4927528 matches found
Exploit for CVE-2026-60137
wp2shell Pre-authentication Remote Code Execution against Wor...
CVE-2026-16128 zevorn rt-claw http_request swarm.c receiver_thread server-side request forgery
A security flaw has been discovered in zevorn rt-claw up to 0.2.0. This impacts the function receiverthread of the file claw/services/swarm/swarm.c of the component httprequest. Performing a manipulation results in server-side request forgery. It is possible to initiate the attack remotely. The...
CVE-2026-16128 zevorn rt-claw http_request swarm.c receiver_thread server-side request forgery
A security flaw has been discovered in zevorn rt-claw up to 0.2.0. This impacts the function receiverthread of the file claw/services/swarm/swarm.c of the component httprequest. Performing a manipulation results in server-side request forgery. It is possible to initiate the attack remotely. The...
CVE-2026-16127
A vulnerability was identified in zevorn rt-claw up to 0.2.0. This affects the function clawnetget/clawnetpost of the file claw/tools/toolnet.c of the component httprequest. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote. The...
CVE-2026-16126
A vulnerability was determined in zevorn rt-claw up to 0.2.0. The impacted element is the function handlerpcrequest of the file claw/services/swarm/swarm.c of the component Swarm RPC Receiver. This manipulation causes incorrect authorization. The attack is possible to be carried out remotely. The...
CVE-2026-16125
A vulnerability was found in zevorn rt-claw up to 0.2.0. The affected element is the function clawnetget/clawnetpost of the file claw/services/tools/net.c of the component httprequest. The manipulation of the argument url results in server-side request forgery. The attack can be executed remotely...
CVE-2026-16124
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.15.0-beta.32. This affects the function CheckSSRF/isPrivateIP of the file internal/tools/webshared.go of the component webfetch. Such manipulation leads to server-side request forgery. The attack can be launched remotel...
CVE-2026-16127 zevorn rt-claw http_request tool_net.c claw_net_post server-side request forgery
A vulnerability was identified in zevorn rt-claw up to 0.2.0. This affects the function clawnetget/clawnetpost of the file claw/tools/toolnet.c of the component httprequest. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote. The...
CVE-2026-16127
A vulnerability was identified in zevorn rt-claw up to 0.2.0. This affects the function clawnetget/clawnetpost of the file claw/tools/toolnet.c of the component httprequest. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote. The...
CVE-2026-16126
A vulnerability was determined in zevorn rt-claw up to 0.2.0. The impacted element is the function handlerpcrequest of the file claw/services/swarm/swarm.c of the component Swarm RPC Receiver. This manipulation causes incorrect authorization. The attack is possible to be carried out remotely. The...
CVE-2026-16126 zevorn rt-claw Swarm RPC Receiver swarm.c handle_rpc_request authorization
A vulnerability was determined in zevorn rt-claw up to 0.2.0. The impacted element is the function handlerpcrequest of the file claw/services/swarm/swarm.c of the component Swarm RPC Receiver. This manipulation causes incorrect authorization. The attack is possible to be carried out remotely. The...
CVE-2026-16123
A weakness has been identified in nextlevelbuilder GoClaw up to 3.13.2. Affected by this issue is the function ToolsInvokeHandler.ServeHTTP of the file internal/http/toolsinvoke.go of the component Invoke Endpoint. This manipulation causes missing authorization. The attack can be initiated...
CVE-2026-16122
A security flaw has been discovered in nextlevelbuilder GoClaw up to 3.13.2. Affected by this vulnerability is the function extractBin/RequestApproval/matchesAllowlist of the file internal/tools/execapproval.go. The manipulation results in incorrect authorization. The exploit has been released to...
CVE-2026-16121
A vulnerability was identified in nextlevelbuilder GoClaw up to 3.13.2. Affected is the function isSafeBin of the file internal/tools/execapproval.go. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be...
CVE-2026-16125 zevorn rt-claw http_request net.c claw_net_post server-side request forgery
A vulnerability was found in zevorn rt-claw up to 0.2.0. The affected element is the function clawnetget/clawnetpost of the file claw/services/tools/net.c of the component httprequest. The manipulation of the argument url results in server-side request forgery. The attack can be executed remotely...
CVE-2026-16125
The CVE-2026-16125 entry concerns zevorn rt-claw (up to version 0.2.0). The flaw lies in the http_request component, specifically claw_net_get and claw_net_post in claw/services/tools/net.c, where manipulating the url argument enables server-side request forgery. Exploitation is network-based and...
CVE-2026-16124 nextlevelbuilder GoClaw web_fetch web_shared.go isPrivateIP server-side request forgery
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.15.0-beta.32. This affects the function CheckSSRF/isPrivateIP of the file internal/tools/webshared.go of the component webfetch. Such manipulation leads to server-side request forgery. The attack can be launched remotel...
CVE-2026-16124
The CVE concerns nextlevelbuilder GoClaw (up to version 3.15.0-beta.32) where the CheckSSRF/isPrivateIP function in web_fetch/internal/tools/web_shared.go enables server-side request forgery. Remote exploitation is possible and the exploit has been publicly disclosed. A fix is available in versio...
CVE-2026-16123 nextlevelbuilder GoClaw Invoke Endpoint tools_invoke.go ToolsInvokeHandler.ServeHTTP authorization
A weakness has been identified in nextlevelbuilder GoClaw up to 3.13.2. Affected by this issue is the function ToolsInvokeHandler.ServeHTTP of the file internal/http/toolsinvoke.go of the component Invoke Endpoint. This manipulation causes missing authorization. The attack can be initiated...
CVE-2026-16123
The vulnerability CVE-2026-16123 affects nextlevelbuilder GoClaw up to version 3.13.2. It resides in ToolsInvokeHandler.ServeHTTP (internal/http/tools_invoke.go, Invoke Endpoint) and is caused by a manipulation that leads to missing authorization. This allows remote exploitation, with a public ex...