NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2025-22167 | This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0 of Jira Software Data Center and Server. This Path Traversal (Arbitrary Write) vulnerability, with a CVSS Score of 8.7, allows an attacker to modify any filesystem path writable by the Jira JVM process. Atlassian recommends that Jira Software Data Center and Server customers upgrade to the latest version; if you are unable to do so, upgrade your instance to on | 8.7 | 0.48% | 2025-10-21 | 2026-06-17 |
| CVE-2025-22166 | This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS (Denial of Service) vulnerability, with a CVSS Score of 8.3, allows an attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of | 8.3 | 0.46% | 2025-10-21 | 2026-06-17 |
| CVE-2025-22165 | This Medium severity ACE (Arbitrary Code Execution) vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE (Arbitrary Code Execution) vulnerability, with a CVSS Score of 5.9, allows a locally authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Sourcetree for Mac users upgrade to the latest version. If you are unable to do | 5.9 | 0.05% | 2025-07-24 | 2026-06-17 |
| CVE-2025-22157 | This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server This PrivEsc (Privilege Escalation) vulnerability, with a CVSS Score of 7.2, allows an attacker to perform actions as a higher-privileged user. Atlassian recommends that Jira Core Data Center and Server and Jira Service Management Data Center and | 7.2 | 0.61% | 2025-05-20 | 2026-06-17 |
| CVE-2019-15002 | An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker can log a user into the system under an unexpected account. | 4.3 | 0.30% | 2025-02-11 | 2026-06-16 |
| CVE-2024-23438 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | 該当なし | 該当なし | 2024-12-31 | 2024-12-31 |
| CVE-2024-23437 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | 該当なし | 該当なし | 2024-12-31 | 2024-12-31 |
| CVE-2024-23436 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | 該当なし | 該当なし | 2024-12-31 | 2024-12-31 |
| CVE-2024-23435 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | 該当なし | 該当なし | 2024-12-31 | 2024-12-31 |
| CVE-2024-23434 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | 該当なし | 該当なし | 2024-12-31 | 2024-12-31 |
| CVE-2024-23433 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | 該当なし | 該当なし | 2024-12-31 | 2024-12-31 |
| CVE-2024-23432 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | 該当なし | 該当なし | 2024-12-31 | 2024-12-31 |
| CVE-2024-23431 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | 該当なし | 該当なし | 2024-12-31 | 2024-12-31 |
| CVE-2024-23430 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | 該当なし | 該当なし | 2024-12-31 | 2024-12-31 |
| CVE-2024-23429 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | 該当なし | 該当なし | 2024-12-31 | 2024-12-31 |
| CVE-2024-23428 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | 該当なし | 該当なし | 2024-12-31 | 2024-12-31 |
| CVE-2024-23427 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | 該当なし | 該当なし | 2024-12-31 | 2024-12-31 |
| CVE-2024-23426 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | 該当なし | 該当なし | 2024-12-31 | 2024-12-31 |
| CVE-2024-23425 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | 該当なし | 該当なし | 2024-12-31 | 2024-12-31 |
| CVE-2024-23424 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | 該当なし | 該当なし | 2024-12-31 | 2024-12-31 |