A serious security flaw in jsPDF, a widely used JavaScript library for generating PDFs in web browsers, puts millions of developers and their users at risk. CVE-2026-25755 allows attackers to perform PDF Object Injection through the library’s addJS method. This vulnerability affects countless web applications that rely on jsPDF to create dynamic PDF documents from […]

The post jsPDF Flaw Exposes Millions of Developers to Object Injection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hewlett Packard Enterprise (HPE) has issued a security bulletin warning customers of a serious vulnerability in its Telco Service Activator product that could allow attackers to remotely bypass access restrictions. The vulnerability, identified as CVE-2025-12543, carries a CVSS base score of 9.6 (Critical) and affects versions prior to 10.5.0. This improper input validation could enable attackers to manipulate the server’s handling […]

The post HPE Telco Service Activator Vulnerability Allows Attackers to Bypass Access Controls appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A cache deception vulnerability in SvelteKit apps deployed on Vercel exposes sensitive user data to attackers. The flaw allows publicly cached responses to be authenticated. SvelteKit, a full-stack JavaScript framework, often pairs with Vercel for deployment. The issue stems from the Vercel adapter in SvelteKit, where the __pathname query parameter overrides the request path without any checks. […]

The post Cache Deception Flaw in SvelteKit And Vercel Stack Exposes User Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.