2172 matches found
CVE-2026-33939
A flaw was found in Handlebars.js. A remote attacker can exploit this by submitting a malformed Handlebars template that includes decorator syntax referencing an unregistered decorator. When the application attempts to compile this template without proper error handling, it triggers an unhandled...
SUSE CVE-2026-33747
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...
Linux Distros Unpatched Vulnerability : CVE-2026-33937
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST obje...
CVE-2026-33939
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...
DEBIAN-CVE-2026-33939
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...
CVE-2026-33939
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...
UBUNTU-CVE-2026-33939
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...
UBUNTU-CVE-2026-33937
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...
CVE-2026-33939
Summary: CVE-2026-33939 affects Handlebars 4.0.0–4.7.8, where a template using decorator syntax referencing an unregistered decorator (e.g. {{*n}}) causes the runtime to call an undefined value as a function, leading to an unhandled TypeError and a potential single-request DoS. The issue is fixed...
CVE-2026-33939
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...
CVE-2026-33939
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...
CVE-2026-33939 Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...
CVE-2026-33939 Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...
CVE-2026-33939 Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...
CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...
CVE-2026-33937
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...
CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...
EUVD-2026-16860
Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial...
EUVD-2026-16858
Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation...
EUVD-2026-16849
Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block...