22 matches found
CVE-2026-48149
Budibase is an open-source low-code platform. Prior to 3.39.0, the Budibase Text component renders markdown by assigning marked.parsemarkdown straight to innerHTML with no sanitizer packages/bbui/src/Markdown/MarkdownViewer.svelte:22. Any column a builder binds to a Text component in Markdown mod...
CVE-2026-48149 Budibase: Stored XSS in Text component: BASIC users execute JS in admin session via MarkdownViewer innerHTML + CDN+srcdoc CSP bypass
Budibase is an open-source low-code platform. Prior to 3.39.0, the Budibase Text component renders markdown by assigning marked.parsemarkdown straight to innerHTML with no sanitizer packages/bbui/src/Markdown/MarkdownViewer.svelte:22. Any column a builder binds to a Text component in Markdown mod...
CVE-2026-48149
CVE-2026-48149 affects Budibase prior to version 3.39.0, where the Budibase Text component in Markdown mode rendered markdown by assigning marked.parse(markdown) directly to innerHTML without sanitization (MarkdownViewer.svelte:22). This creates a stored-XSS sink in any column bound to a Text com...
PT-2026-44060
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description The Text component in this open-source low-code platform renders markdown by assigning the output of the marked.parsemarkdown function directly to innerHTML without using a sanitizer. This creates ...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses CodeMirror dependency which is vulnerable to CVE-2025-6493.
Summary IBM Maximo Application Suite - Visual Inspection Component uses CodeMirror dependency which is vulnerable to CVE-2025-6493. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-6493 DESCRIPTION: A weakness has been...
Security Bulletin: Vulnerability in Apache Tomcat affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Apache Tomcat has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Multiple vulnerabilities that affect IBM Db2 Intelligence Center (CVE-2025-47913, CVE-2022-25927, CVE-2025-6493, CWE-400, CWE-1333, CVE-2025-14687
Summary Multiple vulnerabilties fixed with Db2 Intelligence Center 1.1.3. Vulnerability Details CVEID:CVE-2025-47913 DESCRIPTION: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. CVSS Source: CISA ADP CVSS Base...
Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale Management GUI are now addressed in 5.2.3.5 and 6.0.0.0 (CVE-2025-6493)
Summary The following vulnerabilities, which may affect IBM Storage Scale when the Management GUI is configured and could lead to weaker-than-expected security, have been remediated in Storage Scale version 5.2.3.5 and later and 6.0.0.0 and later CVE-2025-6493 Vulnerability Details...
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.1.0 Vulnerability Details CVEID:CVE-2025-6493 DESCRIPTION: A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown...
EUVD-2025-28740
Malicious code in bioql PyPI...
Security Bulletin: IBM Watsonx BI is affected by a vulnerability found in CodeMirror up to 5.17.0 and classified as problematic
Summary IBM Watsonx BI is affected by a vulnerability found in CodeMirror up to 5.17.0 and classified as problematic. Affected by this issue is some unknown functionality of the file mode/markdown/markdown.js of the component Markdown Mode. The manipulation leads to inefficient regular expression...
Linux Distros Unpatched Vulnerability : CVE-2025-6493
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode...
CVE-2025-6493
A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has bee...
CVE-2025-6493
A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has bee...
DEBIAN-CVE-2025-6493
A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has bee...
UBUNTU-CVE-2025-6493
A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has bee...
CVE-2025-6493 CodeMirror Markdown Mode markdown.js redos
A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has bee...
CVE-2025-6493 CodeMirror Markdown Mode markdown.js redos
A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has bee...
CVE-2025-6493
A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has bee...
CVE-2025-6493
CVE-2025-6493 affects CodeMirror (Markdown Mode) up to 5.65.20. An unknown function in file mode/markdown/markdown.js can cause inefficient regular expression complexity, enabling a remote attack. IBM/Consoles describe the vulnerability and advise upgrading the affected component to CodeMirror 6 ...