Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (4 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-42195 1 Jgraph 1 Drawio 2026-05-08 3.4 Low
draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's "Authorize in GitLab" dialog to open a popup on the attacker-controlled host instead of gitlab.com. This can lead to credential fishing and session state token exfiltration. This issue has been patched in version 29.7.9.
CVE-2023-3975 2 Diagrams, Jgraph 2 Drawio, Drawio 2024-11-21 9.8 Critical
OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0.
CVE-2023-3974 2 Diagrams, Jgraph 2 Drawio, Drawio 2024-11-21 9.8 Critical
OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0.
CVE-2023-3973 2 Diagrams, Jgraph 2 Drawio, Drawio 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3.