Lucene search
K

47 matches found

CVE
CVE
added 2026/06/24 6:0 a.m.13 views

CVE-2026-10531

The CVE describes Stored XSS in the WordPress plugin “AI Share & Summarize” prior to version 2.0.4. The root cause is insufficient sanitisation/escaping of shortcode attributes (notably title_style) before output, enabling users with the Contributor role or higher to inject scripts on pages. Affe...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.13 views

Summarize 安全漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.17.0 contain security vulnerabilities. These vulnerabilities stem from resource exhaustion. A remote attacker can exploit these vulnerabilities by bypassing the mandatory size lim...

5.3CVSS5.5AI score0.00329EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/18 9:55 p.m.16 views

Missing Authorization

Overview @steipete/summarize is a Link → clean text → summary. Affected versions of this package are vulnerable to Missing Authorization via the extension automation feature. An attacker can perform unauthorized browser automation actions by tricking a user into interacting with attacker-controll...

5.4CVSS5.8AI score0.00227EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/18 9:50 p.m.13 views

Missing Authorization

Overview @steipete/summarize is a Link → clean text → summary. Affected versions of this package are vulnerable to Missing Authorization via the slidesDir parameter in the /v1/summarize endpoint. An attacker can write arbitrary files, such as slide.png and slides.json, to any writable directory a...

7.1CVSS5.9AI score0.00396EPSS
Exploits1References2
OSV
OSV
added 2026/05/18 9:31 p.m.10 views

GHSA-67GQ-6Q8C-QQH6 Summarize contains a missing authorization vulnerability

Summarize prior to 0.15.0 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

5.4CVSS5.9AI score0.00227EPSS
Exploits1References7
OSV
OSV
added 2026/05/18 9:31 p.m.8 views

GHSA-8JR4-6R33-PHWM Summarize contains a path traversal vulnerability

Summarize prior to 0.15.0 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit...

7.1CVSS5.9AI score0.00396EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 p.m.11 views

Summarize contains a path traversal vulnerability

Summarize prior to 0.15.0 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit...

7.1CVSS5.9AI score0.00396EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2026/05/18 7:16 p.m.18 views

CVE-2026-45242

Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit...

7.1CVSS0.00396EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/18 6:52 p.m.10 views

CVE-2026-45242 Summarize < 0.15.1 Path Traversal via slidesDir Parameter

Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit...

7.1CVSS5.9AI score0.00396EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/18 6:52 p.m.7 views

CVE-2026-45242

Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit...

7.1CVSS5.9AI score0.00396EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/05/18 6:52 p.m.44 views

CVE-2026-45242 Summarize < 0.15.1 Path Traversal via slidesDir Parameter

Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit...

7.1CVSS0.00396EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/18 6:52 p.m.13 views

EUVD-2026-30797

Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit...

7.1CVSS5.9AI score0.00396EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.11 views

PT-2026-41719

Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1 Description A path traversal issue exists in the '/v1/summarize' daemon endpoint. Authenticated users can write files to arbitrary directories by providing an absolute path or directory traversal sequence in...

7.1CVSS5.9AI score0.00396EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.9 views

Summarize 安全漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 contain security vulnerabilities. These vulnerabilities stem from insecure file permissions in the configuration rewritepath without refreshing, allowing local users to acces...

6.8CVSS5.8AI score0.00137EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.9 views

Summarize 安全漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 contain security vulnerabilities. These vulnerabilities stem from a path traversal issue in the /v1/summarize daemon’s endpoints. This issue could allow authenticated users t...

7.1CVSS5.8AI score0.00396EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

Summarize 安全漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 contain security vulnerabilities. These vulnerabilities stem from an authorization flaw in the content script’s window.postMessage bridging mechanism, which could allow...

6.1CVSS5.9AI score0.00195EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.8 views

Summarize 安全漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 contain security vulnerabilities. These vulnerabilities stem from an issue with authorization deficiencies, which could allow attackers to execute browser automation operatio...

5.4CVSS5.9AI score0.00227EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2026/05/14 6:27 p.m.7 views

@draadnl/openstad-cms (>=0.12.2 <=0.12.3), apostrophe-personas (>=2.0.0 <=2.2.1) +3 more potentially affected by CVE-2026-45013 via apostrophe (>=0.5.393 <=2.227.12)

apostrophe NPM version =0.5.393, =0.12.2, =2.0.0, =0.5.0, =1.0.0, =1.0.2 Source cves: CVE-2026-45013 Source advisory: OSV:GHSA-GF43-24G3-5HW2...

8.1CVSS5.5AI score0.0025EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/14 6:26 p.m.7 views

@draadnl/openstad-cms (>=0.12.2 <=0.12.3), apostrophe-personas (>=2.0.0 <=2.2.1) +3 more potentially affected by CVE-2026-45012 via apostrophe (>=0.5.393 <=2.227.12)

apostrophe NPM version =0.5.393, =0.12.2, =2.0.0, =0.5.0, =1.0.0, =1.0.2 Source cves: CVE-2026-45012 Source advisory: OSV:GHSA-PR28-MF3Q-QPG6...

7.6CVSS5.5AI score0.00197EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/11 9:31 p.m.14 views

@steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

6.9CVSS5.8AI score0.00098EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder