Security Bulletin: Multiple Vulnerabilities in IBM Decision Optimization for Cloud Pak for Data (CVE-2025-6493, CVE-2025-55163 and CVE-2025-58754)

Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 5.2.2. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty i...

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.1.0 Vulnerability Details CVEID:CVE-2025-6493 DESCRIPTION: A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown...

EUVD-2021-0941

Malware in sbrugna...

Security Bulletin: IBM Watsonx BI is affected by a vulnerability found in CodeMirror up to 5.17.0 and classified as problematic

Summary IBM Watsonx BI is affected by a vulnerability found in CodeMirror up to 5.17.0 and classified as problematic. Affected by this issue is some unknown functionality of the file mode/markdown/markdown.js of the component Markdown Mode. The manipulation leads to inefficient regular expression...

angular-fusioncharts (=4.1.0), dpv-angular (>=0.0.17 <=0.0.41) +3 more potentially affected by unknown CVE via @ctrl/ngx-codemirror (=7.0.0)

@ctrl/ngx-codemirror NPM version =7.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @ctrl/ngx-codemirror and may be impacted: - angular-fusioncharts =4.1.0 - dpv-angular =0.0.17, =0.0.1, =0.0.1, =1.0.1 Source cves: unknown CVE Source advisory:...

Security Bulletin: Vulnerabilities in CodeMirror affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in CodeMirror has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-6493 DESCRIPTION: A...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars:codemirror is a versatile text editor implemented in JavaScript for the browser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via multiple locations in markdown.js. An attacker can cause excessive resource consumption by...

com.gitblit.fathom:fathom-integration-test (>=0.5.0 <=1.0.1), com.github.dreampie:jfinal-dreampie (=1.0) +30 more potentially affected by CVE-2025-6493 via org.webjars:codemirror (>=3.15 <=5.8)

org.webjars:codemirror MAVEN version =3.15, =0.5.0, =1.0.0, =1.0.1, =2.3.0.CR1, =2.1.8.0, =2.1.8.0, =2.1.8.0, =2.1.8.0, =3.2.0, =3.2.0, =3.2.0, =3.2.0, =3.2.0, =1.7.0, =1.7.5 and more Source cves: CVE-2025-6493 Source advisory: SNYK:JAVA-ORGWEBJARS-10494095...

CVE-2025-6493

A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2022-32409

A local file inclusion LFI vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request...

CVE-2022-32409

A local file inclusion LFI vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request...

0.8.18-p11 (=0.8.18-p12), 0hub (=1.0.0-beta.2) +1450 more potentially affected by CVE-2020-7760 via codemirror (>=2.33.0 <=5.58.1)

codemirror NPM version =2.33.0, =4.13.7-rc4, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.19.1-rc.2, =0.19.1-rc.3, =0.1.1, =0.0.1, =0.1.0, =0.1.0, =1.0.2 and more Source cves: CVE-2020-7760 Source advisory: OSV:GHSA-4GW3-8F77-F72C...

Regular Expression Denial Of Service (ReDoS)

codemirror is vulnerable to regular expression denial of service. An attacker is able to cause a denial of service condition by passing long strings containing sub-pattern s|/.?/...

0.8.18-p11 (=0.8.18-p12), 0hub (=1.0.0-beta.2) +1383 more potentially affected by CVE-2020-7760 via codemirror (>=5.0.0 <=5.58.1)

codemirror NPM version =5.0.0, =4.13.7-rc4, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.19.1-rc.2, =0.19.1-rc.3, =0.1.1, =0.0.1, =0.1.0, =0.1.0, =1.0.2 and more Source cves: CVE-2020-7760 Source advisory: SNYK:JS-CODEMIRROR-1016937...