Lucene search
K

386 matches found

OSV
OSV
added 2026/03/27 9:17 p.m.3 views

DEBIAN-CVE-2026-33937

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...

9.8CVSS6AI score0.0178EPSS
Exploits2References1
NVD
NVD
added 2026/03/27 9:17 p.m.6 views

CVE-2026-33937

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...

9.8CVSS0.0178EPSS
Exploits2References8
NVD
NVD
added 2026/03/27 9:17 p.m.5 views

CVE-2026-33938

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the @partial-block special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper...

8.1CVSS0.00709EPSS
Exploits1References8
OSV
OSV
added 2026/03/27 9:17 p.m.1 views

DEBIAN-CVE-2026-33916

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, resolvePartial in the Handlebars runtime resolves partial names via a plain property lookup on options.partials without guarding against prototype-chain traversal. When Object.prototype...

4.7CVSS5.3AI score0.00276EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 9:17 p.m.5 views

UBUNTU-CVE-2026-33938

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the @partial-block special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper...

8.1CVSS6.1AI score0.00709EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/03/27 9:17 p.m.3 views

CVE-2026-33938

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the @partial-block special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper...

8.1CVSS6.2AI score0.00709EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/03/27 9:17 p.m.5 views

CVE-2026-33937

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...

9.8CVSS6AI score0.0178EPSS
Exploits2References5
UbuntuCve
UbuntuCve
added 2026/03/27 9:17 p.m.4 views

CVE-2026-33916

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, resolvePartial in the Handlebars runtime resolves partial names via a plain property lookup on options.partials without guarding against prototype-chain traversal. When Object.prototype...

4.7CVSS5.7AI score0.00276EPSS
Exploits1References5
OSV
OSV
added 2026/03/27 9:17 p.m.8 views

UBUNTU-CVE-2026-33937

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...

9.8CVSS6.1AI score0.0178EPSS
Exploits2References6
OSV
OSV
added 2026/03/27 9:17 p.m.5 views

UBUNTU-CVE-2026-33916

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, resolvePartial in the Handlebars runtime resolves partial names via a plain property lookup on options.partials without guarding against prototype-chain traversal. When Object.prototype...

4.7CVSS5.7AI score0.00276EPSS
Exploits1References6
OSV
OSV
added 2026/03/27 9:13 p.m.5 views

CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it...

8.2CVSS6AI score0.00291EPSS
Exploits1References10
Cvelist
Cvelist
added 2026/03/27 9:13 p.m.26 views

CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it...

8.2CVSS0.00291EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/27 9:13 p.m.5 views

CVE-2026-33941

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it...

8.2CVSS6AI score0.00291EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 9:13 p.m.11 views

CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it...

8.2CVSS6AI score0.00291EPSS
Exploits1References3
CVE
CVE
added 2026/03/27 9:13 p.m.92 views

CVE-2026-33941

The CVE-2026-33941 issue affects the Handlebars CLI precompiler (bin/handlebars, lib/precompiler.js) from versions 4.0.0–4.7.8, where user-controlled template filenames and CLI options are concatenated into the emitted JavaScript without escaping. An attacker who can influence filenames or argume...

8.2CVSS6AI score0.00291EPSS
Exploits1References8Affected Software1
Debian CVE
Debian CVE
added 2026/03/27 9:13 p.m.5 views

CVE-2026-33941

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it...

8.2CVSS5.6AI score0.00291EPSS
Exploits1
Debian CVE
Debian CVE
added 2026/03/27 9:11 p.m.2 views

CVE-2026-33940

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in resolvePartial and cause invokePartial to return undefined. The Handlebars runtime then treats the...

8.1CVSS5.5AI score0.00703EPSS
Exploits1
Cvelist
Cvelist
added 2026/03/27 9:11 p.m.27 views

CVE-2026-33940 Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in resolvePartial and cause invokePartial to return undefined. The Handlebars runtime then treats the...

8.1CVSS0.00703EPSS
Exploits1References3
OSV
OSV
added 2026/03/27 9:11 p.m.5 views

CVE-2026-33940 Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in resolvePartial and cause invokePartial to return undefined. The Handlebars runtime then treats the...

8.1CVSS5.9AI score0.00703EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2026/03/27 9:11 p.m.5 views

CVE-2026-33940

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in resolvePartial and cause invokePartial to return undefined. The Handlebars runtime then treats the...

8.1CVSS5.9AI score0.00703EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder