21285 matches found
CVE-2026-42195
draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's "Authorize in GitLab" dialog to ope...
EUVD-2026-28833
draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's "Authorize in GitLab" dialog to ope...
CVE-2026-42195
The CVE describes a vulnerability in the draw.io client prior to version 29.7.9 where a ?gitlab= URL parameter can override the GitLab server URL used during OAuth sign-in. A crafted link can force the user’s click on the "Authorize in GitLab" dialog to open a popup on an attacker-controlled host...
GHSA-C4RQ-3M3G-8WGX vulnerabilities
Vulnerabilities for packages: ruby3.3-rails, pact-broker-docker-fips, kube-logging-operator, pact-broker-docker, ruby4.0-rails, ruby3.4-rails, ruby3.2-rails...
CVE-2026-44312 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce, gitlab-rails-ce-fips...
GHSA-V2FC-QM4H-8HQV vulnerabilities
Vulnerabilities for packages: ruby3.3-rails, pact-broker-docker-fips, kube-logging-operator, pact-broker-docker, ruby4.0-rails, ruby3.4-rails, ruby3.2-rails...
GHSA-FF6C-W6QF-7XQC vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce, gitlab-rails-ce-fips...
CVE-2026-41636 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce...
GHSA-R67J-R569-JRWP vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce...
PT-2026-39197
Name of the Vulnerable Software and Affected Versions draw.io versions prior to 29.7.9 Description The application accepts a gitlab URL parameter that overrides the GitLab server URL used during OAuth sign-in. An attacker can use a crafted link to cause the "Authorize in GitLab" dialog to open a...
draw.io 信息泄露漏洞
Draw.IO is an open-source configurable chart drawing and whiteboard application. Versions of Draw.IO prior to 29.7.9 had a vulnerability related to information leakage. This vulnerability occurred due to the URL parameter “gitlab” overriding the GitLab server URL used during OAuth login. As a...
CVE-2026-41889 vulnerabilities
Vulnerabilities for packages: grafana-fips, seaweedfs-rocksdb-fips, rke2-runtime, timescaledb-parallel-copy, seaweedfs, goose, gitness, goose-fips, envoy-gateway-fips, gitlab-kas-fips, gitaly-fips, zitadel, temporal-server-fips, argo-workflows, falcosidekick-fips, gitlab-cng-fips, vault-fips,...
CVE-2026-41506 vulnerabilities
Vulnerabilities for packages: flux, grafana-fips, gitea, grype-fips, argo-events, argocd-image-updater-fips, kaniko, skaffold-fips, trufflehog-fips, rancher-fleet-fips, cloudbeat-fips, crossplane, gitlab-rails-ce-fips, gitaly-fips, rancher-fleet, flux-source-controller, syft, dagger, packer,...
GHSA-Q2MW-FVJ9-VVCW vulnerabilities
Vulnerabilities for packages: logstash-fips, ruby3.3-rails, gitlab-rails-ce-fips, gitlab-rails-ce, kube-logging-operator, ruby3.4-net-imap, ruby3.3-net-imap, ruby4.0-net-imap, ruby3.2-net-imap, ruby4.0-rails, ruby3.4-rails, logstash, ruby3.2-rails...
CVE-2026-42256 vulnerabilities
Vulnerabilities for packages: logstash-fips, ruby3.3-rails, gitlab-rails-ce-fips, gitlab-rails-ce, kube-logging-operator, ruby3.4-net-imap, ruby3.3-net-imap, ruby4.0-net-imap, ruby3.2-net-imap, ruby4.0-rails, ruby3.4-rails, logstash, ruby3.2-rails...
GHSA-87PF-FPWV-P7M7 vulnerabilities
Vulnerabilities for packages: logstash-fips, ruby3.3-rails, gitlab-rails-ce-fips, gitlab-rails-ce, kube-logging-operator, ruby3.4-net-imap, ruby3.3-net-imap, ruby4.0-net-imap, ruby3.2-net-imap, ruby4.0-rails, ruby3.4-rails, logstash, ruby3.2-rails...
CVE-2026-42258 vulnerabilities
Vulnerabilities for packages: logstash-fips, ruby3.3-rails, gitlab-rails-ce-fips, gitlab-rails-ce, kube-logging-operator, ruby3.4-net-imap, ruby3.3-net-imap, ruby4.0-net-imap, ruby3.2-net-imap, ruby4.0-rails, ruby3.4-rails, logstash, ruby3.2-rails...
GHSA-75XQ-5H9V-W6PX vulnerabilities
Vulnerabilities for packages: logstash-fips, ruby3.3-rails, gitlab-rails-ce-fips, gitlab-rails-ce, kube-logging-operator, ruby3.4-net-imap, ruby3.3-net-imap, ruby4.0-net-imap, ruby3.2-net-imap, ruby4.0-rails, ruby3.4-rails, logstash, ruby3.2-rails...
CVE-2026-42246 vulnerabilities
Vulnerabilities for packages: logstash-fips, ruby3.3-rails, gitlab-rails-ce-fips, gitlab-rails-ce, kube-logging-operator, ruby3.4-net-imap, ruby3.3-net-imap, ruby4.0-net-imap, ruby3.2-net-imap, kube-fluentd-operator, ruby4.0-rails, ruby3.4-rails, logstash, ruby3.2-rails...
CVE-2026-42245 vulnerabilities
Vulnerabilities for packages: logstash-fips, ruby3.3-rails, gitlab-rails-ce-fips, gitlab-rails-ce, kube-logging-operator, ruby3.4-net-imap, ruby3.3-net-imap, ruby4.0-net-imap, ruby3.2-net-imap, ruby4.0-rails, ruby3.4-rails, logstash, ruby3.2-rails...