Lucene search
+L

246 matches found

NVD
NVD
added 3 days ago6 views

CVE-2026-15620

A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/toolwebfetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be...

6.5CVSS0.00228EPSS
Exploits0References6
NVD
NVD
added 3 days ago6 views

CVE-2026-15619

A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function webfetch of the file tools/toolwebfetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploi...

7.5CVSS0.00252EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-43582

A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/toolwebfetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago27 views

CVE-2026-15620 mosaxiv clawlet tool_web_fetch.go tools.webFetch server-side request forgery

A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/toolwebfetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be...

6.5CVSS0.00228EPSS
Exploits0References6
OSV
OSV
added 3 days ago3 views

CVE-2026-15620 mosaxiv clawlet tool_web_fetch.go tools.webFetch server-side request forgery

A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/toolwebfetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be...

5.3CVSS6.2AI score0.00228EPSS
Exploits0References8
CVE
CVE
added 3 days ago8 views

CVE-2026-15619

CVE-2026-15619 affects mosaxiv clawlet prior to 0.2.10. The vulnerable element is the web_fetch function in tools/tool_web_fetch.go of the IPv4 Handler. The issue arises from manipulating the url argument, enabling server-side request forgery (SSRF). The attack can be initiated remotely, and an e...

7.5CVSS6.4AI score0.00252EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-15619 mosaxiv clawlet IPv4 tool_web_fetch.go web_fetch server-side request forgery

A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function webfetch of the file tools/toolwebfetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploi...

7.5CVSS0.00252EPSS
Exploits0References6
OSV
OSV
added 3 days ago3 views

CVE-2026-15619 mosaxiv clawlet IPv4 tool_web_fetch.go web_fetch server-side request forgery

A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function webfetch of the file tools/toolwebfetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploi...

5.3CVSS6.4AI score0.00252EPSS
Exploits0References8
Metasploit
Metasploit
added 2026/07/10 7:2 p.m.18 views

HTTPS Fetch, Linux dup2 Command Shell, Bind TCP Stager

Fetch and execute an RISC-V 64-bit payload from an HTTPS server. dup2 socket in s1, then execve. Listen for a connection Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include...

6.2AI score
Exploits0
Metasploit
Metasploit
added 2026/07/10 7:2 p.m.17 views

HTTP Fetch, Linux dup2 Command Shell, Bind TCP Stager

Fetch and execute an RISC-V 64-bit payload from an HTTP server. dup2 socket in s1, then execve. Listen for a connection Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include...

6.2AI score
Exploits0
Metasploit
Metasploit
added 2026/07/10 7:2 p.m.19 views

HTTP Fetch, Linux dup2 Command Shell, Reverse TCP Stager

Fetch and execute an RISC-V 64-bit payload from an HTTP server. dup2 socket in s1, then execve. Connect back to the attacker Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule inclu...

5.5AI score
Exploits0
NVD
NVD
added 2026/07/10 12:16 a.m.5 views

CVE-2026-15317

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation results in server-side request forgery. The attack can be...

7.5CVSS0.00247EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/10 12:0 a.m.10 views

EUVD-2026-42757

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation results in server-side request forgery. The attack can be...

7.5CVSS6.2AI score0.00247EPSS
Exploits0References6
CVE
CVE
added 2026/07/10 12:0 a.m.12 views

CVE-2026-15317

Sipeed PicoClaw

7.5CVSS6.2AI score0.00247EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/10 12:0 a.m.44 views

CVE-2026-15317 Sipeed PicoClaw Guarded Web Fetch Flow web.go WebFetchTool.Execute server-side request forgery

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation results in server-side request forgery. The attack can be...

7.5CVSS0.00247EPSS
Exploits0References6
OSV
OSV
added 2026/07/10 12:0 a.m.4 views

CVE-2026-15317 Sipeed PicoClaw Guarded Web Fetch Flow web.go WebFetchTool.Execute server-side request forgery

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation results in server-side request forgery. The attack can be...

5.3CVSS6.3AI score0.00247EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/09 5:0 p.m.7 views

EUVD-2026-42633

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, WEBFETCHFILTERLIST matching compared configured host entries against URL strings and non-label-boundary suffixes, allowing path-based blocklist bypasses such as !internal.example.com in a URL pa...

4.3CVSS6AI score0.00223EPSS
Exploits0References4
CVE
CVE
added 2026/07/09 5:0 p.m.12 views

CVE-2026-59223

Open WebUI vulnerability CVE-2026-59223 affects the WEB_FETCH_FILTER_LIST logic prior to 0.10.0, allowing path-based blocklist bypasses (e.g., !internal.example.com in a URL path) and misalignment with hostname policy for sibling-domain matches. The issue is fixed in version 0.10.0. Impact is a p...

4.3CVSS6AI score0.00223EPSS
Exploits0References4Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/08 4:35 p.m.11 views

Malicious code in chai-redirection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38236fbbdbbaa8f8ed9315c3a4ff01fbf049215896036b1cb68611681fe0eb00 chai-redirection presents itself as a chai assertion plugin but its main entry index.js unconditionally spawns a detached Node child process running...

6.2AI score
Exploits0References4
NVD
NVD
added 2026/06/23 6:18 p.m.13 views

CVE-2026-54316

Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject ...

9.1CVSS0.00403EPSS
Exploits0References1
Rows per page
Query Builder