AI Threat Alert
AI Component
Plugin
Plugin and tool vulnerabilities affect the external integrations that extend AI systems — browser tools, code interpreters, API connectors, and file system access in agent frameworks.
126
Total CVEs
7
Pages
Page 7 of 7
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | GHSA-3fv3-6p2v-gxwj | openclaw: SSRF bypass in QQ Bot media fetch paths | openclaw | - |
| HIGH | GHSA-5wj5-87vq-39xm | openclaw: auth bypass enables exec escalation on reconnect | openclaw | - |
| MEDIUM | GHSA-cmfr-9m2r-xwhq | OpenClaw: auth bypass enables persistent browser profile mutation | openclaw | - |
| MEDIUM | GHSA-qqq7-4hxc-x63c | openclaw: local file exfiltration via trusted MEDIA refs | openclaw | - |
| LOW | GHSA-cm8v-2vh9-cxf3 | openclaw: git env var injection enables host redirect | openclaw | - |
| MEDIUM | CVE-2026-40117 | PraisonAI: arbitrary file read via unguarded skill tool | praisonaiagents | 6.2 |
Page 7 of 7