Security Bulletin: curl vulnerability

Summary Prior versions of Classic Remote Capture may include this curl vulnerability. Vulnerability Details CVEID:CVE-2025-9086 DESCRIPTION: 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but...

CLSA-2026-1778843906 nginx: Fix of CVE-2026-42945

CVE-2026-42945: fix heap buffer overflow in ngxhttprewritemodule when an unnamed PCRE capture group with '?' in the replacement is followed by another rewrite, if, or set directive; clear stale isargs flag in regex end code to prevent buffer overrun and possible worker crash or code execution...

Windows Snipping Tool - NTLMv2 Hash Hijack

Exploit Title: Windows Snipping Tool - NTLMv2 Hash Hijack Date: 2026-04-22 Exploit Author: nu11secur1ty Video Demo: https://www.patreon.com/posts/cve-2026-33829-156243398 Vendor Homepage: https://www.microsoft.com Software Link: Built-in Windows Snipping Tool Version: Windows 10, Windows 11,...

Exploit for CVE-2026-42945

CVE-2026-42945 NGINX Rift - HTB-Ready Exploit Standalone ex...

Exploit for CVE-2026-42945

NGINX Rift Configuration Scanner Language: Chinese | English...

EUVD-2026-30180

SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials...

CVE-2026-32992

SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials...

CVE-2026-44439 LookyLoo - PlaywrightCapture permits access to local files and internal network resources during page capture

PlaywrightCapture is a simple replacement for splash using playwright. Prior to 1.39.6, PlaywrightCapture did not sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page could abuse browser-side redirection mechanisms, such as...

CVE-2026-44439

PlaywrightCapture is vulnerable prior to version 1.39.6: an attacker-controlled page could abuse browser redirect mechanisms (e.g., window.location.href) to cause the capture process to open file:// URLs or access resources at private/loopback/non-public IPs, enabling potential SSRF and leakage o...

CVE-2026-42945 NGINX ngx_http_rewrite_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression PCRE capture for example, $1, $2 with a replacement strin...

CVE-2026-28957

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...

Playwright Capture 代码问题漏洞

Playwright Capture is an open-source web capture tool based on Playwright developed by Lookyloo. Versions of Playwright Capture prior to 1.39.6 contained code vulnerabilities. These vulnerabilities stemmed from insufficient restrictions on navigation and resource requests initiated by rendered...

Exploit for Improper Input Validation in Microsoft

monikerlinktest cve-2024-21413 1. set up tun0 on router via o...

wafuzz

wafuzz — Web Pentesting Orchestrator Interactive CLI web secu...

EUVD-2026-29262

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...

CVE-2026-28957

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...

CVE-2026-28957

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...

CVE-2026-28957

CVE-2026-28957 concerns an issue where an app could access camera metadata, addressed by Apple with a fixes in iOS/iPadOS 18.7.9 and 26.5, and visionOS 26.5. Affected software includes iOS and iPadOS releases 18.7.9 and 26.5, plus visionOS 26.5; the underlying cause is improper handling of camera...

CVE-2026-28957

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...