Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the toString function in the AST Serialization. An attacker can cause uncontrolled recursion by providing specially crafted input, potentially resulting in resource exhaustion and application unavailability...

Tailored Prompts, Targeted Protection: Vulnerability-Specific LLM Analysis for Smart Contracts

Smart contracts on blockchains are prone to diverse security vulnerabilities that can lead to significant financial losses due to their immutable nature. Existing detection approaches often lack flexibility across vulnerability types and rely heavily on manually crafted expert rules. In this pape...

CVE-2026-41305

PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape tags,...

EUVD-2026-25383

PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...

The Code Whisperer: LLM and Graph-Based AI for Smell and Vulnerability Resolution

Code smells and software vulnerabilities both increase maintenance cost, yet they are often handled by separate tools that miss structural context and produce noisy warnings. This paper presents The Code Whisperer, a hybrid framework that combines graph-based program analysis with large language...

Type Confusion

Handlebars is vulnerable to Type Confusion. The vulnerability is due to unsanitized handling of pre-parsed AST input in Handlebars.compile, which allows an attacker to inject malicious JavaScript via crafted AST nodes and execute arbitrary code...

Aether Smart Contract Security Analysis Framework 6.0

Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and validating exploits on mainnet forks. It combines Solidity AST parsing, taint analysis, control flow graph analysis, cross-contract...

Aether Smart Contract Security Analysis Framework 5.0.2

Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and validating exploits on mainnet forks. It combines Solidity AST parsing, taint analysis, control flow graph analysis, cross-contract...

SkillSieve: A Hierarchical Triage Framework for Detecting Malicious AI Agent Skills

OpenClaw's ClawHub marketplace hosts over 13,000 community-contributed agent skills, and between 13% and 26% of them contain security vulnerabilities according to recent audits. Regex scanners miss obfuscated payloads; formal static analyzers cannot read the natural language instructions in...

Incomplete Filtering of Special Elements

Overview PyBlade is a PyBlade is a lightweight template engine for Python, initially designed for Django. Inspired by Laravel's Blade and Livewire, it simplifies dynamic template creation with developer-friendly @-based directives and component support, all while prioritizing security. Affected...

CVE-2026-33937

A flaw was found in Handlebars. An attacker can exploit this by supplying a crafted Abstract Syntax Tree AST object to the Handlebars.compile function. This allows the injection and execution of arbitrary JavaScript code due to improper sanitization of the value field in NumberLiteral AST nodes...

Linux Distros Unpatched Vulnerability : CVE-2026-33937

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST obje...

UBUNTU-CVE-2026-33937

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...

CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...

CVE-2026-33937

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...

CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...

EUVD-2026-16860

Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial...

EUVD-2026-16849

Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block...

Access of Resource Using Incompatible Type ('Type Confusion')

Overview org.webjars.npm:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the compile function. An attacker can execute arbitrary code by supplying a crafted Abstract...

GHSA-2W6W-674Q-4C4Q Handlebars.js has JavaScript Injection via AST Type Confusion

Summary Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript without quoting or sanitization. An attacker who can supply a crafted AST to compile can therefore inject and...