4.7
CVE-2026-27492 - Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reusβ¦
Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties (such as to, subject, html, text, and attachments) are not reset between sends when a single client instance is reused across multiple .send() calls. This can cause properties from a preβ¦
10
CVE-2026-27574 - OneUptime: node:vm sandbox escape in probe allows any project member to achieve RCE
OneUptime is a solution for monitoring and managing online services. In versions 9.5.13 and below, custom JavaScript monitor feature uses Node.js's node:vm module (explicitly documented as not a security mechanism) to execute user-supplied code, allowing trivial sandbox escape via a well-known one-β¦
4.8
CVE-2026-27576 - OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with verβ¦
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the ACP bridge accepts very large prompt text blocks and can assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients (for example IDE integrβ¦
6.9
CVE-2026-27488 - OpenClaw hardened cron webhook delivery against SSRF
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, Cron webhook delivery in src/gateway/server-cron.ts uses fetch() directly, so webhook targets can reach private/metadata/internal endpoints without SSRF policy checks. This issue was fixed in version 2026.2.19.
7.6
CVE-2026-27487 - OpenClaw: Prevent shell injection in macOS keychain credential write
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, tβ¦
4.3
CVE-2026-27486 - OpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL in Process Cleanup
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below of the OpenClaw CLI, the process cleanup uses system-wide process enumeration and pattern matching to terminate processes without verifying if they are owned by the current OpenClaw process. On shared hosts, unrelated processes caβ¦
6.5
CVE-2025-14339 - weMail <= 2.0.7 - Missing Authorization to Unauthenticated Form Deletion
The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up to, and including, 2.0.7. This is due to the `Forms::permission()` callback only validating the `X-WP-Nonce`β¦
4.6
CVE-2026-27485 - OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline scripβ¦
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/package_skill.py (a local helper script used when authors package skills) previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory β¦
2.3
CVE-2026-27484 - OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the Discord moderation action handling (timeout, kick, ban) uses sender identity from request parameters in tool-driven flows, instead of trusted runtime sender context. In setups where Discord moderation actions are enabled and β¦
5.9
CVE-2026-27482 - Ray: Dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job dβ¦
Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable (e.g., --dashboard-host=0.0.0.0), a web page via DNS rebinding oβ¦