Confluence
This hub aggregates every CVE we track for Confluence, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
34
CVEs tracked
2
Critical
8
High
1
In CISA KEV
Severity distribution
MEDIUM22HIGH8LOW2CRITICAL2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
13
0
0
0
0
0
1
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Confluence.
- CVE-2025-13523Cross-Site Scripting (XSS) via Unescaped Display Names in Mattermost Confluence Plugin OAuth2 Flow7.7
- CVE-2025-8285Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin4.0
- CVE-2025-54525Unexpected input to Create Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin7.5
- CVE-2025-54478Unauthenticated Channel Subscription Edit in Mattermost Confluence Plugin7.2
- CVE-2025-54463Unexpected Input to Cloud Webhook endpoint Causes DoS in Mattermost Confluence Plugin5.9
- CVE-2025-54458Unauthorized Subscription Creation to Confluence Space in Mattermost Confluence Plugin5.0
- CVE-2025-53910Unauthorized Channel Subscription Edit in Mattermost Confluence Plugin4.0
- CVE-2025-53857Lack of Authorization on Get Channel Subscriptions for Autocomplete in Mattermost Confluence Plugin3.7
- CVE-2025-53514Unexpected Input to Server Webhook endpoint Causes DoS in Mattermost Confluence Plugin5.9
- CVE-2025-52931Unexpected input to Update Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin7.5
- CVE-2025-48731Unauthorized Subscription Edit to Confluence Space in Mattermost Confluence Plugin6.4
- CVE-2025-49221Unauthenticated Access to Channel Subscription in Mattermost Confluence Plugin3.7
- CVE-2025-44004Unauthenticated Channel Subscription Creation in Mattermost Confluence Plugin7.2
- CVE-2025-44001Unauthorized Channel Subscription Read in Mattermost Confluence Plugin4.0
- CVE-2020-4027Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection v...4.7
Product normalization is registry-driven with AI assist and human review. How it works