EUVD-2026-39976

RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...

Malicious code in sysau (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b9246e768a775d54485e7208d0ed4fc575af09bc78c3fde95c5cb24ebc2350d Package advertises itself as a 'System binary configuration tool' but ships pointer.py spawned by index.js which hardcodes...

MAL-2026-5615 Malicious code in sysau (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b9246e768a775d54485e7208d0ed4fc575af09bc78c3fde95c5cb24ebc2350d Package advertises itself as a 'System binary configuration tool' but ships pointer.py spawned by index.js which hardcodes...

Malicious code in sysnu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eac9873e59ffdf79c56fd4f9366b56e0532f87dc00c4380fae18d714785b0bc8 On require / CLI invocation, sysnu performs two install-time-equivalent actions on Windows hosts. First, if python is not on PATH, index.js lines 42-...

MAL-2026-5617 Malicious code in sysnu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eac9873e59ffdf79c56fd4f9366b56e0532f87dc00c4380fae18d714785b0bc8 On require / CLI invocation, sysnu performs two install-time-equivalent actions on Windows hosts. First, if python is not on PATH, index.js lines 42-...

📄 dcontrol 1.0.9 Screen Capture

The script is a fully featured remote screen-capture client targeting an exposed WebSocket service /ws associated with a dcontrol deployment. It includes capabilities that move beyond diagnostic or administrative testing into active surveillance and unauthorized access workflows. Version 1.0.9 is...

Malicious code in sysnode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1f5d271eb72dffa8868b2701aeb4aa7799ee9d7294f342e14682b6675114077 Package self-describes as a 'System binary configuration tool' but on invocation CLI/bin entry or require it silently bootstraps a full surveillance...

MAL-2026-4678 Malicious code in sysnode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1f5d271eb72dffa8868b2701aeb4aa7799ee9d7294f342e14682b6675114077 Package self-describes as a 'System binary configuration tool' but on invocation CLI/bin entry or require it silently bootstraps a full surveillance...

Malicious code in carvus-lens (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be2182b552b0a8359f3314078d48310cfcd57738e1934aacf00ac8775a32cfe0 carvus-lens is a screen-capture/OCR Electron-style tool whose advertised 'Ask AI', 'Translate', and 'Search' features silently route user-selected...

CVE-2026-28957

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...

EUVD-2026-29262

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...

CVE-2026-28957

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...

CVE-2026-28957

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...

CVE-2026-28957

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...

CVE-2026-28957

CVE-2026-28957 concerns an issue where an app could access camera metadata, addressed by Apple with a fixes in iOS/iPadOS 18.7.9 and 26.5, and visionOS 26.5. Affected software includes iOS and iPadOS releases 18.7.9 and 26.5, plus visionOS 26.5; the underlying cause is improper handling of camera...

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

PT-2026-39805

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...

Malicious code in bxiucnxcb (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 136aa3924314879404ede1d7153b71b042b3fa55468f0aa1c534e6a18b79e37c During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

📄 dcontrol 1.0.9 Remote Screen Capture

dcontrol version 1.0.9 suffers from an unauthenticated remote screen capture vulnerability via the WebSocket endpoint at /ws. The application allows any client to connect to the WebSocket without authentication and request screenshots of the target system's display by sending a "screen" message...

📄 Remote Sunrise Helper for Windows 2026.14 Live Screen Capture

Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated live screen capture vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated Live Screen Capture Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...