12 matches found
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution (CVE-2026-33937, CVE-2026-33938, CVE-2026-33940, CVE-2026-33941) and denial of service (CVE-2026-33939)
Summary Node.js module handlebars is used by all IBM App Connect Enterprise Certified Container operands. IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution CVE-2026-33937, CVE-2026-33938, CVE-2026-33940, CVE-2026-33941 and denial of service...
Linux Distros Unpatched Vulnerability : CVE-2026-33937
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST obje...
CVE-2026-33941
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it...
CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it...
PT-2026-28573
Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description The Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings – template file names and several CLI options – directly into the JavaScript it emits...
Ruoyi 安全漏洞
Ruoyi is a backend management system by Ruoyi's individual developers. A security vulnerability exists in Ruoyi 4.7.9 and earlier versions, which stems from insufficient input validation in the createTable function in SqlUtil.java, which could lead to a SQL injection attack...
Exploit for Cross-site Scripting in Ruoyi
Authenticated SQL Injection in RuoYi v4.7.9 Bypass of CVE-202...
PT-2024-29455 · Ruoyi · Ruoyi
Name of the Vulnerable Software and Affected Versions: RuoYi versions prior to 4.7.9 Description: The issue allows a remote attacker to execute arbitrary code via the file upload method. This is a Cross Site Scripting vulnerability. Recommendations: For versions prior to 4.7.9, update to a versio...
PT-2023-2254 · Samba +6 · Samba +6
Name of the Vulnerable Software and Affected Versions: Samba versions prior to 4.6.16 Samba versions prior to 4.7.9 Samba versions prior to 4.8.4 Samba versions prior to 4.9.7 Description: The issue is related to insufficient protection of service data, which may allow a remote attacker to disclo...
CVE-2021-21311 SSRF in adminer
Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers e.g. adminer.php are affected. This is fixed in version 4.7.9...
Pluck Cross-Site Request Forgery Vulnerability (CNVD-2019-05782)
Pluck is a content management system CMS developed using the PHP language. A cross-site request forgery vulnerability exists in Pluck version 4.7.9-dev1. A remote attacker can exploit this vulnerability to delete articles with /admin.php?action=deletepage&var1= URI...
UBUNTU-CVE-2018-10918
A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable...