Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2017-18112

    Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before version 4.8.3.... Read more

    Affected Products : fisheye
    • Published: Aug. 05, 2020
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2017-18111

    The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This ... Read more

    Affected Products : application_links
    • Published: Mar. 29, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18110

    The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability.... Read more

    Affected Products : crowd
    • Published: Mar. 29, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18109

    The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redir... Read more

    Affected Products : crowd
    • Published: Mar. 29, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2017-18108

    The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection.... Read more

    Affected Products : crowd
    • Published: Mar. 29, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18107

    Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application... Read more

    Affected Products : crowd
    • Published: Dec. 17, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18106

    The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an applica... Read more

    Affected Products : crowd
    • Published: Mar. 29, 2019
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-18105

    The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third p... Read more

    Affected Products : crowd
    • Published: Mar. 29, 2019
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-18104

    The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not b... Read more

    Affected Products : jira jira_server
    • Published: Jul. 24, 2018
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2017-18103

    The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml.... Read more

    Affected Products : http_library
    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-18102

    The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in nested wiki markup.... Read more

    Affected Products : jira_server
    • Published: Apr. 17, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18101

    Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers t... Read more

    Affected Products : jira jira_server
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18100

    The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters.... Read more

    Affected Products : jira jira_server
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18098

    The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields.... Read more

    Affected Products : jira jira_server
    • Published: Apr. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-18097

    The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in t... Read more

    Affected Products : jira jira_server
    • Published: Apr. 06, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2017-18096

    The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Sid... Read more

    Affected Products : application_links
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-18095

    The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability.... Read more

    Affected Products : crucible
    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2017-18094

    Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability th... Read more

    Affected Products : crucible fisheye
    • Published: Mar. 22, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2017-18093

    Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site script... Read more

    Affected Products : crucible fisheye
    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-18092

    The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of a co... Read more

    Affected Products : crucible
    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293260 Results