Lucene search
K

16 matches found

Github Security Blog
Github Security Blog
added 2026/05/18 9:31 p.m.7 views

Summarize contains a missing authorization vulnerability

Summarize prior to 0.15.0 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

5.4CVSS5.9AI score0.00027EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/05/18 9:31 p.m.4 views

GHSA-67GQ-6Q8C-QQH6 Summarize contains a missing authorization vulnerability

Summarize prior to 0.15.0 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

5.4CVSS5.9AI score0.00027EPSS
Exploits1References7
NVD
NVD
added 2026/05/18 8:16 p.m.7 views

CVE-2026-45244

Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

5.4CVSS0.00027EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/18 6:57 p.m.23 views

CVE-2026-45244 Summarize < 0.15.1 Unapproved Browser Automation Execution

Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

5.4CVSS0.00027EPSS
Exploits1References4
CVE
CVE
added 2026/05/18 6:57 p.m.12 views

CVE-2026-45244

CVE-2026-45244 affects the Summarize extension prior to version 0.15.1 . The vulnerability is a missing authorization flaw that lets attackers execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent via ...

5.4CVSS5.9AI score0.00027EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/05/18 6:57 p.m.14 views

EUVD-2026-30796

Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

5.4CVSS5.9AI score0.00027EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/18 6:57 p.m.6 views

CVE-2026-45244

Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

5.4CVSS5.9AI score0.00027EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/05/18 6:57 p.m.10 views

CVE-2026-45244 Summarize < 0.15.1 Unapproved Browser Automation Execution

Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

5.4CVSS5.9AI score0.00027EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.14 views

PT-2026-41723

Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1 Description A missing authorization issue allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. By using malicious page or...

5.4CVSS5.9AI score0.00027EPSS
Exploits1References7
Snyk
Snyk
added 2026/04/10 7:32 p.m.1 views

Missing Authentication for Critical Function

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

9.3CVSS5.8AI score0.00073EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2025/02/21 1:3 p.m.24 views

Cybercriminals Can Now Clone Any Brand's Site in Minutes Using Darcula PhaaS v3

The threat actors behind the Darcula phishing-as-a-service PhaaS platform appear to be readying a new version that allows prospective customers and cyber crooks to clone any brand's legitimate website and create a phishing version, further bringing down the technical expertise required to pull of...

7AI score
Exploits0
Fedora
Fedora
added 2022/07/13 2:0 a.m.22 views

[SECURITY] Fedora 36 Update: golang-github-chromedp-0.8.1-2.fc36

A faster, simpler way to drive browsers supporting the Chrome DevTools Protocol...

9.3CVSS3.2AI score0.00963EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/07/27 12:0 a.m.408 views

WordPress Social Warfare 3.5.2 Remote Code Execution

Author = Raed Ahsan Creation Date = 24/07/2021 Vulnerability : SocialWarfare 3.5.2 plugin wordpress Remote Code Execution Linkedin = https://linkedin.com/in/raed-ahsan/ import socket import requests import subprocess import time import pyautogui print"Start your python SimpleHTTPServer on port 12...

4.3CVSS0.4AI score0.88711EPSS
Exploits18
0day.today
0day.today
added 2021/05/21 12:0 a.m.15 views

Spotweb 1.4.9 - DOM Based Cross-Site Scripting Vulnerability

Exploit Title: Spotweb 1.4.9 - DOM Based Cross-Site Scripting XSS Exploit Author: @nu11secur1ty Software Link: https://github.com/spotweb/spotweb Proof: https://streamable.com/hix5o1 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty from selenium import webdriver import time import os, sy...

7.4AI score
Exploits0
n0where
n0where
added 2017/11/23 8:25 p.m.27 views

Web Privacy Measurement Framework: OpenWPM

Web Privacy Measurement is the observation of websites and serves to detect, characterize and quantify privacy-impacting behaviors. Applications of Web Privacy Measurement include the detection of price discrimination, targeted news articles and new forms of browser fingerprinting. Although...

7.5AI score
Exploits0References2
n0where
n0where
added 2017/10/28 6:27 p.m.33 views

Low Resource Defeat of reCaptcha’s Audio Challenge: unCaptcha

Across the Internet, hundreds of thousands of sites rely on Google’s reCaptcha system for defense against bots in fact, Devpost uses reCaptcha when creating a new account. After a Google research team demonstrated a near complete defeat of the text reCaptcha in 2012, the reCaptcha system evolved ...

0.1AI score
Exploits0References1
Rows per page
Query Builder