CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

Veracode•added 2026/04/16 11:12 a.m.•5 views

Code Injection

Handlebars is vulnerable to code injection. The vulnerability is due to improper sanitization of user-controlled inputs in the CLI precompiler, which allows an attacker to inject arbitrary JavaScript via crafted template filenames or CLI arguments and execute it when the generated code is run...

8.2CVSS6AI score0.00009EPSS

Exploits1References3Affected Software1

RedhatCVE•added 2026/03/28 10:11 a.m.•0 views

CVE-2026-33941

A flaw was found in Handlebars. The Handlebars command-line interface CLI precompiler concatenates user-controlled strings, such as template file names and CLI options, directly into the generated JavaScript without proper escaping or sanitization. An attacker capable of influencing these inputs...

8.2CVSS6.4AI score0.00009EPSS

Exploits1References6

Tenable Nessus•added 2026/03/28 12:0 a.m.•0 views

Linux Distros Unpatched Vulnerability : CVE-2026-33941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars /...

8.2CVSS7.2AI score0.00009EPSS

Exploits1References4

OSV•added 2026/03/27 10:16 p.m.•2 views

DEBIAN-CVE-2026-33941

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it...

8.2CVSS5.6AI score0.00009EPSS

Exploits1References1

NVD•added 2026/03/27 10:16 p.m.•2 views

CVE-2026-33941

8.2CVSS0.00009EPSS

Exploits1References3

OSV•added 2026/03/27 10:16 p.m.•3 views

UBUNTU-CVE-2026-33941

8.2CVSS5.9AI score0.00009EPSS

Exploits1References6

UbuntuCve•added 2026/03/27 10:16 p.m.•2 views

CVE-2026-33941

8.2CVSS5.9AI score0.00009EPSS

Exploits1References5

Vulnrichment•added 2026/03/27 9:13 p.m.•3 views

CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

8.2CVSS6AI score0.00009EPSS

Exploits1References3

CVE•added 2026/03/27 9:13 p.m.•33 views

CVE-2026-33941

The CVE-2026-33941 issue affects the Handlebars CLI precompiler (bin/handlebars, lib/precompiler.js) from versions 4.0.0–4.7.8, where user-controlled template filenames and CLI options are concatenated into the emitted JavaScript without escaping. An attacker who can influence filenames or argume...

8.2CVSS6AI score0.00009EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/03/27 9:13 p.m.•21 views

CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

8.2CVSS0.00009EPSS

Exploits1References3

OSV•added 2026/03/27 9:13 p.m.•1 views

CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

8.2CVSS6AI score0.00009EPSS

Exploits1References5

Debian CVE•added 2026/03/27 9:13 p.m.•3 views

CVE-2026-33941

8.2CVSS5.6AI score0.00009EPSS

Exploits1

ATTACKERKB•added 2026/03/27 9:13 p.m.•4 views

CVE-2026-33941

8.2CVSS6AI score0.00009EPSS

Exploits1References4Affected Software1

Snyk•added 2026/03/27 6:22 p.m.•3 views

Improper Encoding or Escaping of Output

Overview handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the CLI precompiler in lib/precompiler.js. An attacker can execute arbitrary JavaScript in the generated bundle by supplying...

8.4CVSS6.1AI score0.00009EPSS

Exploits1References4

Snyk•added 2026/03/27 6:22 p.m.•1 views

Improper Encoding or Escaping of Output

Overview org.webjars.npm:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the CLI precompiler in lib/precompiler.js. An attacker can execute arbitrary JavaScript in the generated...

8.4CVSS6AI score0.00009EPSS

Exploits1References4

EUVD•added 2026/03/27 6:22 p.m.•0 views

EUVD-2026-16862

Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options...

8.2CVSS5.9AI score0.00009EPSS

Exploits1References3

OSV•added 2026/03/27 6:22 p.m.•1 views

GHSA-XJPJ-3MR7-GCPF Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

Summary The Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it emits, without any escaping or sanitization. An attacker who can influence template filenames or CLI...

8.2CVSS6AI score0.00009EPSS

Exploits1References5

Github Security Blog•added 2026/03/27 6:22 p.m.•10 views

Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

8.2CVSS6AI score0.00009EPSS

Exploits1References5Affected Software1

Positive Technologies•added 2026/03/27 12:0 a.m.•1 views

PT-2026-28573

Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description The Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings – template file names and several CLI options – directly into the JavaScript it emits...

8.2CVSS6.1AI score0.00009EPSS

Exploits1References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by