprehensive catalog of publicly disclosed vulnerabilities with CPE matches, CVSS scoring and reference URLs. De-facto standard for cross-vendor correlation.
https://nvd.nist.gov →Share link
Anyone with the link can open this vulnerability.
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.…
CVSS
9.8
Critical
EPSS
0.94
p99
Published
2019-01-01
Updated
2021-11-03
Description
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
Tags · CWE
KEVPre-auth
CWE-22
CWE-22
Full CWE description will appear here in the next release.
CAPEC-64
CAPEC-64
Full CAPEC description will appear here in the next release.
CAPEC-76
CAPEC-76
Full CAPEC description will appear here in the next release.
CAPEC-78
CAPEC-78
Full CAPEC description will appear here in the next release.
CAPEC-79
CAPEC-79
Full CAPEC description will appear here in the next release.
CAPEC-126
CAPEC-126
Full CAPEC description will appear here in the next release.
Affected products
Confluence_server < 6.6.12Confluence_server 6.7.0–6.12.3Confluence_server 6.13.0–6.13.3Confluence_server 6.14.0–6.14.2
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
2019-01-01
Published
2021-11-03
Added to KEV
2021-11-03
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.945 · p99
Known exploited (KEV)
Yes
Known exploits — Сканер-ВС
CVE-2019-3396
cisa · https://www.cisa.gov/known-exploited-vulnerabilities-catalog
46731
exploitdb · https://www.exploit-db.com/exploits/46731
49465
exploitdb · https://www.exploit-db.com/exploits/49465
Affected software
| Product | Vendor | Status |
|---|---|---|
| confluence_server | * | Exploited |
Source databases
CVE
CVE
National Vulnerability Database
NVD is the U.S. government repository of standards-based vulnerability management data, built on top of the MITRE CVE list. Every record includes CPE applicability statements, CVSS v2 and v3.x base scores, CWE mappings and cross-references to advisories.
Region
US
Updates
15 min
License
Public Domain
Comprehensive catalog of publicly disclosed vulnerabilities with CPE matches, CVSS scoring and reference URLs. De-facto standard for cross-vendor correlation.
https://nvd.nist.gov →Related vulnerabilities