LimeSurvey versions prior to 3.16 suffer from a deserialization remote code execution vulnerability.
5f22a64f3b0f495802f3ff1d9275d03518b89fed4059b298e7a3fd25f0eaff0b
TCPDF versions 6.2.19 and below suffer from a deserialization vulnerability that can allow for remote code execution.
c4935b1bec468d4305cf1499300d42f521083fed9900cd9b61485ae84fe7a467