Every CVE whose affected-product data names Mpdf Project Mpdf, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2018-19047 — CVSS 10.0 (critical): mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img…
CVE-2019-1000005 — CVSS 8.8 (high): mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of…
CVE-2022-50897 — CVSS 5.5 (medium): mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file…