CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51058
https://notcve.org/view.php?id=CVE-2024-51058
26 Nov 2024 — Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through <img> src tag, potentially exposing sensitive information. • https://github.com/saravana-hackz/vulnerability-research/tree/main/CVE-2024-51058 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2024-22640
https://notcve.org/view.php?id=CVE-2024-22640
19 Apr 2024 — TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color. La versión de TCPDF <= 6.6.5 es vulnerable a ReDoS (denegación de servicio de expresión regular) si se analiza una página HTML que no es de confianza con un color manipulado. • https://github.com/zunak/CVE-2024-22640 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32489
https://notcve.org/view.php?id=CVE-2024-32489
15 Apr 2024 — TCPDF before 6.7.4 mishandles calls that use HTML syntax. TCPDF anterior a 6.7.4 maneja mal las llamadas que usan sintaxis HTML. • https://github.com/tecnickcom/TCPDF/commit/51cd1b39de5643836e62661d162c472d63167df7 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6100
https://notcve.org/view.php?id=CVE-2017-6100
23 Feb 2017 — tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. tcpdf en versiones anteriores a 6.2.0 carga archivos desde el servidor generando archivos PDF a un FTP externo. • http://www.openwall.com/lists/oss-security/2017/02/19/1 • CWE-668: Exposure of Resource to Wrong Sphere •