20 matches found
DEBIAN-CVE-2026-33939
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...
CVE-2026-33939
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...
CVE-2026-33939
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...
Improper Check for Unusual or Exceptional Conditions
Overview org.webjars.npm:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions through the registerDecorator path in lib/handlebars/compiler/javascript-compiler.js. An attacker can...
PT-2026-28571
Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description Handlebars templates containing decorator syntax referencing an unregistered decorator e.g., n can cause a Denial of Service. The compiled template calls lookupPropertydecorators, "n", which...
EUVD-2022-2705
Malicious code in bioql PyPI...
Malicious code in try-catch-core-2 (npm)
The package try-catch-core-2 was found to contain malicious code...
MAL-2025-37242 Malicious code in try-catch-core-2 (npm)
The package try-catch-core-2 was found to contain malicious code...
smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables
Summary An attacker can send a maliciously crafted TOML to cause the parser to crash because of a stack overflow caused by a deeply nested inline structure. A similar problem occurs when attempting to stringify deeply nested objects. The library does not limit the maximum exploration depth while...
Microsoft Windows Defender Bypass - Detection Mitigation Bypass Vulnerability
Back in 2022, the researcher released a proof of concept to bypass the Backdoor:JS/Relvelshe.A detection in Windows Defender but it no longer works as it was mitigated. However, adding a simple javascript try catch error statement and eval'ing the hex string, it executes as of the time of this...
PT-2023-35550 · Git +1 · Php
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash, specifically a Segv on an unknown address, which occurs during the execution of certain functions, including cleanup liv...
Single Failure in claim() Reverts Entire Transaction
Lines of code Vulnerability details Impact When the claim function is called it calls internally initializeMarketsmsg.sender which then loops through the whole market and other functions involving the user passed as parameter, the problem is that if one single thing fails everything will fail and...
the getChainlinkPrice() function calling the latestRoundData without using the try/catch to avoid bad possible scenario
Lines of code Vulnerability details Impact Call to latestRoundData could potentially revert and make it impossible to query any prices. the getChainlinkPrice function should use try/catch to avoid the case of the getChainlinkPrice function revert and cause dos/block the system. Proof of Concept t...
Fallback oracle is unusable when primary oracle is not updated
Lines of code Vulnerability details Description Paraspace implemented their own Oracle wrapper in ParaSpaceOracle.sol. The important function getAssetPrice is used by many logic functions like health check. function getAssetPriceaddress asset public view override returns uint256 if asset ==...
XC20Wrapper may lost received token forever if LocalAsset(xc20).mint is reverted indefinitely
Lines of code Vulnerability details Impact XC20Wrapper may lost received token forever if LocalAssetxc20.mint is reverted indefinitely. Similar to ERC20, the spec said that if mitn returns false it means minting is failed. But it is commonly revert instead of returning false which is also a minti...
Uncaught Exception in bignum
All versions of the npm package bignum are vulnerable to Denial of Service DoS due to a type-check exception in V8. When verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks...
Approval is not reset if the call to IFulfillHelper fails
Handle pauliax Vulnerability details Impact Function fulfill first approves the callTo to transfer an amount of toSend tokens and tries to call IFulfillHelper but if the call fails it transfers these assets directly. However, in such case the approval is not reset so a malicous callTo can pull...
await vs return vs return await
When writing async functions, there are differences between await vs return vs return await, and picking the right one is important. Let's start with this async function: async function waitAndMaybeReject // Wait one second await new Promiser = setTimeoutr, 1000; // Toss a coin const isHeads =...
await vs return vs return await
When writing async functions, there are differences between await vs return vs return await, and picking the right one is important. Let's start with this async function: async function waitAndMaybeReject // Wait one second await new Promiser = setTimeoutr, 1000; // Toss a coin const isHeads =...
Recursive eval call causes confirm dialogs to evaluate to true — Mozilla
Security researcher Zach Hoffman reported that a recursive call to eval wrapped in a try/catch statement places the browser into a inconsistent state. Any dialog box opened in this state is displayed without text and with non-functioning buttons. Closing the window causes the dialog to evaluate t...