Lucene search
K

72721 matches found

OSV
OSV
added 2026/03/27 10:22 p.m.3 views

GHSA-MVM6-F9R3-FGFX AWS SDK for .NET: Improper escaping of special characters in CloudFront policy document construction

Summary This notification is related to the CloudFront signing utilities in the AWS SDK for .NET, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and...

7.7CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/03/27 10:16 p.m.4 views

CVE-2026-33941

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it...

8.2CVSS0.00291EPSS
Exploits1References7
OSV
OSV
added 2026/03/27 9:17 p.m.2 views

DEBIAN-CVE-2026-33937

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...

9.8CVSS6AI score0.01739EPSS
Exploits2References1
UbuntuCve
UbuntuCve
added 2026/03/27 9:17 p.m.4 views

CVE-2026-33937

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...

9.8CVSS6AI score0.01739EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2026/03/27 9:13 p.m.5 views

CVE-2026-33941

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it...

8.2CVSS6AI score0.00291EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 9:8 p.m.6 views

CVE-2026-33939 Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...

7.5CVSS5.9AI score0.00602EPSS
Exploits1References3
CVE
CVE
added 2026/03/27 9:3 p.m.201 views

CVE-2026-33937

CVE-2026-33937 affects Handlebars.js prior to 4.7.9, where Handlebars.compile() accepts a pre-parsed AST; the NumberLiteral.value is emitted into generated JS without quoting, enabling remote code execution if a crafted AST is supplied. Versions 4.0.0–4.7.8 are vulnerable; 4.7.9 fixes the issue. ...

9.8CVSS6.2AI score0.01739EPSS
Exploits2References7Affected Software1
OSV
OSV
added 2026/03/27 8:43 p.m.1 views

GHSA-443W-3RQ3-5M5H AWS SDK for Java 2.0: Improper Handling of Special Characters in CloudFront Signing Utilities

Summary This notification is related to the CloudFront signing utilities in the AWS SDK for Java v2, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes an...

7.7CVSS5.8AI score
Exploits0References4
OSV
OSV
added 2026/03/27 7:54 p.m.1 views

GHSA-27QH-8CXX-2CR5 AWS SDK for PHP has CloudFront Policy Document Injection via Special Characters

Summary This notification is related to the CloudFront signing utilities in the AWS SDK for PHP, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and...

7.7CVSS5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/27 7:54 p.m.91 views

AWS SDK for PHP has CloudFront Policy Document Injection via Special Characters

Summary This notification is related to the CloudFront signing utilities in the AWS SDK for PHP, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and...

5.8AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/27 7:46 p.m.4 views

CVE-2026-33765 Pi-hole Web Interface has a Command Injection Vulnerability

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical OS Command Injection vulnerability in the savesettings.php file. The application takes the user-controlled $POST'webtheme' parameter...

9.3CVSS6AI score0.01088EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/27 6:19 p.m.4 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview org.webjars.npm:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the compile function. An attacker can execute arbitrary code by supplying a crafted Abstract...

9.8CVSS6.1AI score0.01739EPSS
Exploits2References4
Snyk
Snyk
added 2026/03/27 6:19 p.m.2 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the compile function. An attacker can execute arbitrary code by supplying a crafted Abstract Syntax Tree AST...

9.8CVSS6.2AI score0.01739EPSS
Exploits2References4
NVD
NVD
added 2026/03/27 5:16 p.m.5 views

CVE-2026-30576

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters during stock entry, allowing negative financial values to be submitted. This leads to corruption...

7.5CVSS0.00256EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.7 views

CVE-2025-55270

HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc...

9.8CVSS6AI score0.00997EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 2:25 p.m.15 views

CVE-2021-27401

The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access view and modify user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting XSS...

6.1CVSS6.8AI score0.00586EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 1:58 p.m.2 views

CVE-2026-33284

GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a result, arbitrary URLs can be included in support emails sent to administrators. Version 5.0.89 patches...

5.1CVSS5.9AI score0.00196EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/27 12:15 p.m.5 views

BIT-GITLAB-2026-3988 Inefficient Algorithmic Complexity in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in...

7.5CVSS5.9AI score0.00478EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/03/27 9:4 a.m.9 views

Security update for python312

This update for python312 fixes the following issues: Update to Python 3.12.13: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...

8.7CVSS7AI score0.01525EPSS
Exploits0References40
Snyk
Snyk
added 2026/03/27 7:18 a.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the RedisFilterExpressionConverter function. An attacker can access sensitive information by injecting specially crafted input into the filter value for a TAG field, which is inserted directly into the...

8.7CVSS5.9AI score0.0025EPSS
Exploits0References2
Rows per page
Query Builder