CVE-2026-24737 jsPDF has a PDF Injection in AcroFormChoiceField which allows Arbitrary JavaScript Execution

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or...

CVE-2026-24737

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or...

CVE-2026-24737 jsPDF has a PDF Injection in AcroFormChoiceField which allows Arbitrary JavaScript Execution

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or...

CVE-2026-23997

CVE-2026-23997 is a Stored XSS in FacturaScripts’ Observations field rendered in the History view. The root cause is improper HTML entity encoding when displaying historical data, allowing an attacker to execute arbitrary JavaScript in an admin’s browser. Public docs (GitHub/GHSA advisories, Red ...

Improper Encoding or Escaping of Output

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, or AcroFormRadioButton.appearanceState...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, or AcroFormRadioButton.appearanceState functions. An attacker can execute arbitrary...

jsPDF has PDF Injection in AcroFormChoiceField that allows Arbitrary JavaScript Execution

Impact User control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as...

GHSA-PQXR-3G65-P328 jsPDF has PDF Injection in AcroFormChoiceField that allows Arbitrary JavaScript Execution

Impact User control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as...

Race Condition

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Race Condition in the addJS function due to the use of a shared module-scoped variable for storing JavaScript content. An attacker can cause sensitive data intended for one user to be...

Prototype Pollution

deepHas is vulnerable to Prototype Pollution. The vulnerability is due to unsafe handling of nested object keys, where attacker-controlled input can modify properties on JavaScript prototypes, allowing global object behavior to be altered in applications using deephas...

CVE-2025-7105 Denial of Service via JavaScript Memory Overflow in danny-avila/librechat

A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function in /api/convos/fork to fork numerous contents rapidly. If the forked content includes a Mermaid graph with a large number of nodes, it can lead to a JavaScript heap out of memory error upon service...

CVE-2025-7105

The CVE-2025-7105 entry concerns danny-avila/librechat where an unrestricted Fork Function at /api/convos/fork allows rapid forking of content. If a forked item contains a Mermaid graph with many nodes, a JavaScript heap out of memory error can occur on service restart, causing a Denial of Servic...

Denial Of Service (DoS)

Vault is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of complex JSON payloads caused by a regression that processes JSON requests before applying rate limits, which allows an attacker to exhaust resources and cause a denial of service...

jsPDF 竞争条件问题漏洞

jsPDF is a JavaScript-based PDF document generation library developed by Parallax. Versions of jsPDF prior to 4.1.0 contained a race condition vulnerability. This vulnerability stemmed from the use of shared module scope variables in the addJS method, which could lead to cross-user data leaks...

CVE-2025-70958

Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

PT-2026-6294

Name of the Vulnerable Software and Affected Versions Craft Commerce versions 4.0.0-RC1 through 4.10.0 Craft Commerce versions 5.0.0 through 5.5.1 Description Craft Commerce, an ecommerce platform for Craft CMS, contains a stored cross-site scripting XSS issue. The issue resides in the Shipping...

PT-2026-5750

Name of the Vulnerable Software and Affected Versions Craft Commerce versions 4.0.0-RC1 through 4.10.0 Craft Commerce versions 5.0.0 through 5.5.1 Description Craft Commerce, an ecommerce platform for Craft CMS, contains a stored cross-site scripting XSS issue. The issue stems from insufficient...

PT-2026-5721

Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.1.0 Description A flaw exists in jsPDF, a JavaScript library for generating PDFs, where user control over properties and methods within the Acroform module can lead to the injection of arbitrary PDF objects, including...

jsPDF 安全漏洞

jsPDF is a JavaScript-based PDF document generation library developed by Parallax. Versions of jsPDF prior to 4.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the properties and methods of the Acroform module, which allowed users to inject arbitrary PDF objects, such a...

PT-2026-5791

Уязвимость модуля Acroform прикладного программного интерфейса библиотеки для создания PDF-файлов jsPDF связана с неправильным кодированием или экранированием выходных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный JavaScript-код при...