Product
high
advisory
Summarize Extension Mouseover Authenticated Request Vulnerability (CVE-2026-45245)
2 rules 1 TTP 1 CVESummarize versions prior to 0.15.1 contain a vulnerability (CVE-2026-45245) in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events, triggering authenticated daemon requests and potentially exposing sensitive internal endpoints.
Summarize < 0.15.1
cve-2026-45245
browser-extension
authenticated-request-forgery
mouseover-event
2r
1t
1c
high
advisory
Summarize Path Traversal Vulnerability (CVE-2026-45242)
2 rules 1 TTP 1 CVESummarize versions prior to 0.15.1 are vulnerable to path traversal in the /v1/summarize daemon endpoint, allowing authenticated callers to write files to arbitrary directories via the slidesDir request parameter and subsequently delete files.
Summarize < 0.15.1
path-traversal
vulnerability
web-application
2r
1t
1c