Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/05/11 9:31 p.m.1 views

GHSA-QP7V-GJGG-4MJ6 @steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

6.9CVSS5.8AI score0.0001EPSS
Exploits0References6
CVE
CVEadded 2026/05/11 6:0 p.m.4 views

CVE-2026-45222

CVE-2026-45222 affects Summarize up to version 0.14.1. The issue arises from daemon configuration directory/file permissions that may be world-readable on Unix-like systems, enabling a local attacker to read the daemon bearer token and stored provider credentials from ~/.summarize/daemon.json. Th...

6.9CVSS5.8AI score0.0001EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/05/11 12:0 a.m.3 views

Summarize 安全漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.14.1 contain security vulnerabilities. These vulnerabilities stem from the use of default file system permissions for the configuration directory and files of the daemon process. ...

6.9CVSS5.8AI score0.0001EPSS
Exploits0References1
OpenVAS
OpenVASadded 2026/03/09 12:0 a.m.0 views

SUSE: Security Advisory (SUSE-SU-2026:20585-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8AI score
Exploits0References6
OSV
OSVadded 2023/04/27 8:15 p.m.2 views

CVE-2022-37326

Docker Desktop for Windows before 4.6.0 allows attackers to delete or create any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation...

7.8CVSS5.8AI score
Exploits0References2
OSV
OSVadded 2023/04/27 8:15 p.m.1 views

CVE-2022-38730

Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in...

6.3CVSS5.8AI score0.00151EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2023/04/27 12:0 a.m.2 views

PT-2023-2593 · Docker · Docker Desktop For Windows

Name of the Vulnerable Software and Affected Versions: Docker Desktop for Windows versions prior to 4.6 Description: The issue is related to a race condition in the start function of the WindowsContainerStartRequest class in Docker Desktop for Windows, allowing an attacker to exploit a symlink...

7.5CVSS6.8AI score0.00151EPSS
Exploits0References7
Rows per page
Query Builder