CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.08989EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 8:5 a.m.•3 views

CVE-2024-51058

Local File Inclusion LFI vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information...

6.2CVSS6.6AI score0.00049EPSS

Exploits0References1

Positive Technologies•added 2025/04/20 12:0 a.m.•5 views

PT-2025-08: Deserialization of untrusted data in TCPDF

This library has a class containing a POP Property Oriented Programming chain. When deserializing this class with certain values of some fields, an attacker can delete an arbitrary file from the system. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 20.04.2025...

8.8CVSS7.3AI score

Exploits0References1

Positive Technologies•added 2025/04/18 12:0 a.m.•4 views

PT-2025-29484 · Tecnick.Com · Tcpdf

Уязвимость PHP-библиотеки TCPDF связана с недостатками механизма десериализации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, оказать воздействие на целостность и доступность защищаемой информации...

9.7CVSS7.3AI score

Exploits0References2

Tenable Nessus•added 2025/04/16 12:0 a.m.•5 views

Fedora 41 : php-tcpdf (2025-85549e07c8)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-85549e07c8 advisory. Version 6.9.1 2025-04-03 - Fixed Path Traversal security vulnerability reported by Positive Technologies. ---- Version 6.9.0 2025-03-30 - Added PHP 8.4...

5.7AI score

Exploits0References1

Positive Technologies•added 2025/04/03 12:0 a.m.•7 views

PT-2025-07: Path Traversal in TCPDF

The vulnerability was identified in TCPDF, version 6.8.2. The application performs insufficient validation of user input data. Decoding user input allows an attacker to form a path to an arbitrary image on the server, access to which is not provided by the logic of the application, with subsequen...

8.7CVSS7.3AI score

Exploits0References1

Positive Technologies•added 2025/04/03 12:0 a.m.•3 views

PT-2025-09: Path Traversal in TCPDF

The application performs insufficient validation of relative paths when processing SVG image. Bypassing validation using the payload allows an attacker to form a path to an arbitrary image on the server, access to which is not provided by the logic of the application, with subsequent inclusion of...

8.7CVSS7.3AI score

Exploits0References1

RedhatCVE•added 2025/02/14 1:50 a.m.•8 views

CVE-2024-22641

TCPDF version 6.6.5 and before is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted SVG file...

7.5CVSS6.6AI score0.08989EPSS

Exploits1References1

Positive Technologies•added 2025/01/26 12:0 a.m.•3 views

PT-2025-02: Access to files or directories to external paties in TCPDF

The vulnerability was identified in TCPDF, version 6.8.0. The discovered vulnerability allows an attacker to transmit a specially created HTML file containing an image in Base64 format. Using the specified payload, the attacker can access an arbitrary image outside of the directory. Vulnerability...

6.9CVSS7.1AI score

Exploits0

Veracode•added 2025/01/08 1:50 a.m.•13 views

Unsafe SSL Verification

tecnickcom/tcpdf is vulnerable to Unsafe SSL verification. The vulnerability is due to improper handling of SSL verification settings in TCPDF when using libcurl, where CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely. It allows an attacker to perform a Man-in-the-Middle MitM attack...

9.8CVSS7AI score0.00253EPSS

Exploits0References5Affected Software1

Github Security Blog•added 2024/12/27 6:30 a.m.•23 views

TCPDF has incorrect comparison

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...

7.5CVSS6.8AI score0.00155EPSS

Exploits0References7Affected Software1

OSV•added 2024/12/27 6:15 a.m.•12 views

CVE-2024-56527

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

7.5CVSS6.7AI score0.00469EPSS

Exploits1References5

NVD•added 2024/12/27 6:15 a.m.•11 views

CVE-2024-56527

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

7.5CVSS0.00469EPSS

Exploits1References5

NVD•added 2024/12/27 5:15 a.m.•11 views

CVE-2024-56522

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...

7.5CVSS0.00155EPSS

Exploits0References5

OSV•added 2024/12/27 5:15 a.m.•10 views

CVE-2024-56519

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...

7.5CVSS6.7AI score

Exploits0References4

NVD•added 2024/12/27 5:15 a.m.•15 views

CVE-2024-56519

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...

7.5CVSS0.00166EPSS

Exploits0References4