CVE-2026-41512

ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in BrowserAutomation::PlaywrightService. This issue has been patched in version 1.4.1...

GHSA-67GQ-6Q8C-QQH6 Summarize contains a missing authorization vulnerability

Summarize prior to 0.15.0 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

Summarize contains a missing authorization vulnerability

Summarize prior to 0.15.0 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

CVE-2026-45244

Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

CVE-2026-45244 Summarize < 0.15.1 Unapproved Browser Automation Execution

Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

CVE-2026-45244

CVE-2026-45244 affects the Summarize extension prior to version 0.15.1 . The vulnerability is a missing authorization flaw that lets attackers execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent via ...

CVE-2026-45244 Summarize < 0.15.1 Unapproved Browser Automation Execution

Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

EUVD-2026-30796

Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

CVE-2026-45244

Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

Summarize 安全漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 contain security vulnerabilities. These vulnerabilities stem from an issue with authorization deficiencies, which could allow attackers to execute browser automation operatio...

PT-2026-41723

Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1 Description A missing authorization issue allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. By using malicious page or...

Missing Authentication for Critical Function

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

Cybercriminals Can Now Clone Any Brand's Site in Minutes Using Darcula PhaaS v3

The threat actors behind the Darcula phishing-as-a-service PhaaS platform appear to be readying a new version that allows prospective customers and cyber crooks to clone any brand's legitimate website and create a phishing version, further bringing down the technical expertise required to pull of...

[SECURITY] Fedora 36 Update: golang-github-chromedp-0.8.1-2.fc36

A faster, simpler way to drive browsers supporting the Chrome DevTools Protocol...

Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities

Cybersecurity researchers are calling attention to a free-to-use browser automation framework that's being increasingly used by threat actors as part of their attack campaigns. "The framework contains numerous features which we assess may be utilized in the enablement of malicious activities,"...

WordPress Social Warfare 3.5.2 Remote Code Execution

Author = Raed Ahsan Creation Date = 24/07/2021 Vulnerability : SocialWarfare 3.5.2 plugin wordpress Remote Code Execution Linkedin = https://linkedin.com/in/raed-ahsan/ import socket import requests import subprocess import time import pyautogui print"Start your python SimpleHTTPServer on port 12...

Spotweb 1.4.9 - DOM Based Cross-Site Scripting Vulnerability

Exploit Title: Spotweb 1.4.9 - DOM Based Cross-Site Scripting XSS Exploit Author: @nu11secur1ty Software Link: https://github.com/spotweb/spotweb Proof: https://streamable.com/hix5o1 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty from selenium import webdriver import time import os, sy...

in seleniumhq/selenium

Description Selenium is an umbrella project encapsulating a variety of tools and libraries enabling web browser automation. Selenium specifically provides infrastructure for the W3C WebDriver specification — a platform and language-neutral coding interface compatible with all major web browsers...

Selenium Server 未授权访问漏洞

1.开篇 不知道大家在平日工作中有没有遇到过一些端口，使用浏览器打开是下面这样子的： 上图中我找了几个在不同端口下的例子。 2.Selenium-开源的自动化测试利器 本篇主要的主角-Selenium究竟是什么呢？有过QA经验或安全自动化测试经验的朋友应该知道，以下文字来自百度百科：Selenium1 是一个用于Web应用程序测试的工具。Selenium测试直接运行在浏览器中，就像真正的用户在操作一样。支持的浏览器包括IE（7, 8, 9, 10, 11），Mozilla Firefox，Safari，Google Chrome，Opera等。支持自动录制动作和自动生成...

uncaptcha - Defeating Google's audio reCaptcha with 85% accuracy

Defeating Google's audio reCaptcha system with 85% accuracy. Inspiration Across the Internet, hundreds of thousands of sites rely on Google's reCaptcha system for defense against bots in fact, Devpost uses reCaptcha when creating a new account. After a Google research team demonstrated a near...