16996 matches found
CVE-2026-33938
A flaw was found in Handlebars. A remote attacker can exploit this vulnerability by manipulating the @partial-block special variable within the template data context. By overwriting @partial-block with a specially crafted Abstract Syntax Tree AST through a helper, a subsequent invocation of...
[SECURITY] Fedora 42 Update: dotnet10.0-10.0.104-1.fc42
.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...
SUSE CVE-2026-32285
The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...
Linux Distros Unpatched Vulnerability : CVE-2026-33938
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the @partial-block special variable is stored in...
Linux Distros Unpatched Vulnerability : CVE-2026-23283
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: regulator: fp9931: Fix PM runtime reference leak in fp9931hwmonread In fp9931hwmonread, if...
OpenClaw: Gateway Plugin HTTP Auth Grants Unrestricted operator.admin Runtime Scope to All Callers
Summary Gateway Plugin HTTP auth: "gateway" Mints operator.admin Runtime Scope Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Gateway-authenticated plugin...
GHSA-QM2M-28PF-HGJW OpenClaw: Gateway Plugin HTTP Auth Grants Unrestricted operator.admin Runtime Scope to All Callers
Summary Gateway Plugin HTTP auth: "gateway" Mints operator.admin Runtime Scope Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Gateway-authenticated plugin...
CVE-2026-33940
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in resolvePartial and cause invokePartial to return undefined. The Handlebars runtime then treats the...
UBUNTU-CVE-2026-33940
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in resolvePartial and cause invokePartial to return undefined. The Handlebars runtime then treats the...
CVE-2026-33937
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...
DEBIAN-CVE-2026-33938
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the @partial-block special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper...
CVE-2026-33938
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the @partial-block special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper...
UBUNTU-CVE-2026-33937
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...
CVE-2026-33943
Happy DOM CVE-2026-33943 involves a code-injection vulnerability in the ECMAScriptModuleCompiler: in versions 15.10.0 through 20.8.7, unsanitized content within export { ... } in ES modules is interpolated into generated code as an executable expression, with backticks not removed, enabling templ...
CVE-2026-33940
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in resolvePartial and cause invokePartial to return undefined. The Handlebars runtime then treats the...
CVE-2026-33938 Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the @partial-block special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper...
CVE-2026-33938
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the @partial-block special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper...
CVE-2026-33938 Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the @partial-block special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper...
CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...
CVE-2026-33937
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...