Filtered by vendor Tcpdf Project
Subscriptions
Filtered by product Tcpdf
Subscriptions
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56521 | 1 Tcpdf Project | 1 Tcpdf | 2025-04-21 | 9.8 Critical |
| An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely. | ||||
| CVE-2024-56519 | 1 Tcpdf Project | 1 Tcpdf | 2025-04-21 | 7.5 High |
| An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. | ||||
| CVE-2017-6100 | 1 Tcpdf Project | 1 Tcpdf | 2025-04-20 | N/A |
| tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. | ||||
| CVE-2024-56527 | 1 Tcpdf Project | 1 Tcpdf | 2025-04-17 | 7.5 High |
| An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message. | ||||
| CVE-2024-56522 | 1 Tcpdf Project | 1 Tcpdf | 2025-04-17 | 7.5 High |
| An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes. | ||||
| CVE-2024-22641 | 1 Tcpdf Project | 1 Tcpdf | 2025-02-13 | 7.5 High |
| TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file. | ||||
| CVE-2024-51058 | 1 Tcpdf Project | 1 Tcpdf | 2024-11-26 | 6.2 Medium |
| Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through <img> src tag, potentially exposing sensitive information. | ||||
Page 1 of 1.