Lucene search
+L

12 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 1:34 p.m.11 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution (CVE-2026-33937, CVE-2026-33938, CVE-2026-33940, CVE-2026-33941) and denial of service (CVE-2026-33939)

Summary Node.js module handlebars is used by all IBM App Connect Enterprise Certified Container operands. IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution CVE-2026-33937, CVE-2026-33938, CVE-2026-33940, CVE-2026-33941 and denial of service...

9.8CVSS6.5AI score0.0178EPSS
Exploits6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-33937

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST obje...

9.8CVSS6.8AI score0.0178EPSS
Exploits2References4
Debian CVE
Debian CVE
added 2026/03/27 9:13 p.m.7 views

CVE-2026-33941

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it...

8.2CVSS5.6AI score0.00291EPSS
Exploits1
OSV
OSV
added 2026/03/27 9:13 p.m.5 views

CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it...

8.2CVSS6AI score0.00291EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.9 views

PT-2026-28573

Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description The Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings – template file names and several CLI options – directly into the JavaScript it emits...

8.2CVSS6.1AI score0.00291EPSS
Exploits1References16
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.8 views

Ruoyi 安全漏洞

Ruoyi is a backend management system by Ruoyi's individual developers. A security vulnerability exists in Ruoyi 4.7.9 and earlier versions, which stems from insufficient input validation in the createTable function in SqlUtil.java, which could lead to a SQL injection attack...

10CVSS7.4AI score0.00587EPSS
Exploits2References5
GithubExploit
GithubExploit
added 2024/12/18 4:3 p.m.245 views

Exploit for Cross-site Scripting in Ruoyi

Authenticated SQL Injection in RuoYi v4.7.9 Bypass of CVE-202...

6.1CVSS8.4AI score0.00341EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2024/07/19 12:0 a.m.4 views

PT-2024-29455 · Ruoyi · Ruoyi

Name of the Vulnerable Software and Affected Versions: RuoYi versions prior to 4.7.9 Description: The issue allows a remote attacker to execute arbitrary code via the file upload method. This is a Cross Site Scripting vulnerability. Recommendations: For versions prior to 4.7.9, update to a versio...

6.1CVSS7.5AI score0.00486EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/03/29 12:0 a.m.6 views

PT-2023-2254 · Samba +6 · Samba +6

Name of the Vulnerable Software and Affected Versions: Samba versions prior to 4.6.16 Samba versions prior to 4.7.9 Samba versions prior to 4.8.4 Samba versions prior to 4.9.7 Description: The issue is related to insufficient protection of service data, which may allow a remote attacker to disclo...

9.8CVSS6.4AI score0.74265EPSS
Exploits14References140
Vulnrichment
Vulnrichment
added 2021/02/11 8:55 p.m.2 views

CVE-2021-21311 SSRF in adminer

Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers e.g. adminer.php are affected. This is fixed in version 4.7.9...

7.2CVSS6.4AI score0.90072EPSS
Exploits3References5
CNVD
CNVD
added 2019/02/25 12:0 a.m.1 views

Pluck Cross-Site Request Forgery Vulnerability (CNVD-2019-05782)

Pluck is a content management system CMS developed using the PHP language. A cross-site request forgery vulnerability exists in Pluck version 4.7.9-dev1. A remote attacker can exploit this vulnerability to delete articles with /admin.php?action=deletepage&var1= URI...

6.5CVSS7AI score0.00556EPSS
Exploits1References1
OSV
OSV
added 2018/08/14 12:0 a.m.4 views

UBUNTU-CVE-2018-10918

A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable...

6.5CVSS6.7AI score0.02546EPSS
Exploits0References4
Rows per page
Query Builder