7 matches found
Exploit for Improper Encoding or Escaping of Output in Parall Jspdf
CVE-2026-25940 jsPDF PoC A proof-of-concept for CVE-2026-2594...
CVE-2026-25940 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards, opensearch-dashboards-fips...
360shitu (=0.1.0), @0soft/zero-material-ui (>=0.0.1 <=0.0.25) +2560 more potentially affected by CVE-2026-25940 via jspdf (>=1.0.272 <=4.1.0)
jspdf NPM version =1.0.272, =0.0.1, =1.0.0, =1.0.162, =1.0.0, =1.10.7, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =0.0.6-alpha-20250721082600-ce7ebb6451f30eea451674d42a9ab1b32b0d5c66, =1.0.0, =1.1.3 and more Source cves: CVE-2026-25940 Source advisory: OSV:GHSA-P5XG-68WR-HM3M...
@armco/armory-react-components (>=0.0.23 <=0.0.43), @armco/svg-canvas (>=0.1.2 <=0.1.3) +10 more potentially affected by CVE-2026-25940 via jspdf (>=4.0.0 <=4.1.0)
jspdf NPM version =4.0.0, =0.0.23, =0.1.2, =1.0.8, =1.4.0, =0.5.129, =0.112.0-79, =0.111.0-7, =0.111.0-7, =0.111.0-7, =4.4.0, =4.4.1 - svgedit =7.4.1 Source cves: CVE-2026-25940 Source advisory: SNYK:JS-JSPDF-15322684...
CVE-2026-25940
creationtimestamp| type| source ---|---|--- 2026-02-19 16:30:19+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mf7zczbkxv2o 2026-02-19 16:30:21+00:00| seen| https://infosec.exchange/users/offseq/statuses/116098244070941374 2026-02-19 16:31:25+00:00| seen|...
CVE-2026-25940
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following property, a user ca...
CVE-2026-25940 jsPDF's PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property)
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following property, a user ca...