WordPress Image Hover Ultimate - Unauthenticated Settings Update

Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate versions = 9.6.1 WordPress plugin. id: CVE-2021-36888 info: name: WordPress Image Hover Ultimate - Unauthenticated Settings Update author: riteshs4hu severity:...

EUVD-2026-33279

A stored Cross-Site Scripting XSS vulnerability exists in the Projects component of Mautic 7. When displaying project tags and popovers on administrative detail views such as campaigns, emails, or forms, user-supplied project names are rendered without proper sanitization. An authenticated user...

Server-side Request Forgery (SSRF)

Overview @steipete/summarize is a Link → clean text → summary. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the hover summary process. An attacker can cause authenticated requests to be sent to internal or private-network endpoints by dispatching...

Summarize's hover summary feature allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links

Summarize prior to 0.15.0 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

GHSA-2R69-QGV3-HR65 Summarize's hover summary feature allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links

Summarize prior to 0.15.0 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

CVE-2026-45245

Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

CVE-2026-45245 Summarize < 0.15.1 Unauthorized Daemon Request via Untrusted Events

Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

EUVD-2026-30795

Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

CVE-2026-45245 Summarize < 0.15.1 Unauthorized Daemon Request via Untrusted Events

Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

CVE-2026-45245

CVE-2026-45245 affects the Summarize extension prior to 0.15.1. A vulnerability in the hover summary feature lets malicious pages dispatch synthetic mouseover events on attacker‑controlled links, causing the extension to issue authenticated daemon requests using stored tokens without verifying ev...

CVE-2026-45245

Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

Summarize 代码问题漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 have code vulnerabilities. These vulnerabilities stem from issues with the hover summary feature, which may allow malicious pages to assign synthetic mouse hover events on...

PT-2026-41724

Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1 Description The hover summary feature allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links. This causes the extension to make authenticated daemon requests using stored...

EUVD-2026-30231

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the menuhoverclick parameter of the Navigation Menu Lite widget in all versions up to, and including, 6.4.11 due to...

WordPress plugin The Plus Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

b2aiprep (>=0.19.0 <=3.2.0), capstone-text-mining (>=0.0.6 <=0.1.2) +3 more potentially affected by CVE-2026-31224 via snorkel (=0.10.0)

snorkel PYPI version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on snorkel and may be impacted: - b2aiprep =0.19.0, =0.0.6, =0.1.1, =0.1.0, =0.0.0, =1.3.1a1 Source cves: CVE-2026-31224 Source advisory: OSV:GHSA-GPX5-7XM4-229W...

b2aiprep (>=0.19.0 <=3.2.0), capstone-text-mining (>=0.0.6 <=0.1.2) +3 more potentially affected by CVE-2026-31223 via snorkel (=0.10.0)

snorkel PYPI version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on snorkel and may be impacted: - b2aiprep =0.19.0, =0.0.6, =0.1.1, =0.1.0, =0.0.0, =1.3.1a1 Source cves: CVE-2026-31223 Source advisory: OSV:GHSA-FQ92-QC8F-482V...

b2aiprep (>=0.19.0 <=3.2.0), capstone-text-mining (>=0.0.6 <=0.1.2) +3 more potentially affected by CVE-2026-31222 via snorkel (=0.10.0)

snorkel PYPI version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on snorkel and may be impacted: - b2aiprep =0.19.0, =0.0.6, =0.1.1, =0.1.0, =0.0.0, =1.3.1a1 Source cves: CVE-2026-31222 Source advisory: OSV:GHSA-78CP-F66X-QMH5...

Astra Linux - уязвимость в thunderbird

When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is displayed when the mouse hovers over any attachment. Although the correct link is used upon clicking, the misleading hover text may lead users to download conten...

Cross-site Scripting (XSS)

Overview home-assistant-frontend is a The Home Assistant frontend Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of device entity names within the map-card component when the hourstoshow attribute is set. An attacker can execute arbitrary JavaScript ...