2025年11月24日，广受欢迎的npm包md-to-pdf（每周下载量超47,000次的命令行工具）曝出高危漏洞（CVE-2025-65108）。该漏洞获得CVSS满分10分评级，攻击者可通过恶意前置元数据解析执行任意JavaScript代码。任何 ...

Now, the ability to turn off JavaScript in PDF documents is effortless to get done, though not as straightforward as we would like. That is because the ability to disable JavaScript is not available ...

A new vulnerability in PDF readers is being exploited by ne'er-do-wells - but this one doesn't require JavaScript to be enabled in order to take control of your PC ...