Lucene search
K
SteipeteSummarize

5 matches found

CVE
CVE
added 2026/05/18 6:50 p.m.22 views

CVE-2026-45243

CVE-2026-45243 affects the Summarize browser extension prior to v0.15.1. The root cause is a missing authorization in the content script bridge (window.postMessage), allowing malicious pages to perform unauthorized operations on automation artifacts within the affected tab by spoofing sender iden...

6.1CVSS5.8AI score0.00195EPSS
CVE
CVE
added 2026/05/18 6:57 p.m.22 views

CVE-2026-45244

CVE-2026-45244 affects the Summarize extension prior to version 0.15.1 . The vulnerability is a missing authorization flaw that lets attackers execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent via ...

5.4CVSS5.9AI score0.00227EPSS
CVE
CVE
added 2026/05/18 7:0 p.m.19 views

CVE-2026-45245

CVE-2026-45245 affects the Summarize extension prior to 0.15.1. A vulnerability in the hover summary feature lets malicious pages dispatch synthetic mouseover events on attacker‑controlled links, causing the extension to issue authenticated daemon requests using stored tokens without verifying ev...

7.4CVSS5.8AI score0.0033EPSS
CVE
CVE
added 2026/05/18 6:52 p.m.18 views

CVE-2026-45242

The CVE-2026-45242 vulnerability affects the Summarize tool prior to version 0.15.1, exposing a path traversal flaw in the /v1/summarize daemon endpoint. An authenticated user can supply an absolute path or directory traversal sequence in the slidesDir parameter, allowing writes of slide_*.png an...

7.1CVSS5.9AI score0.00396EPSS
Web
CVE
CVE
added 2026/05/18 7:3 p.m.16 views

CVE-2026-45246

CVE-2026-45246 describes an insecure file permission vulnerability in the refresh-free configuration rewrite path for versions prior to 0.15.1. When the path rewrites the configuration file, the replacement is created with default process umask permissions instead of preserving the original file ...

6.8CVSS5.8AI score0.00137EPSS