Medium CVE-2026-46642 draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. The vulnerability is not in the label sanitizer (which works correctly on the...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

[Medium] CVE-2026-46642 – draw.io is a configurable diagramming and whiteboarding application. Prior to ve...

VERWANDTEARTIKEL

CVE-2026-42908

CVE-2026-45639

[High] CVE-2026-53738 – Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke ...

[Medium] CVE-2026-53739 – Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerabi...

[Medium] CVE-2026-53740 – Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink i...

[Medium] CVE-2026-53741 – Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option...