Multiple Zero-Day Flaws in PDF Platforms Enable XSS and One-Click Attacks

16 zero-day security flaws found in Foxit and Apryse PDF platforms could lead to account takeover and RCE. Learn how AI identified these risks...

CVE-2025-56590

An issue was discovered in the InsertFromURL function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server...

CVE-2025-56590

An issue was discovered in the InsertFromURL function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server...

CVE-2025-56589

A Local File Inclusion LFI and a Server-Side Request Forgery SSRF vulnerability was found in the InsertFromHtmlString function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or...

CVE-2025-56590

An issue was discovered in the InsertFromURL function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server...

CVE-2025-56589

The CVE-2025-56589 entry concerns the Apryse HTML2PDF SDK (versions through 11.6.0) with a vulnerability in InsertFromHtmlString() leading to Local File Inclusion (LFI) and Server-Side Request Forgery (SSRF). The flaws could allow an attacker to read server-local files or trigger arbitrary HTTP r...

CVE-2025-56590

An issue was discovered in the InsertFromURL function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server...

CVE-2025-56589

A Local File Inclusion LFI and a Server-Side Request Forgery SSRF vulnerability was found in the InsertFromHtmlString function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or...

Apryse HTML2PDF SDK has security vulnerabilities

The Apryse HTML2PDF SDK is a file format conversion component developed by the American company Apryse. Versions of the Apryse HTML2PDF SDK 11.10 and earlier contained security vulnerabilities. These vulnerabilities stemmed from vulnerabilities in the InsertFromURL function, which could allow for...

PT-2026-3989

Name of the Vulnerable Software and Affected Versions Apryse HTML2PDF SDK versions through 11.6.0 Description A Local File Inclusion LFI and a Server-Side Request Forgery SSRF issue exists in the InsertFromHtmlString function. These issues could allow an attacker to read local files on the server...

CVE-2025-56590

CVE-2025-56590 affects the Apryse HTML2PDF SDK up to and including version 11.10, with a flaw in InsertFromURL() that could allow an attacker to execute arbitrary operating system commands on the local server. The issue is documented across multiple feeds (RH, NVD/NVD-entry, CVE lists) with consi...

CVE-2025-56589

A Local File Inclusion LFI and a Server-Side Request Forgery SSRF vulnerability was found in the InsertFromHtmlString function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or...

Apryse HTML2PDF SDK has security vulnerabilities

The Apryse HTML2PDF SDK is a file format conversion component developed by the American company Apryse. Versions of the Apryse HTML2PDF SDK 11.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the InsertFromHtmlString function, which had issues with local file...

EUVD-2025-5581

Malicious code in bioql PyPI...

EUVD-2024-43969

Malicious code in bioql PyPI...

EUVD-2023-58540

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-6298

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as problematic was found in Apryse iText 8.0.2. This vulnerability affects the function main of the file PdfDocument.java. The...

Linux Distros Unpatched Vulnerability : CVE-2023-6299

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1. This issue affects some unknown processing of the file...

CVE-2024-4327

A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to...

CVE-2023-6299

A vulnerability, which was classified as problematic, has been found in Apryse iText 8.0.1. This issue affects some unknown processing of the file PdfDocument.java of the component Reference Table Handler. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit ha...