20 matches found
ROOT-APP-NPM-CVE-2026-33937 CVE-2026-33937 in @rootio/handlebars - Patched by Root
Root has patched CVE-2026-33937 in the @rootio/handlebars package for Root:npm. Multiple fixed versions available...
CLEANSTART-2026-BE61221 Security fixes for CVE-2025-62718, CVE-2025-69873, CVE-2026-29045, CVE-2026-29085, CVE-2026-29086, CVE-2026-29087, CVE-2026-2950, CVE-2026-30827, CVE-2026-33750, CVE-2026-33891, CVE-2026-33894, CVE-2026-33895, CVE-2026-33896, CVE-2026-33916, CVE-2026-33937, CVE-2026-34043, CVE-2026-35213, CVE-2026-39406, CVE-2026-39407, CVE-2026-39408, CVE-2026-39409, CVE-2026-39410, CVE-2026-40175, CVE-2026-41238, CVE-2026-41239, CVE-2026-41240, CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037, CVE-2026-42038, CVE-2026-42039, CVE-2026-42040, CVE-2026-42041, CVE-2026-42042, CVE-2026-42043, CVE-2026-42044, CVE-2026-42264, CVE-2026-42338, CVE-2026-44455, CVE-2026-44456, CVE-2026-44457, CVE-2026-44458, CVE-2026-44459, CVE-2026-4800, CVE-2026-4923, CVE-2026-4926, CVE-2026-6321, CVE-2026-6322, ghsa-2328-f5f3-gj25, ghsa-26pp-8wgv-hjvm, ghsa-27v5-c462-wpq7, ghsa-2g4f-4pwh-qvx6, ghsa-2qvq-rjwj-gvw9, ghsa-2w6w-674q-4c4q, ghsa-39q2-94rc-95cp, ghsa-3mfm-83xf-c92r, ghsa-3p68-rc4w-qgx5, ghsa-3v7f-55p6-f55p, ghsa-3w6x-2g7m-8v23, ghsa-442j-39wm-28r2, ghsa-445q-vr5w-6q77, ghsa-458j-xx4x-4375, ghsa-46wh-pxpv-q5gq, ghsa-5c6j-r48x-rmvq, ghsa-5c9x-8gcm-mpgx, ghsa-5m6q-g25r-mvwx, ghsa-5pq2-9x2x-5p6w, ghsa-62hf-57xw-28j9, ghsa-69xw-7hcm-h432, ghsa-6chq-wfr3-2hj9, ghsa-7rx3-28cr-v5wh, ghsa-92pp-h63x-v22m, ghsa-9cx6-37pm-9jff, ghsa-9vqf-7f2p-gf9v, ghsa-c2c7-rcm5-vvqj, ghsa-crv5-9vww-q3g8, ghsa-f23m-r3pf-42rh, ghsa-f886-m6hf-6m8v, ghsa-fvcv-3m26-pcqx, ghsa-h7mw-gpvr-xq4m, ghsa-j3q9-mxjg-w52f, ghsa-jg4p-7fhp-p32p, ghsa-m7pr-hjqh-92cm, ghsa-p6xx-57qc-3wxr, ghsa-p77w-8qqv-26rm, ghsa-pf86-5x62-jrwf, ghsa-pmwg-cvhr-8vh7, ghsa-ppp5-5v6c-4jwp, ghsa-q3j6-qgpj-74h6, ghsa-q5qw-h33p-qvwr, ghsa-q67f-28xg-22rw, ghsa-q8qp-cvcw-x6jj, ghsa-qj8w-gfj5-8c6v, ghsa-qp7p-654g-cw7p, ghsa-r4q5-vmmm-2653, ghsa-r5fr-rjxr-66jc, ghsa-r5rp-j6wh-rvv4, ghsa-v2v4-37r5-5v8g, ghsa-v39h-62p7-jpjc, ghsa-v8w9-8mx6-g223, ghsa-v9jr-rg53-9pgp, ghsa-vf2m-468p-8v99, ghsa-w9j2-pvgh-6h63, ghsa-wc8c-qw6v-h7f6, ghsa-wmmm-f939-6g9c, ghsa-xf4j-xp2r-rqqx, ghsa-xhjh-pmcv-23jw, ghsa-xhpv-hc6g-r9c6, ghsa-xjpj-3mr7-gcpf, ghsa-xpcf-pg52-r92g, ghsa-xx6v-rp6x-q39c applied in versions: 2.19.5-r0
Multiple security vulnerabilities affect the opensearch-dashboards-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-33937 vulnerabilities
Vulnerabilities for packages: ts-patch, prism, nextcloud-server, lerna, rancher-api-ui, opensearch-dashboards...
