CVE-2026-40608

Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers /api/state, /api/restore, and /api/history-svg that process incoming requests by accumulating the entire request body into a...

EUVD-2026-24217

Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers /api/state, /api/restore, and /api/history-svg that process incoming requests by accumulating the entire request body into a...

EUVD-2024-25318

Malicious code in bioql PyPI...

CVE-2024-28198

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version...

CVE-2024-28198 XML external entity (XXE) injection in OpenOLAT

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version...

CVE-2024-28198

OpenOLAT contains an XXE/SSRF vulnerability in the draw.io integration that allows an attacker to read arbitrary files as the system user by manipulating HTTP requests. Affected versions are OpenOLAT prior to 18.1.6 and prior to 18.2.2. The issue is fixed in 18.1.6 and 18.2.2; users should upgrad...

OpenOLAT Security Vulnerabilities

OpenOLAT is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a Learning Management System. A security vulnerability exists in OpenOLAT versions prior to 18.1.0, which stems from a vulnerability that allows an attacker to emulate a system user and read...