The Hacker News

Why Secrets in JavaScript Bundles are Still Being Missed

Scanning 5M apps uncovered 42K exposed secrets in JavaScript bundles, revealing major gaps in traditional SAST, DAST, and ...
CSO Online

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not properly validated.

Critical jsPDF flaw lets hackers steal secrets via generated PDFs

The jsPDF library for generating PDF documents in JavaScript applications is vulnerable to a critical vulnerability that allows an attacker to steal sensitive data from the local filesystem by ...