CVE-2026-33937
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...
org.webjars.npm:directory-encoder (=0.9.2), org.webjars.npm:engine-handlebars (=0.8.2) +6 more potentially affected by CVE-2026-33937 via org.webjars.npm:handlebars (>=4.0.14 <=4.7.8)
org.webjars.npm:handlebars MAVEN version =4.0.14, =1.5.0, =2.0.0, =2.0.0, =2.1.0, =2.1.1 Source cves: CVE-2026-33937 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15803085...
4coders-commons (>=0.0.1 <=0.0.2), @11ty/eleventy (=0.3.3) +3655 more potentially affected by CVE-2026-33937 via handlebars (>=4.0.0 <=4.7.8)
handlebars NPM version =4.0.0, =0.0.1, =0.1.0, =0.1.0, =0.0.11, =0.0.52, =0.1.0, =0.0.72, =0.1.0, =1.1.1, =0.0.0-3b548b7bf6ff6554f724240da3a11be924237e6c, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: CVE-2026-33937 Source advisory: SNYK:JS-HANDLEBARS-15803084...
CVE-2026-33937
creationtimestamp| type| source ---|---|--- 2026-03-27 18:19:58+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-2w6w-674q-4c4q 2026-03-27 21:38:21+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mi33cy3ffa2s 2026-03-27 22:36:34+00:00| seen|...
EUVD-2025-33937
Malicious code in scr-theme-production npm...
CVE-2024-33937
Missing Authorization vulnerability in Nico Martin Progressive WordPress PWA.This issue affects Progressive WordPress PWA: from n/a through 2.1.13...
CVE-2023-33937
Stored cross-site scripting XSS vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form's name fiel...
CVE-2024-33937
Missing Authorization vulnerability in Nico Martin Progressive WordPress PWA.This issue affects Progressive WordPress PWA: from n/a through 2.1.13...
CVE-2024-33937 WordPress Progressive WordPress (PWA) plugin <= 2.1.13 - Broken Access Control vulnerability
Missing Authorization vulnerability in Nico Martin Progressive WordPress PWA.This issue affects Progressive WordPress PWA: from n/a through 2.1.13...
CVE-2024-33937
CVE-2024-33937 describes a Missing Authorization vulnerability in the Progressive WordPress (PWA) plugin. Connected Red Hat advisory confirms this issue affects Progressive WordPress (PWA) versions up to 2.1.13 and does not provide explicit patch details in the documents. The available informatio...
WordPress Progressive WordPress (PWA) Plugin <= 2.1.13 is vulnerable to Broken Access Control
Software Progressive WordPress PWA Type Plugin Vulnerable versions = 2.1.13 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33937 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 741a95515d2d Credits Abdi Pranata Require...
CVE-2023-33937
creationtimestamp| type| source ---|---|--- 2023-05-24 16:26:55+00:00| seen| https://t.me/cibsecurity/64678...
CVE-2023-33937
CVE-2023-33937 is a stored XSS weakness in the Form widget configuration of Liferay Portal 7.1.0–7.3.0 and Liferay DXP 7.1 (before fix pack 18) and 7.2 (before fix pack 5). The vulnerability allows remote attackers to inject arbitrary script/HTML via a crafted payload in the form’s name field. Se...
CVE-2022-33937
Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker could potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server filesystem, with the privileges of the GeoDrive...
CVE-2022-33937
Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker could potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server filesystem, with the privileges of the GeoDrive...
CVE-2022-33937
Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker could potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server filesystem, with the privileges of the GeoDrive...
CVE-2022-33937
Dell GeoDrive (versions 1.0–2.2) contains a Path Traversal vulnerability in the reporting function. A local, low-privileged attacker could exploit this flaw to delete files on the server’s filesystem with the GeoDrive service privilege (NT AUTHORITY\SYSTEM). Root cause: insufficient input/path va...