Lucene search
K

387 matches found

Nuclei
Nuclei
added yesterday98 views

Express-handlebars - Local File Inclusion

Express-handlebars is susceptible to local file inclusion because it mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...

8.6CVSS7AI score0.17988EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 5:3 p.m.4 views

Security Bulletin: Vulnerabilities in Spring Security, Handlebars, Apache MINA and Apache Tomcat might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Security, Handlebars, Apache MINA and Apache Tomcat. Vulnerabilities include an authorization bypass, providing the power necessary to let users build semantic templates, allowing arbitrary code to be...

9.8CVSS6.5AI score0.0178EPSS
Exploits5Affected Software1
OSV
OSV
added 2026/06/26 1:22 p.m.4 views

ROOT-APP-MAVEN-CVE-2026-55760 CVE-2026-55760 in io.root.com.github.jknack:handlebars - Patched by Root

Root has patched CVE-2026-55760 in the io.root.com.github.jknack:handlebars package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.00414EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/17 6:42 p.m.9 views

handlebars.java FileTemplateLoader Path Traversal

Impact Any application that passes user-controlled input to Handlebars.compile using a FileTemplateLoader or ClassPathTemplateLoader is vulnerable to arbitrary file read. This is a realistic attack surface for web applications that use template names from URL path parameters, request parameters, ...

7.5CVSS5.5AI score0.00414EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/17 11:54 a.m.4 views

ROOT-APP-NPM-GHSA-7RX3-28CR-V5WH GHSA-7rx3-28cr-v5wh in @rootio/handlebars - Patched by Root

Root has patched GHSA-7rx3-28cr-v5wh in the @rootio/handlebars package for Root:npm. Multiple fixed versions available...

4.8CVSS5.8AI score
Exploits0
OSV
OSV
added 2026/06/17 11:54 a.m.7 views

ROOT-APP-NPM-CVE-2026-33938 CVE-2026-33938 in @rootio/handlebars - Patched by Root

Root has patched CVE-2026-33938 in the @rootio/handlebars package for Root:npm. Multiple fixed versions available...

8.1CVSS5.9AI score0.00709EPSS
Exploits1
OSV
OSV
added 2026/06/17 11:54 a.m.7 views

ROOT-APP-NPM-CVE-2026-33937 CVE-2026-33937 in @rootio/handlebars - Patched by Root

Root has patched CVE-2026-33937 in the @rootio/handlebars package for Root:npm. Multiple fixed versions available...

9.8CVSS5.9AI score0.0178EPSS
Exploits2
OSV
OSV
added 2026/06/17 11:54 a.m.6 views

ROOT-APP-NPM-CVE-2026-33941 CVE-2026-33941 in @rootio/handlebars - Patched by Root

Root has patched CVE-2026-33941 in the @rootio/handlebars package for Root:npm. Multiple fixed versions available...

8.2CVSS5.9AI score0.00291EPSS
Exploits1
OSV
OSV
added 2026/06/17 11:54 a.m.7 views

ROOT-APP-NPM-CVE-2026-33940 CVE-2026-33940 in @rootio/handlebars - Patched by Root

Root has patched CVE-2026-33940 in the @rootio/handlebars package for Root:npm. Multiple fixed versions available...

8.1CVSS5.9AI score0.00703EPSS
Exploits1
OSV
OSV
added 2026/06/17 11:54 a.m.8 views

ROOT-APP-NPM-CVE-2026-33916 CVE-2026-33916 in @rootio/handlebars - Patched by Root

Root has patched CVE-2026-33916 in the @rootio/handlebars package for Root:npm. Multiple fixed versions available...

4.7CVSS5.8AI score0.00276EPSS
Exploits1
OSV
OSV
added 2026/06/17 11:54 a.m.9 views

ROOT-APP-NPM-CVE-2026-33939 CVE-2026-33939 in @rootio/handlebars - Patched by Root

Root has patched CVE-2026-33939 in the @rootio/handlebars package for Root:npm. Multiple fixed versions available...

7.5CVSS5.9AI score0.00616EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.11 views

Unity Linux 20.1060e / 20.1070e Security Update: nodejs-handlebars (UTSA-2026-016670)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016670 advisory. The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted...

9.8CVSS6.9AI score0.04506EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 1:34 p.m.11 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution (CVE-2026-33937, CVE-2026-33938, CVE-2026-33940, CVE-2026-33941) and denial of service (CVE-2026-33939)

Summary Node.js module handlebars is used by all IBM App Connect Enterprise Certified Container operands. IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution CVE-2026-33937, CVE-2026-33938, CVE-2026-33940, CVE-2026-33941 and denial of service...

9.8CVSS6.5AI score0.0178EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 9:18 a.m.11 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Handlebars

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Handlebars. CVE-2026-33937, CVE-2026-33938, CVE-2026-33939, CVE-2026-33940, CVE-2026-33941 The vulnerabilities have been addressed. Vulnerability Details...

9.8CVSS6.2AI score0.0178EPSS
Exploits6Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/29 1:24 p.m.16 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.13.1 Vulnerability Details CVEID:CVE-2026-22737 DESCRIPTION: Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of conten...

9.8CVSS8.7AI score0.47621EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/24 5:45 p.m.19 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.4.1 Vulnerability Details CVEID:CVE-2026-33916 DESCRIPTION: Handlebars provides the power necessary to let users build...

9.8CVSS7.1AI score0.0178EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/24 2:7 p.m.14 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple node modules.

Summary IBM App Connect Enterprise runtime, IBM App Connect Enterprise Connector Discovery and OpenAPI Editor and IBM App Connect Enterprise Discovery Connectors are vulnerable to multiple vulnerabilities due to multiple node modules. Vulnerability Details CVEID:CVE-2026-33916 DESCRIPTION:...

9.8CVSS6.5AI score0.0178EPSS
Exploits6Affected Software1
GithubExploit
GithubExploit
added 2026/04/21 11:50 p.m.150 views

Exploit for Injection in Ghost

This is a rework of the Repo by rootxran for this same CVE - htt...

9.8CVSS5.8AI score0.00372EPSS
Exploits3
Veracode
Veracode
added 2026/04/16 11:12 a.m.11 views

Code Injection

Handlebars is vulnerable to code injection. The vulnerability is due to improper sanitization of user-controlled inputs in the CLI precompiler, which allows an attacker to inject arbitrary JavaScript via crafted template filenames or CLI arguments and execute it when the generated code is run...

8.2CVSS6AI score0.00291EPSS
Exploits1References9Affected Software1
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.8 views

EspoCRM 安全漏洞

EspoCRM is an open-source, web-based Customer Relationship Management system CRM developed by EspoCRM. This system offers features such as sales automation, community management, and customer support. EspoCRM versions 9.3.3 and earlier contained security vulnerabilities. These vulnerabilities wer...

5.4CVSS5.8AI score0.00176EPSS
Exploits2References2
Rows per page
Query Builder