Information security
fromBleepingComputer
3 weeks agoCritical jsPDF flaw lets hackers steal secrets via generated PDFs
Critical LFI/path traversal in jsPDF (<4.0) allows attacker-controlled paths in Node.js builds to include local filesystem data into generated PDFs (CVE-2025-68428).