Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.7 views

CVE-2026-42195

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's "Authorize in GitLab" dialog to ope...

3.4CVSS5.8AI score0.00192EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 9:22 p.m.9 views

EUVD-2026-28833

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's "Authorize in GitLab" dialog to ope...

3.4CVSS5.8AI score0.00192EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/08 9:22 p.m.8 views

CVE-2026-42195

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's "Authorize in GitLab" dialog to ope...

3.4CVSS5.8AI score0.00192EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/08 9:22 p.m.19 views

CVE-2026-42195

The CVE describes a vulnerability in the draw.io client prior to version 29.7.9 where a ?gitlab= URL parameter can override the GitLab server URL used during OAuth sign-in. A crafted link can force the user’s click on the "Authorize in GitLab" dialog to open a popup on an attacker-controlled host...

3.4CVSS5.8AI score0.00192EPSS
Exploits0References3
Rows per page
Query Builder