44 matches found
Missing Authorization
Overview @steipete/summarize is a Link → clean text → summary. Affected versions of this package are vulnerable to Missing Authorization via the extension automation feature. An attacker can perform unauthorized browser automation actions by tricking a user into interacting with attacker-controll...
Missing Authorization
Overview @steipete/summarize is a Link → clean text → summary. Affected versions of this package are vulnerable to Missing Authorization via the slidesDir parameter in the /v1/summarize endpoint. An attacker can write arbitrary files, such as slide.png and slides.json, to any writable directory a...
GHSA-67GQ-6Q8C-QQH6 Summarize contains a missing authorization vulnerability
Summarize prior to 0.15.0 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...
GHSA-8JR4-6R33-PHWM Summarize contains a path traversal vulnerability
Summarize prior to 0.15.0 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit...
Summarize contains a path traversal vulnerability
Summarize prior to 0.15.0 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit...
CVE-2026-45242
Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit...
EUVD-2026-30797
Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit...
CVE-2026-45242 Summarize < 0.15.1 Path Traversal via slidesDir Parameter
Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit...
CVE-2026-45242 Summarize < 0.15.1 Path Traversal via slidesDir Parameter
Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit...
CVE-2026-45242
Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit...
Summarize 安全漏洞
Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 contain security vulnerabilities. These vulnerabilities stem from insecure file permissions in the configuration rewritepath without refreshing, allowing local users to acces...
Summarize 安全漏洞
Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 contain security vulnerabilities. These vulnerabilities stem from an issue with authorization deficiencies, which could allow attackers to execute browser automation operatio...
Summarize 安全漏洞
Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 contain security vulnerabilities. These vulnerabilities stem from an authorization flaw in the content script’s window.postMessage bridging mechanism, which could allow...
Summarize 安全漏洞
Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 contain security vulnerabilities. These vulnerabilities stem from a path traversal issue in the /v1/summarize daemon’s endpoints. This issue could allow authenticated users t...
PT-2026-41719
Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1 Description A path traversal issue exists in the '/v1/summarize' daemon endpoint. Authenticated users can write files to arbitrary directories by providing an absolute path or directory traversal sequence in...
@bodonkey/charting-extension (>=1.0.0 <=1.1.0), @draadnl/openstad-cms (>=0.12.2 <=0.12.3) +7 more potentially affected by CVE-2026-45012 via apostrophe (>=0.5.393 <=4.29.0)
apostrophe NPM version =0.5.393, =1.0.0, =0.12.2, =0.0.1, =0.0.1, =2.0.0, =0.5.0, =1.0.0, =1.0.2 - tfp-procrea =1.0.0 Source cves: CVE-2026-45012 Source advisory: OSV:GHSA-PR28-MF3Q-QPG6...
GHSA-QP7V-GJGG-4MJ6 @steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json
Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...
@steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json
Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...
Incorrect Permission Assignment for Critical Resource
Overview @steipete/summarize is a Link → clean text → summary. Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the creation of the daemon.json configuration file with overly permissive filesystem permissions. An attacker can gain...
Summarize 安全漏洞
Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.14.1 contain security vulnerabilities. These vulnerabilities stem from the use of default file system permissions for the configuration directory and files of the daemon process. ...