NotificationX WordPress WooCommerce Plugin Vulnerabilities Impact 40k Sites

An advisory was issued for a WordPress plugin vulnerability that can enable unauthenticated attackers to inject malicious ...
The Hacker News

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized ...
The Hacker News

Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow

Node.js released updates fixing a critical DoS flaw caused by async_hooks stack crashes, tracked as CVE-2025-59466, impacting ...
SecurityWeek

Critical Vulnerability Patched in jsPDF

A jsPDF vulnerability tracked as CVE-2025-68428 could allow attackers to read arbitrary files, exposing configurations and ...
CSO Online

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not properly validated.

MESCIUS USA Introduces an AI Assistant Add-on for SpreadJS Product Line

"SpreadJS v19 brings a helpful AI Assistant to JavaScript spreadsheets that can create or explain formulas, generate or analyze PivotTables, and even do things like translation right within cells," ...

Critical jsPDF flaw lets hackers steal secrets via generated PDFs

The jsPDF library for generating PDF documents in JavaScript applications is vulnerable to a critical vulnerability that allows an attacker to steal sensitive data from the local filesystem by ...