Lucene search
K

20 matches found

OSV
OSV
added 2026/06/17 11:54 a.m.5 views

ROOT-APP-NPM-CVE-2026-33937 CVE-2026-33937 in @rootio/handlebars - Patched by Root

Root has patched CVE-2026-33937 in the @rootio/handlebars package for Root:npm. Multiple fixed versions available...

9.8CVSS5.9AI score0.01739EPSS
Exploits2
OSV
OSV
added 2026/05/18 1:36 p.m.12 views

CLEANSTART-2026-BE61221 Security fixes for CVE-2025-62718, CVE-2025-69873, CVE-2026-29045, CVE-2026-29085, CVE-2026-29086, CVE-2026-29087, CVE-2026-2950, CVE-2026-30827, CVE-2026-33750, CVE-2026-33891, CVE-2026-33894, CVE-2026-33895, CVE-2026-33896, CVE-2026-33916, CVE-2026-33937, CVE-2026-34043, CVE-2026-35213, CVE-2026-39406, CVE-2026-39407, CVE-2026-39408, CVE-2026-39409, CVE-2026-39410, CVE-2026-40175, CVE-2026-41238, CVE-2026-41239, CVE-2026-41240, CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037, CVE-2026-42038, CVE-2026-42039, CVE-2026-42040, CVE-2026-42041, CVE-2026-42042, CVE-2026-42043, CVE-2026-42044, CVE-2026-42264, CVE-2026-42338, CVE-2026-44455, CVE-2026-44456, CVE-2026-44457, CVE-2026-44458, CVE-2026-44459, CVE-2026-4800, CVE-2026-4923, CVE-2026-4926, CVE-2026-6321, CVE-2026-6322, ghsa-2328-f5f3-gj25, ghsa-26pp-8wgv-hjvm, ghsa-27v5-c462-wpq7, ghsa-2g4f-4pwh-qvx6, ghsa-2qvq-rjwj-gvw9, ghsa-2w6w-674q-4c4q, ghsa-39q2-94rc-95cp, ghsa-3mfm-83xf-c92r, ghsa-3p68-rc4w-qgx5, ghsa-3v7f-55p6-f55p, ghsa-3w6x-2g7m-8v23, ghsa-442j-39wm-28r2, ghsa-445q-vr5w-6q77, ghsa-458j-xx4x-4375, ghsa-46wh-pxpv-q5gq, ghsa-5c6j-r48x-rmvq, ghsa-5c9x-8gcm-mpgx, ghsa-5m6q-g25r-mvwx, ghsa-5pq2-9x2x-5p6w, ghsa-62hf-57xw-28j9, ghsa-69xw-7hcm-h432, ghsa-6chq-wfr3-2hj9, ghsa-7rx3-28cr-v5wh, ghsa-92pp-h63x-v22m, ghsa-9cx6-37pm-9jff, ghsa-9vqf-7f2p-gf9v, ghsa-c2c7-rcm5-vvqj, ghsa-crv5-9vww-q3g8, ghsa-f23m-r3pf-42rh, ghsa-f886-m6hf-6m8v, ghsa-fvcv-3m26-pcqx, ghsa-h7mw-gpvr-xq4m, ghsa-j3q9-mxjg-w52f, ghsa-jg4p-7fhp-p32p, ghsa-m7pr-hjqh-92cm, ghsa-p6xx-57qc-3wxr, ghsa-p77w-8qqv-26rm, ghsa-pf86-5x62-jrwf, ghsa-pmwg-cvhr-8vh7, ghsa-ppp5-5v6c-4jwp, ghsa-q3j6-qgpj-74h6, ghsa-q5qw-h33p-qvwr, ghsa-q67f-28xg-22rw, ghsa-q8qp-cvcw-x6jj, ghsa-qj8w-gfj5-8c6v, ghsa-qp7p-654g-cw7p, ghsa-r4q5-vmmm-2653, ghsa-r5fr-rjxr-66jc, ghsa-r5rp-j6wh-rvv4, ghsa-v2v4-37r5-5v8g, ghsa-v39h-62p7-jpjc, ghsa-v8w9-8mx6-g223, ghsa-v9jr-rg53-9pgp, ghsa-vf2m-468p-8v99, ghsa-w9j2-pvgh-6h63, ghsa-wc8c-qw6v-h7f6, ghsa-wmmm-f939-6g9c, ghsa-xf4j-xp2r-rqqx, ghsa-xhjh-pmcv-23jw, ghsa-xhpv-hc6g-r9c6, ghsa-xjpj-3mr7-gcpf, ghsa-xpcf-pg52-r92g, ghsa-xx6v-rp6x-q39c applied in versions: 2.19.5-r0

Multiple security vulnerabilities affect the opensearch-dashboards-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.5AI score0.01815EPSS
Exploits29References164
Wolfi
Wolfi
added 2026/03/30 7:48 p.m.10 views

CVE-2026-33937 vulnerabilities

Vulnerabilities for packages: ts-patch, prism, nextcloud-server, lerna, rancher-api-ui, opensearch-dashboards...

9.8CVSS6.4AI score0.01739EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2026/03/27 9:17 p.m.4 views

CVE-2026-33937

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...

