Lucene search
+L

7 matches found

Cvelist
Cvelist
added 8 hours ago11 views

CVE-2026-16123 nextlevelbuilder GoClaw Invoke Endpoint tools_invoke.go ToolsInvokeHandler.ServeHTTP authorization

A weakness has been identified in nextlevelbuilder GoClaw up to 3.13.2. Affected by this issue is the function ToolsInvokeHandler.ServeHTTP of the file internal/http/toolsinvoke.go of the component Invoke Endpoint. This manipulation causes missing authorization. The attack can be initiated...

6.5CVSS
Exploits0References7
CVE
CVE
added 8 hours ago12 views

CVE-2026-16123

The vulnerability CVE-2026-16123 affects nextlevelbuilder GoClaw up to version 3.13.2. It resides in ToolsInvokeHandler.ServeHTTP (internal/http/tools_invoke.go, Invoke Endpoint) and is caused by a manipulation that leads to missing authorization. This allows remote exploitation, with a public ex...

6.5CVSS6.3AI score
Exploits0References7
EUVD
EUVD
added 8 hours ago7 views

EUVD-2026-45384

A weakness has been identified in nextlevelbuilder GoClaw up to 3.13.2. Affected by this issue is the function ToolsInvokeHandler.ServeHTTP of the file internal/http/toolsinvoke.go of the component Invoke Endpoint. This manipulation causes missing authorization. The attack can be initiated...

6.5CVSS6.3AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 23 hours ago5 views

PT-2026-60970

A weakness has been identified in nextlevelbuilder GoClaw up to 3.13.2. Affected by this issue is the function ToolsInvokeHandler.ServeHTTP of the file internal/http/tools invoke.go of the component Invoke Endpoint. This manipulation causes missing authorization. The attack can be initiated...

6.5CVSS5.1AI score
Exploits0References8
NVD
NVD
added 3 days ago6 views

CVE-2026-61684

FastGPT is a knowledge-based AI application platform. In 4.15.0-beta4, FastGPT plugin invoke reverse-call endpoints under /api/invoke/ authenticate only by verifying a JWT signed with INVOKETOKENSECRET, which defaults to the constant string token and was not set in official deployment templates. ...

8.8CVSS0.00295EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-44676

FastGPT is a knowledge-based AI application platform. In 4.15.0-beta4, FastGPT plugin invoke reverse-call endpoints under /api/invoke/ authenticate only by verifying a JWT signed with INVOKETOKENSECRET, which defaults to the constant string token and was not set in official deployment templates. ...

8.8CVSS6.1AI score0.00295EPSS
Exploits0References4
OSV
OSV
added 2026/03/02 11:32 p.m.5 views

GHSA-943Q-MWMV-HHVH OpenClaw: Gateway /tools/invoke tool escalation + ACP permission auto-approval

Summary OpenClaw Gateway exposes an authenticated HTTP endpoint POST /tools/invoke intended for invoking a constrained set of tools. Two issues could combine to significantly increase blast radius in misconfigured or exposed deployments: - The HTTP gateway layer did not deny high-risk session...

8.8CVSS6.1AI score
Exploits0References7
Rows per page
Query Builder