nicolaasuni

7 exploits Active since Apr 2024
CVE-2024-32489 WRITEUP MEDIUM WRITEUP
TCPDF <6.7.4 - XSS
TCPDF before 6.7.4 mishandles calls that use HTML syntax.
CVSS 6.1
CVE-2024-56519 WRITEUP HIGH WRITEUP
TCPDF <6.8.0 - XSS
An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.
CVSS 7.5
CVE-2024-56520 WRITEUP HIGH WRITEUP
tc-lib-pdf-font <2.6.4 - Info Disclosure
An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed.
CVSS 7.3
CVE-2024-56520 WRITEUP HIGH WRITEUP
tc-lib-pdf-font <2.6.4 - Info Disclosure
An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed.
CVSS 7.3
CVE-2024-56521 WRITEUP CRITICAL WRITEUP
TCPDF <6.8.0 - Info Disclosure
An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.
CVSS 9.8
CVE-2024-56522 WRITEUP HIGH WRITEUP
TCPDF <6.8.0 - Code Injection
An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.
CVSS 7.5
CVE-2024-56527 WRITEUP HIGH WRITEUP
TCPDF <6.8.0 - XSS
An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.
CVSS 7.5