CVE-2026-33937

CVE-2026-33937 affects Handlebars.js prior to 4.7.9, where Handlebars.compile() accepts a pre-parsed AST; the NumberLiteral.value is emitted into generated JS without quoting, enabling remote code execution if a crafted AST is supplied. Versions 4.0.0–4.7.8 are vulnerable; 4.7.9 fixes the issue. ...

PT-2023-16824 · Phpipam +1 · Phpipam +1

Name of the Vulnerable Software and Affected Versions: phpipam/phpipam versions prior to 1.5.2 Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs when an application stores user input and later displays it without proper validation, allowing an attacker to inject...