ROOT-APP-NPM-CVE-2026-33938 CVE-2026-33938 in @rootio/handlebars - Patched by Root

Root has patched CVE-2026-33938 in the @rootio/handlebars package for Root:npm. Multiple fixed versions available...

EUVD-2018-0564

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2015-8861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting XSS attacks by leveraging a template with an attribute...

Exploit for CVE-2021-23369

CVE-2021-23369 Handlebars CVE-2021-23369 Vulnerability p...

CVE-2021-23383

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source...

CVE-2021-23369

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution RCE when selecting certain compiling options to compile templates coming from an untrusted source...

CVE-2021-23369

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution RCE when selecting certain compiling options to compile templates coming from an untrusted source...

CVE-2021-23369

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution RCE when selecting certain compiling options to compile templates coming from an untrusted source...

CVE-2021-23369 Remote Code Execution (RCE)

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution RCE when selecting certain compiling options to compile templates coming from an untrusted source...

Denial of Service

Overview Affected versions of handlebars are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. Recommendation Upgrade to version...

Cross site scripting

The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting XSS attacks by leveraging a template with an attribute that is not quoted...

CVE-2015-8861

The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting XSS attacks by leveraging a template with an attribute that is not quoted...

CVE-2015-8861

CVE-2015-8861 affects the Handlebars package for Node.js, with a vulnerability in templates that contain unquoted attributes, enabling remote XSS. The issue is tied to Handlebars pre-4.0.0 versions. Impact is cross-site scripting in contexts that render untrusted templates; no exploit details are...