Lucene search
K

233 matches found

Nuclei
Nuclei
added 15 hours ago99 views

Drawio <18.0.4 - Server-Side Request Forgery

Drawio prior to 18.0.4 is vulnerable to server-side request forgery. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. id: CVE-2022-1713 info: name: Drawio 18.0.4 - Server-Side Request Forgery author: pikpikcu severity: high...

7.5CVSS7AI score0.09233EPSS
Exploits1References4
Nuclei
Nuclei
added 15 hours ago71 views

Drawio <18.1.2 - Server-Side Request Forgery

Drawio before 18.1.2 is susceptible to server-side request forgery via the /service endpoint in jgraph/drawio. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-1815 info: nam...

7.5CVSS6.5AI score0.05704EPSS
Exploits1References5
Nuclei
Nuclei
added 15 hours ago56 views

draw.io < 18.0.5 - Server Side Request Forgery (SSRF)

Server-Side Request Forgery SSRF vulnerability in draw.io also known as diagrams.net prior to version 18.0.5 allows attackers to bypass URL validation restrictions in the ProxyServlet component. The vulnerability exists because the application does not properly validate URLs passed to its proxy...

7.5CVSS7AI score0.05727EPSS
Exploits1References3
NVD
NVD
added 2026/07/06 5:16 p.m.10 views

CVE-2025-53831

DrawIO for ownCloud is an application for using DrawIO with the file storage, synchronization, and sharing application ownCloud Classic. In DrawIO for ownCloud prior to version 1.0.2, which corresponds to ownCloud 10 prior to version 10.15.3, attackers with access to the DrawIO app can leverage...

8.2CVSS0.00164EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 4:23 p.m.43 views

CVE-2025-53831 DrawIO for ownCloud 10 is vulnerable to Stored XSS

DrawIO for ownCloud is an application for using DrawIO with the file storage, synchronization, and sharing application ownCloud Classic. In DrawIO for ownCloud prior to version 1.0.2, which corresponds to ownCloud 10 prior to version 10.15.3, attackers with access to the DrawIO app can leverage...

8.2CVSS0.00164EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 4:23 p.m.4 views

EUVD-2025-210435

DrawIO for ownCloud is an application for using DrawIO with the file storage, synchronization, and sharing application ownCloud Classic. In DrawIO for ownCloud prior to version 1.0.2, which corresponds to ownCloud 10 prior to version 10.15.3, attackers with access to the DrawIO app can leverage...

8.2CVSS5.9AI score0.00164EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 4:23 p.m.15 views

CVE-2025-53831

DrawIO for ownCloud is affected by a Stored XSS in older builds. The vulnerability stems from improper neutralization of user-supplied input during web page generation, enabling stored XSS when attackers have access to the DrawIO app. Affected range includes DrawIO for ownCloud &lt; 1.0.2 (corres...

8.2CVSS5.9AI score0.00164EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 4:23 p.m.8 views

CVE-2025-53831

DrawIO for ownCloud is an application for using DrawIO with the file storage, synchronization, and sharing application ownCloud Classic. In DrawIO for ownCloud prior to version 1.0.2, which corresponds to ownCloud 10 prior to version 10.15.3, attackers with access to the DrawIO app can leverage...

8.2CVSS5.9AI score0.00164EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/06/10 5:42 p.m.12 views

EUVD-2026-36077

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. The vulnerability is not in the label sanitizer which works correctly on the rendering path but in...

6.1CVSS5.9AI score0.00221EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/10 5:42 p.m.10 views

CVE-2026-46642 draw.io: XSS via crafted cell label when opening a .drawio file

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. The vulnerability is not in the label sanitizer which works correctly on the rendering path but in...

6.1CVSS5.9AI score0.00221EPSS
Exploits1References2
CVE
CVE
added 2026/06/10 5:42 p.m.40 views

CVE-2026-46642

CVE-2026-46642 affects draw.io prior to 29.7.12. A crafted .drawio file can execute arbitrary JavaScript in the editor’s origin when opened. The root cause is a feature-detection routine in the Text Format panel that reads the raw cell label and assigns it to a detached element’s innerHTML withou...

6.1CVSS5.9AI score0.00221EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/10 5:42 p.m.2 views

CVE-2026-46642 draw.io: XSS via crafted cell label when opening a .drawio file

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. The vulnerability is not in the label sanitizer which works correctly on the rendering path but in...

6.1CVSS6.3AI score0.00221EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.8 views

CVE-2026-40608

Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers /api/state, /api/restore, and /api/history-svg that process incoming requests by accumulating the entire request body into a...

6.2CVSS5.5AI score0.00146EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/21 5:56 p.m.35 views

CVE-2026-40608 Next AI Draw.io: Unbounded HTTP Body — Denial of Service

Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers /api/state, /api/restore, and /api/history-svg that process incoming requests by accumulating the entire request body into a...

6.2CVSS0.00146EPSS
Exploits1References2
OSV
OSV
added 2026/04/21 5:56 p.m.2 views

CVE-2026-40608 Next AI Draw.io: Unbounded HTTP Body — Denial of Service

Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers /api/state, /api/restore, and /api/history-svg that process incoming requests by accumulating the entire request body into a...

6.2CVSS6AI score0.00146EPSS
Exploits1References4
CVE
CVE
added 2026/04/21 5:56 p.m.26 views

CVE-2026-40608

CVE-2026-40608 affects Next AI Draw.io (a Next.js app). Before version 0.4.15, the embedded HTTP sidecar’s three POST handlers (/api/state, /api/restore, /api/history-svg) accumulate entire request bodies into a JavaScript string without size limits. Node.js buffers the full payload in the V8 hea...

6.2CVSS5.8AI score0.00146EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/19 12:0 a.m.6 views

PT-2026-33689

Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers /api/state, /api/restore, and /api/history-svg that process incoming requests by accumulating the entire request body into a...

6.2CVSS5.8AI score0.00146EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-34320

Malicious code in bioql PyPI...

9.6CVSS7.7AI score0.00698EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-42560

Malicious code in bioql PyPI...

7.8CVSS7AI score0.01282EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-43718

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00534EPSS
Exploits0References2
Rows per page
Query Builder