CVE-2025-56590
An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to
CVSS
9.8
Critical
EPSS
0.5%
p39
KEV
—
Exploit Today
12
0-100
Published: Jan 22, 2026 · Last modified: Jul 5, 2026 · CWE-78
0.5%EPSS · 30 days0.5%
2026-06-302026-07-17
An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-341978.8 HIG99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability3dCVE-2024-121210.0 CRI99.9%
KEV—80Progress Kemp LoadMaster OS Command Injection Vulnerability5dCVE-2026-398089.8 CRI99.7%
KEV—80Fortinet FortiSandbox OS Command Injection Vulnerability1dCVE-2022-262589.8 CRI99.6%
KEV—80D-Link DIR-820L Remote Code Execution Vulnerability9dCVE-2026-422718.8 HIG99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability3dCVE-2021-252988.8 HIG99.5%
KEV—80Nagios XI OS Command Injection9d