50 matches found
CVE-2026-15627
The CVE-2026-15627 vulnerability affects the GoClaw component of nextlevelbuilder up to version 3.13.3-beta.3. It targets the handleNavigate function in pkg/browser/tool.go, where manipulation of the args.targetUrl parameter leads to information disclosure. The issue is exploitable remotely, and ...
CVE-2026-15626
CVE-2026-15626 affects nextlevelbuilder GoClaw 3.13.3-beta.3, specifically the ACP ToolBridge Workspace Handler’s writeFile function in internal/providers/acp/tool_bridge.go. The issue enables path traversal, allowing remote exploitation. Public exploit details exist. Affected product/version and...
EUVD-2026-43614
A vulnerability was found in nextlevelbuilder GoClaw 3.11.3. Affected by this issue is the function ExecApprovalManager.CheckCommand of the file internal/tools/execapproval.go. The manipulation results in incomplete blacklist. The attack can be executed remotely. The exploit has been made public...
EUVD-2026-43613
A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/createvideobyteplus.go of the component invoke Endpoint. The manipulation of the argument output.videourl leads to server-side...
CVE-2026-14716
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads to incorrect authorization. The attack may be launched...
EUVD-2026-41730
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads to incorrect authorization. The attack may be launched...
CVE-2026-14716
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads to incorrect authorization. The attack may be launched...
CVE-2026-14716
CVE-2026-14716 affects nextlevelbuilder GoClaw up to version 3.13.0-beta.2. The vulnerability is in MethodRouter.Handle (internal/gateway/router.go) of the WebSocket RPC Handler, where an input manipulation can bypass authorization. It is a remote-risk scenario with a publicly disclosed exploit. ...
PT-2026-55770
Name of the Vulnerable Software and Affected Versions nextlevelbuilder GoClaw versions prior to 3.13.0-beta.3 Description An issue exists in the WebSocket RPC Handler component within the MethodRouter.Handle function of the internal/gateway/router.go file. This flaw allows for remote manipulation...
CVE-2026-10217
A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function handleSave of the file internal/http/ttsconfig.go of the component RoleAdmin Gateway. This manipulation causes improper privilege management. Remote exploitation of the attack is possible. The...
CVE-2026-10616
A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the file internal/tools/teamtaskslifecycle.go of the component Team Task Completion Handler. Executing a manipulation can lead to missing authorization. Th...
CVE-2026-10617
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...
CVE-2026-10617
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...
EUVD-2026-34009
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...
CVE-2026-10617 nextlevelbuilder GoClaw Webhook Verification auth.go resolveAuth missing authentication
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...
CVE-2026-10617 nextlevelbuilder GoClaw Webhook Verification auth.go resolveAuth missing authentication
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...
CVE-2026-10617
The CVE-2026-10617 entry describes a vulnerability in nextlevelbuilder GoClaw up to version 3.11.3, affecting the resolveAuth function in internal/http/auth.go of the Webhook Verification Handler. The issue results from a manipulation that leads to missing authentication, enabling remote exploita...
CVE-2026-10616 nextlevelbuilder GoClaw Team Task Completion team_tasks_lifecycle.go TeamTasksTool.executeComplete authorization
A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the file internal/tools/teamtaskslifecycle.go of the component Team Task Completion Handler. Executing a manipulation can lead to missing authorization. Th...
CVE-2026-10616
CVE-2026-10616 affects nextlevelbuilder GoClaw up to 3.11.3. The vulnerability resides in TeamTasksTool.executeComplete (internal/tools/team_tasks_lifecycle.go), where a manipulation can lead to missing authorization. The issue can be exploited remotely and the exploit has been made publicly avai...
CVE-2026-10583
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/ttsconfig.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate t...