📄 Web‑Check 1 Command Injection

A command injection vulnerability was identified in the Web‑Check application's /api/screenshot endpoint. The issue stems from the backend function that spawns a Chromium screenshot process using childprocess.exec with user‑controlled input passed via the url query parameter. Because the input wa...

Crawl4AI Has Local File Inclusion in Docker API via file:// URLs

A local file inclusion vulnerability exists in the Crawl4AI Docker API. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing attackers to read arbitrary files from the server filesystem. Attack Vector: json POST /executejs "url": "file:///etc/passwd", "scripts":...

glpi-inventory-plugin 安全漏洞

glpi-inventory-plugin is a GLPI open source GLPI inventory plugin. A security vulnerability exists in glpi-inventory-plugin versions prior to 2.0.2, which stems from a file disclosure vulnerability in the /ajax/screenshot.php endpoint...

📄 Remote for Windows 2024.15 Unauthenticated Desktop Screenshot Capture

Remote for Windows version 2024.15 suffers from a missing authentication vulnerability that allows for the disclosure of desktop screenshots. Exploit Title: Remote for Windows 2024.15 - Unauthenticated Desktop Screenshot Capture Date: 2025-05-19 Exploit Author: Chokri Hammedi Vendor Homepage:...