9.8CVSS6AI score0.01739EPSS
Exploits2References5
vulnersOsv
vulnersOsv
added 2026/03/27 6:19 p.m.11 views

org.webjars.npm:directory-encoder (=0.9.2), org.webjars.npm:engine-handlebars (=0.8.2) +6 more potentially affected by CVE-2026-33937 via org.webjars.npm:handlebars (>=4.0.14 <=4.7.8)

org.webjars.npm:handlebars MAVEN version =4.0.14, =1.5.0, =2.0.0, =2.0.0, =2.1.0, =2.1.1 Source cves: CVE-2026-33937 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15803085...

9.8CVSS6.2AI score0.01739EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2026/03/27 6:19 p.m.10 views

4coders-commons (>=0.0.1 <=0.0.2), @11ty/eleventy (=0.3.3) +3655 more potentially affected by CVE-2026-33937 via handlebars (>=4.0.0 <=4.7.8)

handlebars NPM version =4.0.0, =0.0.1, =0.1.0, =0.1.0, =0.0.11, =0.0.52, =0.1.0, =0.0.72, =0.1.0, =1.1.1, =0.0.0-3b548b7bf6ff6554f724240da3a11be924237e6c, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: CVE-2026-33937 Source advisory: SNYK:JS-HANDLEBARS-15803084...

9.8CVSS6.2AI score0.01739EPSS
Exploits2
Circl
Circl
added 2026/03/27 6:19 p.m.17 views

CVE-2026-33937

creationtimestamp| type| source ---|---|--- 2026-03-27 18:19:58+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-2w6w-674q-4c4q 2026-03-27 21:38:21+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mi33cy3ffa2s 2026-03-27 22:36:34+00:00| seen|...

9.8CVSS5.7AI score0.01739EPSS
Exploits2References11
EUVD
EUVD
added 2025/10/13 3:19 a.m.1 views

EUVD-2025-33937

Malicious code in scr-theme-production npm...

6.6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:59 a.m.3 views

CVE-2024-33937

Missing Authorization vulnerability in Nico Martin Progressive WordPress PWA.This issue affects Progressive WordPress PWA: from n/a through 2.1.13...

4.3CVSS5.1AI score0.00372EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:54 a.m.11 views

CVE-2023-33937

Stored cross-site scripting XSS vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form's name fiel...

5.4CVSS5.4AI score0.00446EPSS
Exploits0References1
NVD
NVD
added 2024/05/03 9:15 a.m.9 views

CVE-2024-33937

Missing Authorization vulnerability in Nico Martin Progressive WordPress PWA.This issue affects Progressive WordPress PWA: from n/a through 2.1.13...

4.3CVSS5.1AI score0.00372EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/03 8:18 a.m.16 views

CVE-2024-33937 WordPress Progressive WordPress (PWA) plugin <= 2.1.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Nico Martin Progressive WordPress PWA.This issue affects Progressive WordPress PWA: from n/a through 2.1.13...

4.3CVSS6AI score0.00372EPSS
Exploits0References1
CVE
CVE
added 2024/05/03 8:18 a.m.62 views

CVE-2024-33937

CVE-2024-33937 describes a Missing Authorization vulnerability in the Progressive WordPress (PWA) plugin. Connected Red Hat advisory confirms this issue affects Progressive WordPress (PWA) versions up to 2.1.13 and does not provide explicit patch details in the documents. The available informatio...

4.3CVSS5.1AI score0.00372EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/04/29 12:0 a.m.7 views

WordPress Progressive WordPress (PWA) Plugin <= 2.1.13 is vulnerable to Broken Access Control

Software Progressive WordPress PWA Type Plugin Vulnerable versions = 2.1.13 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33937 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 741a95515d2d Credits Abdi Pranata Require...

4.3CVSS6.6AI score0.00372EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2023/05/24 4:26 p.m.4 views

CVE-2023-33937

creationtimestamp| type| source ---|---|--- 2023-05-24 16:26:55+00:00| seen| https://t.me/cibsecurity/64678...

5.4CVSS5.4AI score0.00446EPSS
Exploits0References1
CVE
CVE
added 2023/05/24 12:16 p.m.57 views

CVE-2023-33937

CVE-2023-33937 is a stored XSS weakness in the Form widget configuration of Liferay Portal 7.1.0–7.3.0 and Liferay DXP 7.1 (before fix pack 18) and 7.2 (before fix pack 5). The vulnerability allows remote attackers to inject arbitrary script/HTML via a crafted payload in the form’s name field. Se...

5.4CVSS5.2AI score0.00446EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2022/10/12 8:15 p.m.3 views

CVE-2022-33937

Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker could potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server filesystem, with the privileges of the GeoDrive...

7.1CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/10/12 7:25 p.m.4 views

CVE-2022-33937

Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker could potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server filesystem, with the privileges of the GeoDrive...

7.1CVSS6.9AI score0.00192EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/10/12 7:25 p.m.11 views

CVE-2022-33937

Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker could potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server filesystem, with the privileges of the GeoDrive...

7.1CVSS7AI score0.00192EPSS
Exploits0References1
CVE
CVE
added 2022/10/12 7:25 p.m.52 views

CVE-2022-33937

Dell GeoDrive (versions 1.0–2.2) contains a Path Traversal vulnerability in the reporting function. A local, low-privileged attacker could exploit this flaw to delete files on the server’s filesystem with the GeoDrive service privilege (NT AUTHORITY\SYSTEM). Root cause: insufficient input/path va...

7.1CVSS6.8AI score0.00192EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder