Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2017-18081 | The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie. | 6.1 | 0.83% | 2018-02-02 | 2026-06-16 |
| CVE-2017-18082 | The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch. | 5.4 | 0.59% | 2018-02-02 | 2026-06-16 |
| CVE-2017-18083 | The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file. | 5.4 | 0.59% | 2018-02-02 | 2026-06-16 |
| CVE-2017-18084 | The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro. | 4.8 | 0.61% | 2018-02-02 | 2026-06-16 |
| CVE-2017-18085 | The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter. | 6.1 | 0.83% | 2018-02-02 | 2026-06-16 |
| CVE-2017-18086 | Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter. | 6.1 | 0.83% | 2018-02-02 | 2026-06-16 |
| CVE-2017-18087 | The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter. | 7.5 | 1.79% | 2018-02-15 | 2026-06-16 |
| CVE-2017-18088 | Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protect | 4.3 | 1.05% | 2018-02-15 | 2026-06-16 |
| CVE-2017-18089 | The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the invited reviewers for a review. | 5.4 | 0.68% | 2018-02-16 | 2026-06-16 |
| CVE-2017-18090 | Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author. | 6.1 | 0.90% | 2018-02-16 | 2026-06-16 |
| CVE-2017-18091 | The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup. | 4.8 | 0.89% | 2018-02-16 | 2026-06-16 |
| CVE-2017-18092 | The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of a comment on the snippet. | 5.4 | 0.68% | 2018-02-19 | 2026-06-16 |
| CVE-2017-18093 | Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the location setting of a configured repository. | 4.8 | 0.89% | 2018-02-19 | 2026-06-16 |
| CVE-2017-18095 | The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability. | 5.3 | 1.04% | 2018-02-19 | 2026-06-16 |
| CVE-2017-18094 | Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setting of a configured file system repository. | 4.8 | 0.62% | 2018-03-22 | 2026-06-16 |
| CVE-2018-5225 | In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository. | 9.9 | 3.62% | 2018-03-22 | 2026-06-16 |
| CVE-2018-5223 | Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on systems that run a vulnerable version of Fisheye or Crucible on the Windows operating system. All versions of Fisheye and Crucible before 4.4.6 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.3 (the fixed versio | 7.2 | 2.20% | 2018-03-29 | 2026-06-16 |
| CVE-2018-5224 | Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository, or create a plan in Bamboo either globally or in a project using Bamboo Specs can can execute code of their choice on systems that run a vulnerable version of Bamboo on the Windows operating system. All | 8.8 | 2.82% | 2018-03-29 | 2026-06-16 |
| CVE-2017-18096 | The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SSRF) by creating an OAuth application link to a location they control and then redirecting access from the linked location's OAuth status rest resource to an internal location. When running in an environment like Amazon EC2, | 7.2 | 1.21% | 2018-04-04 | 2026-06-16 |
| CVE-2017-18097 | The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card. | 5.4 | 0.68% | 2018-04-06 | 2026-06-16 |