Skip to main content

Tcpdf

10 CVEs product

Monthly

CVE-2024-56527 PHP HIGH POC PATCH This Week

An issue was discovered in TCPDF before 6.8.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Tcpdf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-56522 PHP HIGH PATCH This Week

An issue was discovered in TCPDF before 6.8.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Information Disclosure Memory Corruption Tcpdf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-56521 PHP CRITICAL PATCH Act Now

An issue was discovered in TCPDF before 6.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tcpdf
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-56519 PHP HIGH PATCH This Week

An issue was discovered in TCPDF before 6.8.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tcpdf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-51058 PHP MEDIUM PATCH This Month

Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Path Traversal Information Disclosure Tcpdf
NVD GitHub
CVSS 3.1
6.2
EPSS
0.8%
CVE-2024-22641 HIGH POC This Week

TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service File Upload Tcpdf
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-22640 PHP HIGH POC PATCH This Week

TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tcpdf Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-32489 PHP MEDIUM PATCH This Month

TCPDF before 6.7.4 mishandles calls that use HTML syntax. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Tcpdf
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2018-17057 PHP CRITICAL POC PATCH THREAT Act Now

An issue was discovered in TCPDF before 6.2.22. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Tcpdf Limesurvey
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
26.2%
CVE-2017-6100 HIGH PATCH This Week

tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Tcpdf
NVD
CVSS 3.0
7.5
EPSS
0.3%
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in TCPDF before 6.8.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Tcpdf
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in TCPDF before 6.8.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Information Disclosure Memory Corruption Tcpdf
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in TCPDF before 6.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tcpdf
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in TCPDF before 6.8.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tcpdf
NVD GitHub
EPSS 1% CVSS 6.2
MEDIUM PATCH This Month

Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Path Traversal Information Disclosure Tcpdf
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service File Upload Tcpdf
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tcpdf Fedora
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

TCPDF before 6.7.4 mishandles calls that use HTML syntax. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Tcpdf
NVD GitHub
EPSS 26% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

An issue was discovered in TCPDF before 6.2.22. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Tcpdf Limesurvey
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Tcpdf
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy