CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/03 7:16 p.m.•13 views

CVE-2026-8879

7.5CVSS0.00374EPSS

ATTACKERKB•added 2026/06/03 6:11 p.m.•6 views

CVE-2026-8879

CVE•added 2026/06/03 6:11 p.m.•10 views

Exploits0References2

CVE-2026-8879

CVE-2026-8879 affects Securly Chrome Extension v3.0.7. The vulnerability stems from dynamically registering content13.min.js as a content script at runtime via chrome.scripting.registerContentScripts(), a script not declared in manifest.json that bypasses the Chrome Web Store static security revi...

7.5CVSS5.8AI score0.00374EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/06/03 6:11 p.m.•36 views

CVE-2026-8879 CVE-2026-8879

0.00374EPSS

Vulnrichment•added 2026/06/03 6:11 p.m.•9 views

CVE-2026-8879 CVE-2026-8879

EUVD•added 2026/06/03 6:11 p.m.•11 views

EUVD-2026-34165

Positive Technologies•added 2026/06/03 12:0 a.m.•14 views

PT-2026-46051

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software dynamically registers content13.min.js as a content script at runtime using the chrome.scripting.registerContentScripts function. Because this script is not declared in the...

CNNVD•added 2026/06/03 12:0 a.m.•7 views

Exploits0References3

Securly Chrome Extension 安全漏洞

Securly Chrome Extension is a web filtering and student online security management browser extension developed by the American company Securly. Version 3.0.7 of Securly Chrome Extension contains a security vulnerability. This vulnerability stems from dynamic registration of content scripts, which...

7.5CVSS5.2AI score0.00374EPSS

RedhatCVE•added 2026/05/19 7:57 p.m.•9 views

CVE-2026-45243

Summarize prior to 0.15.1 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform unauthorized operations on automation artifacts. Attackers can simulate runtime messages with spoofed sender identifiers to list, read,...

Snyk•added 2026/05/18 9:50 p.m.•11 views

Exploits1References1

Missing Authorization

Overview @steipete/summarize is a Link → clean text → summary. Affected versions of this package are vulnerable to Missing Authorization via the window.postMessage bridge in the content script. An attacker can access, modify, or delete automation artifacts by sending crafted runtime messages with...

Github Security Blog•added 2026/05/18 9:31 p.m.•9 views

Exploits1References2

Summarize contains a missing authorization vulnerability

Summarize prior to 0.15.0 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform unauthorized operations on automation artifacts. Attackers can simulate runtime messages with spoofed sender identifiers to list, read,...

Exploits1References7Affected Software1

OSV•added 2026/05/18 9:31 p.m.•5 views

GHSA-5624-2PMV-JX46 Summarize contains a missing authorization vulnerability

NVD•added 2026/05/18 7:16 p.m.•12 views

Exploits1References7

CVE-2026-45243

6.1CVSS0.00195EPSS

Cvelist•added 2026/05/18 6:50 p.m.•39 views

CVE-2026-45243 Summarize < 0.15.1 Browser Extension Missing Authorization via Content Script

6.1CVSS0.00195EPSS

ATTACKERKB•added 2026/05/18 6:50 p.m.•6 views

CVE-2026-45243

CVE•added 2026/05/18 6:50 p.m.•17 views

Exploits1References5

CVE-2026-45243

CVE-2026-45243 affects the Summarize browser extension prior to v0.15.1. The root cause is a missing authorization in the content script bridge (window.postMessage), allowing malicious pages to perform unauthorized operations on automation artifacts within the affected tab by spoofing sender iden...

Exploits1References4Affected Software1

EUVD•added 2026/05/18 6:50 p.m.•13 views

EUVD-2026-30794

Vulnrichment•added 2026/05/18 6:50 p.m.•9 views

CVE-2026-45243 Summarize < 0.15.1 Browser Extension Missing Authorization via Content Script