🟠 CVE-2026-33287 - High (7.5)

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the `replace_first` filter in LiquidJS uses JavaScript's `String.prototype.replace()` which interprets `$&` as a back reference to the ma...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33287/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack