Lucene search
K

241 matches found

Fedora
Fedora
added 2026/03/30 12:16 a.m.6 views

[SECURITY] Fedora 44 Update: libtasn1-4.21.0-1.fc44

A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding functi ons...

7.5CVSS6.3AI score0.01109EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/28 10:46 a.m.8 views

CVE-2026-33937

A flaw was found in Handlebars. An attacker can exploit this by supplying a crafted Abstract Syntax Tree AST object to the Handlebars.compile function. This allows the injection and execution of arbitrary JavaScript code due to improper sanitization of the value field in NumberLiteral AST nodes...

9.8CVSS6.3AI score0.0178EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-33937

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST obje...

9.8CVSS6.8AI score0.0178EPSS
Exploits2References4
OSV
OSV
added 2026/03/27 9:17 p.m.8 views

UBUNTU-CVE-2026-33937

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...

9.8CVSS6.1AI score0.0178EPSS
Exploits2References6
Vulnrichment
Vulnrichment
added 2026/03/27 9:3 p.m.9 views

CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...

9.8CVSS6.2AI score0.0178EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/03/27 9:3 p.m.25 views

CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...

9.8CVSS0.0178EPSS
Exploits2References3
Debian CVE
Debian CVE
added 2026/03/27 9:3 p.m.7 views

CVE-2026-33937

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...

9.8CVSS6AI score0.0178EPSS
Exploits2
EUVD
EUVD
added 2026/03/27 6:21 p.m.7 views

EUVD-2026-16860

Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial...

8.1CVSS5.9AI score0.00703EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/27 6:20 p.m.5 views

EUVD-2026-16849

Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block...

8.1CVSS5.9AI score0.00709EPSS
Exploits1References3
OSV
OSV
added 2026/03/27 6:19 p.m.2 views

GHSA-2W6W-674Q-4C4Q Handlebars.js has JavaScript Injection via AST Type Confusion

Summary Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript without quoting or sanitization. An attacker who can supply a crafted AST to compile can therefore inject and...

9.8CVSS6.2AI score0.0178EPSS
Exploits2References5
Snyk
Snyk
added 2026/03/27 6:19 p.m.4 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview org.webjars.npm:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the compile function. An attacker can execute arbitrary code by supplying a crafted Abstract...

9.8CVSS6.1AI score0.0178EPSS
Exploits2References4
EUVD
EUVD
added 2026/03/27 6:19 p.m.4 views

EUVD-2026-16848

Handlebars.js has JavaScript Injection via AST Type Confusion...

9.8CVSS5.9AI score0.0178EPSS
Exploits2References3
OSV
OSV
added 2026/03/27 2:7 p.m.4 views

OESA-2026-1776 python-pyasn1 security update

Abstract Syntax Notation One ASN.1 is a technology for exchanging structured data in a universally understood, hardware agnostic way. Many industrial, security and telephony applications heavily rely on ASN.1. The pyasn1 library implements ASN.1 support in pure-Python. Security Fixes: The pyasn1...

7.5CVSS7.1AI score0.0058EPSS
Exploits1References2
OSV
OSV
added 2026/03/27 2:7 p.m.5 views

OESA-2026-1775 python-pyasn1 security update

Abstract Syntax Notation One ASN.1 is a technology for exchanging structured data in a universally understood, hardware agnostic way. Many industrial, security and telephony applications heavily rely on ASN.1. The pyasn1 library implements ASN.1 support in pure-Python. Security Fixes: The pyasn1...

7.5CVSS5.9AI score0.0058EPSS
Exploits1References2
Fedora
Fedora
added 2026/03/19 12:55 a.m.6 views

[SECURITY] Fedora 43 Update: libtasn1-4.21.0-1.fc43

A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding functi ons...

7.5CVSS5.8AI score0.01109EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.8 views

pyasn1 安全漏洞

pyasn1 is a Python library developed by the pyasn1 maintenance organization. Versions of pyasn1 prior to 0.6.3 contained security vulnerabilities. These vulnerabilities stemmed from uncontrolled recursion during the decoding of ASN.1 data with deeply nested structures, which could lead to...

7.5CVSS6.8AI score0.0058EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/17 4:17 p.m.4 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion when decoding ASN.1 data. An attacker can cause the application to crash or exhaust system memory by supplying specially crafted ASN.1 data with deeply nested SEQUENCE or SET tags using indefinite Length markers...

8.7CVSS7.2AI score0.0058EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/03/17 12:0 a.m.25 views

Detecting Data Poisoning in Code Generation LLMs Via Black-Box, Vulnerability-Oriented Scanning

Code generation large language models LLMs are increasingly integrated into modern software development workflows. Recent work has shown that these models are vulnerable to backdoor and poisoning attacks that induce the generation of insecure code, yet effective defenses remain limited. Existing...

6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.6 views

EulerOS 2.0 SP12 : libtasn1 (EulerOS-SA-2026-1403)

According to the versions of the libtasn1 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in...

7.5CVSS6.1AI score0.01109EPSS
Exploits0References2
OSV
OSV
added 2026/02/25 5:7 p.m.21 views

CLSA-2026-1772039226 golang: Fix of 2 CVEs

CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory consumption during form parsing - CVE-2025-61732: prevent cgo code smuggling by removing user-controlled content from documentation strings in generated ASTs...

8.6CVSS7AI score0.01945EPSS
Exploits0References1
Rows per page
Query Builder