CVE-2026-45244

Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

CVE-2026-45244

Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

CVE-2026-45246

CVE-2026-45246 describes an insecure file permission vulnerability in the refresh-free configuration rewrite path for versions prior to 0.15.1. When the path rewrites the configuration file, the replacement is created with default process umask permissions instead of preserving the original file ...

EUVD-2026-30795

Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

CVE-2026-45243

Summarize prior to 0.15.1 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform unauthorized operations on automation artifacts. Attackers can simulate runtime messages with spoofed sender identifiers to list, read,...

CLEANSTART-2026-RK40393 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33814 applied in versions: 0.15.1-r0, 0.16.1-r0

Multiple security vulnerabilities affect the haproxy-ingress package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-FA95643 Security fixes for CVE-2026-33814, CVE-2026-34986, CVE-2026-39883, CVE-2026-39984, ghsa-pmwq-pjrm-6p5r applied in versions: 0.15.1-r0

Multiple security vulnerabilities affect the policy-controller package. These issues are resolved in later releases. See references for individual vulnerability details...

Summarize 安全漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 contain security vulnerabilities. These vulnerabilities stem from a path traversal issue in the /v1/summarize daemon’s endpoints. This issue could allow authenticated users t...

CVE-2026-44700

Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in...

EUVD-2026-30486

Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in...

CLEANSTART-2026-FZ57809 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 0.15.1-r0

Multiple security vulnerabilities affect the haproxy-ingress package. These issues are resolved in later releases. See references for individual vulnerability details...

EUVD-2021-2061

Malware in sbrugna...

EUVD-2021-20274

Malware in sbrugna...

EUVD-2023-2392

Malicious code in bioql PyPI...

OPENSUSE-SU-2025:15539-1 python311-xmltodict-0.15.1-1.1 on GA media

These are all security issues fixed in the python311-xmltodict-0.15.1-1.1 package on the GA media of openSUSE Tumbleweed...

Linux Distros Unpatched Vulnerability : CVE-2023-38697

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension...

SUSE CVE-2025-24337

WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini...

Borsh serialization of HashMap is non-canonical

The borsh serialization of the HashMap did not follow the borsh specification. It potentially produced non-canonical encodings dependent on insertion order. It also did not perform canonicty checks on decoding. This can result in consensus splits and cause equivalent objects to be considered...

Arbitrary Command Injection

Overview deepspeed is a DeepSpeed library Affected versions of this package are vulnerable to Arbitrary Command Injection through the execution of unauthorized commands or code. An attacker can execute arbitrary code on the system by sending crafted inputs to the affected function. Remediation...

DeepSpeed < 0.15.1 Command Injection

The remote host contains a DeepSpeedserve version that is prior to 0.15.1. It is, therefore, affected by an arbitrary code execution vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...