CVE-2026-33937

A flaw was found in Handlebars. An attacker can exploit this by supplying a crafted Abstract Syntax Tree AST object to the Handlebars.compile function. This allows the injection and execution of arbitrary JavaScript code due to improper sanitization of the value field in NumberLiteral AST nodes...

CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...

Access of Resource Using Incompatible Type ('Type Confusion')

Overview org.webjars.npm:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the compile function. An attacker can execute arbitrary code by supplying a crafted Abstract...

Access of Resource Using Incompatible Type ('Type Confusion')

Overview handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the compile function. An attacker can execute arbitrary code by supplying a crafted Abstract Syntax Tree AST...

PT-2026-28569

Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description Handlebars allows Remote Code Execution RCE through a crafted Abstract Syntax Tree AST object. The Handlebars.compile function accepts either a template string or a pre-parsed AST. When an AS...

CVE-2026-4833

A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the...

UBUNTU-CVE-2026-4833

A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the...

CVE-2026-4833

CVE-2026-4833 affects Orc discount up to 3.0.1.2, specifically the Markdown Handler's markdown.c compile function. The issue causes uncontrolled recursion when fed input such as an infinitely deep blockquote, leading to a local-execution crash. Public exploit availability exists, and the project ...

CVE-2026-4833

A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the...

CVE-2026-4833 Orc discount Markdown markdown.c compile recursion

A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the...

CVE-2026-4833 Orc discount Markdown markdown.c compile recursion

A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the...

discount 安全漏洞

discount is a Markdown language parsing and conversion tool developed by Orc developers. Versions of discount 3.0.1.2 and earlier contain security vulnerabilities. These vulnerabilities stem from the compile function in the markdown.c file being manipulated in a way that allows uncontrolled...

PT-2026-28186

A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the...

PT-2026-7120

A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc pop funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has been disclosed to the public and may be...

PT-2024-40647 · Wasmedge · Wasmedge

Name of the Vulnerable Software and Affected Versions: WasmEdge affected versions not specified Description: A crash issue was identified in WasmEdge, related to a container-overflow read. The issue occurs in the compile function of the WasmEdge::LLVM::Compiler module, which is called by...

Arbitrary Code Injection

accesslog is vulnerable to arbitrary code injection. The vulnerability exists in compile function in compile.js due to lack of sanitization of inputs which allows an attacker to inject and execute arbitrary javascript code...