Cross-Site Scripting (XSS)

tecnickcom/tcpdf is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the Error function lacking an htmlspecialchars call for the error message, which allows an attacker to inject malicious scripts into the error message...

Local File Inclusion (LFI)

tecnickcom/tcpdf is vulnerable to Local File Inclusion LFI. The vulnerability is due to inadequate validation of user-supplied input in the src tag, allowing a user to read arbitrary files from the server's file system and potentially expose sensitive information...