5 matches found
PT-2026-31981
OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect webhook-triggered...
CVE-2026-27492
Lettermint Node.js SDK (npm package lettermint) is vulnerable in versions ≤ 1.5.0 where email properties (to, subject, html, text, attachments) are not reset between sends when a single client instance is reused across multiple .send() calls. This state leakage can cause content or recipient addr...
Address Spoofing
base-x is vulnerable to Address spoofing. The vulnerability is due to improper handling of leading zero bytes during encoding, which allows an attacker to create visually similar addresses and mislead users into sending funds to unintended recipients...
GHSA-9V72-P5P3-9W65 Exposure of Sensitive Information to an Unauthorized Actor in Jenkins-mailer-plugin
jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs. This could in some cases result in emails being sent to people who have no user account in Jenkins, and in ra...
Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2005:226)
A bug in enigmail, the GPG support extension for Mozilla MailNews and Mozilla Thunderbird was discovered that could lead to the encryption of an email with the wrong public key. This could potentially disclose confidential data to unintended recipients. The updated packages have been patched to...