CVE-2026-41311

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block reference in % layout % / % block % causes an infinite recursive loop, consuming all available memory 4GB and crashing the Node.js process with FATAL ERROR: JavaScript he...

CVE-2026-41311

Vulnerability: CVE-2026-41311 affects LiquidJS (Shopify/GitHub Pages compatible template engine). Before 10.25.7, a circular reference in {% layout %} / {% block %} can trigger infinite recursion, exhausting memory (~4 GB) and crashing the Node.js process. Impact: Denial of Service from user-subm...

EUVD-2026-28886

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block reference in % layout % / % block % causes an infinite recursive loop, consuming all available memory 4GB and crashing the Node.js process with FATAL ERROR: JavaScript he...

PT-2026-35030

Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.25.7 Description A circular block reference within % layout % and % block % tags can trigger an infinite recursive loop. This occurs in the getBlockRender function within src/tags/block.ts during OUTPUT mode; when...

CVE-2024-3189

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including,...

CVE-2021-41144

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

Design/Logic Flaw

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

CVE-2021-41144 OpenMage LTS authenticated remote code execution through layout update

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

OpenMage LTS 命令注入漏洞

OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A command injection vulnerability exists in OpenMage LTS versions 19.4.22 through 20.0.19, which stems from the layout block being able to bypass the block blacklist to execute remote code...

PT-2023-12375 · Unknown · Openmage Lts

Name of the Vulnerable Software and Affected Versions: OpenMage LTS versions prior to 19.4.22 OpenMage LTS versions prior to 20.0.19 Description: The issue allows a layout block to bypass the block blacklist, enabling the execution of remote code. This is a significant problem for an e-commerce...

chromium-browser: LayoutBlock.cpp in Blink does not properly determine when anonymous block wrappers may exist

WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service incorrect cast and assertion failure or possibly have unspecified other...