VYPR

Summarize

by CodexBar

Source repositories

CVEs (8)

  • CVE-2026-53782HigJun 11, 2026
    risk 0.41cvss 7.4epss 0.00

    Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations…

  • CVE-2026-45245HigMay 18, 2026
    risk 0.41cvss 7.4epss 0.00

    Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying…

  • CVE-2026-45242HigMay 18, 2026
    risk 0.39cvss 7.1epss 0.00

    Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter.…

  • CVE-2026-45243MedMay 18, 2026
    risk 0.33cvss 6.1epss 0.00

    Summarize prior to 0.15.1 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform unauthorized operations on automation artifacts. Attackers can simulate runtime messages with spoofed sender…

  • CVE-2026-45222MedMay 11, 2026
    risk 0.33cvss 6.1epss 0.00

    Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in…

  • CVE-2026-45246MedMay 18, 2026
    risk 0.29cvss 5.5epss 0.00

    Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default filesystem permissions. When the refresh-free path rewrites the configuration…

  • CVE-2026-45244MedMay 18, 2026
    risk 0.28cvss 5.4epss 0.00

    Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or…

  • CVE-2026-53781MedJun 11, 2026
    risk 0.21cvss 4.3epss 0.00

    Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed…