14 matches found
CVE-2026-33940
A flaw was found in Handlebars.js. A remote attacker can exploit this vulnerability by providing a specially crafted object within the template context. This crafted object, when processed by a dynamic partial lookup, can bypass security checks and be interpreted as malicious code. This allows th...
DEBIAN-CVE-2026-33940
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in resolvePartial and cause invokePartial to return undefined. The Handlebars runtime then treats the...
CVE-2026-33940
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in resolvePartial and cause invokePartial to return undefined. The Handlebars runtime then treats the...
CVE-2026-33940
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in resolvePartial and cause invokePartial to return undefined. The Handlebars runtime then treats the...
CVE-2026-33940
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in resolvePartial and cause invokePartial to return undefined. The Handlebars runtime then treats the...
PT-2026-28572
Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description Handlebars allows users to build semantic templates. A crafted object placed in the template context can bypass conditional guards in the resolvePartial function, causing invokePartial to...
CVE-2025-12735
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluat...
EUVD-2012-3390
Malware in sbrugna...
SUSE CVE-2012-3420
Multiple memory leaks in Performance Co-Pilot PCP before 3.6.5 allow remote attackers to cause a denial of service memory consumption or daemon crash via a large number of PDUs with 1 a crafted context number to the DoFetch function in pmcd/src/dofetch.c or 2 a negative type value to the pmGetPDU...
Paessler PRTG Network Monitor 安全漏洞
Paessler PRTG Network Monitor is a full-featured network monitoring and management software from Paessler, Germany. A security vulnerability exists in PRTG Network Monitor before 21.1.66.1623, which can be exploited by an attacker to invoke the screenshot function by using a prepared context path...
Design/Logic Flaw
Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog...
CVE-2009-2197
Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog...
DEBIAN-CVE-2012-3420
Multiple memory leaks in Performance Co-Pilot PCP before 3.6.5 allow remote attackers to cause a denial of service memory consumption or daemon crash via a large number of PDUs with 1 a crafted context number to the DoFetch function in pmcd/src/dofetch.c or 2 a negative type value to the pmGetPDU...
Code injection
Multiple memory leaks in Performance Co-Pilot PCP before 3.6.5 allow remote attackers to cause a denial of service memory consumption or daemon crash via a large number of PDUs with 1 a crafted context number to the DoFetch function in pmcd/src/dofetch.c or 2 a negative type value to the pmGetPDU...