Lucene search
K

66 matches found

Vulnrichment
Vulnrichment
โ€ขadded 2026/03/27 9:3 p.m.โ€ข9 views

CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...

9.8CVSS6.2AI score0.0178EPSS
Exploits2References3
Debian CVE
Debian CVE
โ€ขadded 2026/03/27 9:3 p.m.โ€ข6 views

CVE-2026-33937

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...

9.8CVSS6AI score0.0178EPSS
Exploits2
EUVD
EUVD
โ€ขadded 2026/03/27 6:21 p.m.โ€ข7 views

EUVD-2026-16860

Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial...

8.1CVSS5.9AI score0.00703EPSS
Exploits1References3
EUVD
EUVD
โ€ขadded 2026/03/27 6:20 p.m.โ€ข5 views

EUVD-2026-16849

Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block...

8.1CVSS5.9AI score0.00709EPSS
Exploits1References3
Snyk
Snyk
โ€ขadded 2026/03/27 6:19 p.m.โ€ข4 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview org.webjars.npm:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the compile function. An attacker can execute arbitrary code by supplying a crafted Abstract...

9.8CVSS6.1AI score0.0178EPSS
Exploits2References4
EUVD
EUVD
โ€ขadded 2026/03/27 6:19 p.m.โ€ข3 views

EUVD-2026-16848

Handlebars.js has JavaScript Injection via AST Type Confusion...

9.8CVSS5.9AI score0.0178EPSS
Exploits2References3
OSV
OSV
โ€ขadded 2026/03/27 6:19 p.m.โ€ข2 views

GHSA-2W6W-674Q-4C4Q Handlebars.js has JavaScript Injection via AST Type Confusion

Summary Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript without quoting or sanitization. An attacker who can supply a crafted AST to compile can therefore inject and...

9.8CVSS6.2AI score0.0178EPSS
Exploits2References5
Packet Storm News
Packet Storm News
โ€ขadded 2026/03/17 12:0 a.m.โ€ข22 views

Detecting Data Poisoning in Code Generation LLMs Via Black-Box, Vulnerability-Oriented Scanning

Code generation large language models LLMs are increasingly integrated into modern software development workflows. Recent work has shown that these models are vulnerable to backdoor and poisoning attacks that induce the generation of insecure code, yet effective defenses remain limited. Existing...

6AI score
Exploits0
OSV
OSV
โ€ขadded 2026/02/25 5:7 p.m.โ€ข13 views

CLSA-2026-1772039226 golang: Fix of 2 CVEs

CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory consumption during form parsing - CVE-2025-61732: prevent cgo code smuggling by removing user-controlled content from documentation strings in generated ASTs...

8.6CVSS7AI score0.01945EPSS
Exploits0References1
OSV
OSV
โ€ขadded 2026/02/24 9:41 p.m.โ€ข8 views

GHSA-MXHJ-88FX-4PCV Fickling: OBJ opcode call invisibility bypasses all safety checks

Assessment The interpreter so it behaves closer to CPython when dealing with OBJ, NEWOBJ, and NEWOBJEX opcodes https://github.com/trailofbits/fickling/commit/ff423dade2bb1f72b2b48586c022fac40cbd9a4a. Original report Summary All 5 of fickling's safety interfaces -- islikelysafe, checksafety, CLI...

9.4CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
โ€ขadded 2026/02/22 12:0 a.m.โ€ข6 views

PT-2026-21404

A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check and merge special rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name:...

4.8CVSS5.1AI score0.00113EPSS
Exploits0References9
Packet Storm News
Packet Storm News
โ€ขadded 2026/02/20 12:0 a.m.โ€ข4 views

Detecting PowerShell-Based Fileless Cryptojacking Attacks Using Machine Learning

With the emergence of remote code execution RCE vulnerabilities in ubiquitous libraries and advanced social engineering techniques, threat actors have started conducting widespread fileless cryptojacking attacks. These attacks have become effective with stealthy techniques based on PowerShell-bas...

6.6AI score
Exploits0
Snyk
Snyk
โ€ขadded 2026/02/18 10:38 p.m.โ€ข11 views

Regular Expression Denial of Service (ReDoS)

Overview minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the AST class, caused by catastrophic backtracking when an input string contains many characters in a row, followed by an unmatched character. Detail...

8.7CVSS5.5AI score0.00519EPSS
Exploits1References2
RedhatCVE
RedhatCVE
โ€ขadded 2026/02/08 1:21 a.m.โ€ข8 views

CVE-2026-25533

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...

8.8CVSS5.6AI score0.0023EPSS
Exploits1References1
GithubExploit
GithubExploit
โ€ขadded 2025/12/24 6:36 a.m.โ€ข294 views

PoC-Analyzer

PoC Analyzer Proof-of-Concept Malicious Intent Detector !P...

7.3AI score
Exploits0
EUVD
EUVD
โ€ขadded 2025/10/03 8:7 p.m.โ€ข6 views

EUVD-2022-1041

Malicious code in bioql PyPI...

6.3CVSS5.6AI score0.0103EPSS
Exploits1References8
Github Security Blog
Github Security Blog
โ€ขadded 2025/09/29 3:0 p.m.โ€ข5 views

CodeQL zero to hero part 5: Debugging queries

When you're first getting started with CodeQL, you may find yourself in a situation where a query doesn't return the results you expect. Debugging these queries can be tricky, because CodeQL is a Prolog-like language with an evaluation model that's quite different from mainstream languages like...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
โ€ขadded 2025/08/18 12:0 a.m.โ€ข3 views

VerilogLAVD: LLM-Aided Rule Generation for Vulnerability Detection in Verilog

Timely detection of hardware vulnerabilities during the early design stage is critical for reducing remediation costs. Existing early detection techniques often require specialized security expertise, limiting their usability. Recent efforts have explored the use of large language models LLMs for...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
โ€ขadded 2025/07/30 12:0 a.m.โ€ข3 views

Breaking Obfuscation: Cluster-Aware Graph with LLM-Aided Recovery for Malicious JavaScript Detection

With the rapid expansion of web-based applications and cloud services, malicious JavaScript code continues to pose significant threats to user privacy, system integrity, and enterprise security. But, detecting such threats remains challenging due to sophisticated code obfuscation techniques and...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
โ€ขadded 2025/05/13 1:53 p.m.โ€ข7 views

github.com/expr-lang/expr: Memory Exhaustion in Expr Parser with Unrestricted Input

A flaw was found in Expr. This vulnerability allows excessive memory usage and potential out-of-memory OOM crashes via unbounded input strings, where a malicious or inadvertent large expression can cause the parser to construct an extremely large Abstract Syntax Tree AST, consuming excessive memo...

7.5CVSS5.8AI score0.00577EPSS
Exploits0References6
Rows per page
Query Builder