PT-2025-136: Path Traversal in mPDF

The vulnerability was identified in mPDF, version 2.8.5. The application performs improper validation of data received from the user, which allows an attacker to read files stored on the server. Vulnerability status: Confirmed during research Date of vulnerability discovery: 11.04.2025...

jsPDF 安全漏洞

jsPDF is a JavaScript-based PDF document generation library from Parallax. A security vulnerability exists in jsPDF versions prior to 3.0.1, which stems from the first parameter of the addImage method being user-controlled, and could lead to CPU utilization and denial of service...

TCPDF 安全漏洞

TCPDF is an open source library from Tecnick. It is used to generate PDF documents and barcodes. A security vulnerability exists in TCPDF version 6.7.5, which stems from the inclusion of a local file inclusion vulnerability...

Command injection

The @diez/generation npm package is a client for Diez. The locateFont method of @diez/generation has a command injection vulnerability. Clients of the @diez/generation library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. This issue may lead...

UBUNTU-CVE-2017-6100

tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP...