Lucene search
K

92 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 3:40 p.m.6 views

Security Bulletin: CodeMirror Regex Vulnerability Enables ReDoS Before 5.58.2, affects watsonx.data

Summary This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. Th...

7.5CVSS6.6AI score0.05197EPSS
Exploits1Affected Software1
Snyk
Snyk
added 2025/12/02 6:50 a.m.4 views

Malicious Package

Overview codemirror-5 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/12/02 6:50 a.m.14 views

MAL-2025-191557 Malicious code in codemirror-5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 788b98a42ba1658c92e6e86494ddd747ab154a01be456dfe9656760bd264fe46 The package codemirror-5 was found to contain malicious code. Source: ghsa-malware 0803dd9e41e867827659b46d2934d1a9700667e0f731dce60093ab5f9457c07f A...

6.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/02 6:50 a.m.7 views

Malicious code in codemirror-5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 788b98a42ba1658c92e6e86494ddd747ab154a01be456dfe9656760bd264fe46 The package codemirror-5 was found to contain malicious code. Source: ghsa-malware 0803dd9e41e867827659b46d2934d1a9700667e0f731dce60093ab5f9457c07f A...

6.9AI score
Exploits0References1
EUVD
EUVD
added 2025/12/02 6:50 a.m.3 views

EUVD-2025-200205

Malicious code in codemirror-5 npm...

6.6AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/21 12:0 p.m.6 views

Security Bulletin: Multiple Vulnerabilities in IBM Decision Optimization for Cloud Pak for Data (CVE-2025-6493, CVE-2025-55163 and CVE-2025-58754)

Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 5.2.2. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty i...

8.2CVSS6.6AI score0.01099EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 4:3 a.m.24 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.1.0 Vulnerability Details CVEID:CVE-2025-6493 DESCRIPTION: A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown...

7.5CVSS7.3AI score0.00644EPSS
Exploits1Affected Software1
EUVD
EUVD
added 2025/10/30 5:38 p.m.4 views

EUVD-2025-37176

Malicious code in epic-angular-ui-codemirror npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/10/30 5:38 p.m.3 views

MAL-2025-49117 Malicious code in epic-angular-ui-codemirror (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 475aba8f9dc17e38dcf35a7e5607ccc07a0b4e095aa0957ee57fdc75d0d4ee8d The package epic-angular-ui-codemirror was found to contain malicious code...

7AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-0941

Malware in sbrugna...

7.5CVSS6.4AI score0.05197EPSS
Exploits1References15
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-17516

Malicious code in bioql PyPI...

6.4CVSS7.2AI score0.00444EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-28740

Malicious code in bioql PyPI...

6.9CVSS5.8AI score0.00448EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/17 5:35 p.m.9 views

Security Bulletin: IBM Watsonx BI is affected by a vulnerability found in CodeMirror up to 5.17.0 and classified as problematic

Summary IBM Watsonx BI is affected by a vulnerability found in CodeMirror up to 5.17.0 and classified as problematic. Affected by this issue is some unknown functionality of the file mode/markdown/markdown.js of the component Markdown Mode. The manipulation leads to inefficient regular expression...

6.9CVSS6.4AI score0.00448EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2025/09/15 7:39 a.m.5 views

Embedded Malicious Code

Overview @ctrl/ngx-codemirror is a Codemirror Wrapper for Angular Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API...

9.8CVSS7AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/09/15 7:39 a.m.11 views

angular-fusioncharts (=4.1.0), dpv-angular (>=0.0.17 <=0.0.41) +3 more potentially affected by unknown CVE via @ctrl/ngx-codemirror (=7.0.0)

@ctrl/ngx-codemirror NPM version =7.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @ctrl/ngx-codemirror and may be impacted: - angular-fusioncharts =4.1.0 - dpv-angular =0.0.17, =0.0.1, =0.0.1, =1.0.1 Source cves: unknown CVE Source advisory:...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-6493

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode...

6.9CVSS5.6AI score0.00448EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2020-7760

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is locate...

7.5CVSS6.5AI score0.05197EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/07 12:51 a.m.9 views

Security Bulletin: Vulnerabilities in CodeMirror affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in CodeMirror has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-6493 DESCRIPTION: A...

6.9CVSS5.6AI score0.00448EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/23 5:4 a.m.4 views

CVE-2025-6493

A flaw was found in codemirror. The markdown.js file within the Markdown Mode component exhibits inefficient regular expression usage, leading to excessive resource consumption. This flaw allows a remote attacker to provide a specially crafted file. This inefficient processing can result in a...

6.9CVSS7AI score0.00448EPSS
Exploits0References7
Snyk
Snyk
added 2025/06/22 10:40 p.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.bowergithub.codemirror:codemirror is a versatile text editor implemented in JavaScript for the browser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via multiple locations in markdown.js. An attacker can cause excessive resour...

6.9CVSS6.7AI score0.00448EPSS
Exploits0References2
Rows per page
Query Builder