CVE-2026-45243 Summarize < 0.15.1 Browser Extension Missing Authorization via Content Script

Summarize prior to 0.15.1 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform unauthorized operations on automation artifacts. Attackers can simulate runtime messages with spoofed sender identifiers to list, read,...

CVE-2026-2345 Insufficient Origin Validation in Proctorio Chrome Extension postMessage Handlers

Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener'message', ... handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on...

EUVD-2007-2693

Malware in sbrugna...

Design/Logic Flaw

The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and "send unauthorized messages to a protected...

CVE-2007-2701

The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and "send unauthorized messages to a protected...

CVE-2007-2701

Technical details about CVE-2007-2701 are not publicly provided in the supplied documents. No concrete affected products, versions, or remediations are confirmed here. Monitor for updates as new information may emerge.