PatchSiren

parallax CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH parallax CVE published 2026-02-02

CVE-2026-24737

The CVE-2026-24737 vulnerability is a high-severity issue in the jsPDF library, which allows users to inject arbitrary PDF objects, such as JavaScript actions, when given the possibility to pass unsanitized input to certain methods or properties of the Acroform module. This can occur when a user has the ability to pass unsanitized input to one of the following methods or properties: AcroformChoiceField.ad [truncated]

CRITICAL parallax CVE published 2026-01-05

CVE-2025-68428

CVE-2025-68428 is a critical vulnerability in jsPDF, a JavaScript library used for generating PDFs. Prior to version 4.0.0, the library's node.js build allows user control of the first argument of the loadFile method, enabling local file inclusion and path traversal attacks. This could allow an attacker to retrieve file contents of arbitrary files in the local file system where the node process is running [truncated]