Lucene search
K

21 matches found

CVE
CVE
added yesterday9 views

CVE-2026-15627

The CVE-2026-15627 vulnerability affects the GoClaw component of nextlevelbuilder up to version 3.13.3-beta.3. It targets the handleNavigate function in pkg/browser/tool.go, where manipulation of the args.targetUrl parameter leads to information disclosure. The issue is exploitable remotely, and ...

5.3CVSS5.9AI score0.00246EPSS
Exploits0References7
NVD
NVD
added 5 days ago7 views

CVE-2026-15329

A vulnerability was found in zhayujie CowAgent up to 2.1.0. This issue affects the function BrowserTool.donavigate of the file agent/tools/browser/browsertool.py of the component Browser Tool. Performing a manipulation results in information disclosure. The attack can be initiated remotely. The...

5.3CVSS0.00241EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-15329

A vulnerability was found in zhayujie CowAgent up to 2.1.0. This issue affects the function BrowserTool.donavigate of the file agent/tools/browser/browsertool.py of the component Browser Tool. Performing a manipulation results in information disclosure. The attack can be initiated remotely. The...

5.3CVSS5.6AI score0.00241EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42783

A vulnerability was found in zhayujie CowAgent up to 2.1.0. This issue affects the function BrowserTool.donavigate of the file agent/tools/browser/browsertool.py of the component Browser Tool. Performing a manipulation results in information disclosure. The attack can be initiated remotely. The...

5.3CVSS5.6AI score0.00241EPSS
Exploits0References7
CVE
CVE
added 5 days ago10 views

CVE-2026-15329

Vulnerability CVE-2026-15329 affects zhayujie CowAgent up to version 2.1.0, specifically the Browser Tool component and its BrowserTool._do_navigate function (file agent/tools/browser/browser_tool.py). The issue is information disclosure caused by a manipulation of that function. Exploitation is ...

5.3CVSS5.6AI score0.00241EPSS
Exploits0References7
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-15329 zhayujie CowAgent Browser Tool browser_tool.py BrowserTool._do_navigate information disclosure

A vulnerability was found in zhayujie CowAgent up to 2.1.0. This issue affects the function BrowserTool.donavigate of the file agent/tools/browser/browsertool.py of the component Browser Tool. Performing a manipulation results in information disclosure. The attack can be initiated remotely. The...

5.3CVSS0.00241EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2026/05/27 1:28 p.m.24 views

5 Steps to Managing Shadow AI Tools Without Slowing Down Employees

When an employee installs an AI writing assistant, connects a coding copilot to their IDE, or starts summarizing meetings with a new browser tool, they are doing exactly what a productive employee should do: finding faster ways to work. Across most organizations today, employees are running three...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.5 views

CVE-2026-32008

OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed function that allows authenticated users with browser-tool access to navigate to file:// URLs. Attackers can exploit this by accessing local files readable by the...

7.1CVSS5.8AI score0.00403EPSS
Exploits1References1
NVD
NVD
added 2026/03/19 10:16 p.m.4 views

CVE-2026-32008

OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed function that allows authenticated users with browser-tool access to navigate to file:// URLs. Attackers can exploit this by accessing local files readable by the...

7.1CVSS0.00403EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/19 10:6 p.m.22 views

CVE-2026-32008 OpenClaw < 2026.2.21 - Arbitrary Local File Read via Browser Navigation Guard

OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed function that allows authenticated users with browser-tool access to navigate to file:// URLs. Attackers can exploit this by accessing local files readable by the...

7.1CVSS0.00403EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:6 p.m.4 views

CVE-2026-32008

OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed function that allows authenticated users with browser-tool access to navigate to file:// URLs. Attackers can exploit this by accessing local files readable by the...

7.1CVSS5.8AI score0.00403EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/19 10:6 p.m.32 views

EUVD-2026-13267

OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed function that allows authenticated users with browser-tool access to navigate to file:// URLs. Attackers can exploit this by accessing local files readable by the...

7.1CVSS5.8AI score0.00403EPSS
Exploits1References3
OSV
OSV
added 2026/03/19 10:6 p.m.3 views

CVE-2026-32008 OpenClaw < 2026.2.21 - Arbitrary Local File Read via Browser Navigation Guard

OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed function that allows authenticated users with browser-tool access to navigate to file:// URLs. Attackers can exploit this by accessing local files readable by the...

7.1CVSS5.9AI score0.00403EPSS
Exploits1References5
CNVD
CNVD
added 2026/03/02 12:0 a.m.5 views

OpenClaw Path Traversal Vulnerability

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to read arbitrary files from a gateway host by supplying an absolute path or path traversal sequence to the upload operation of a browser...

7.1CVSS5.9AI score0.00408EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

OpenClaw 路径遍历漏洞

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to read arbitrary files from a gateway host by supplying an absolute path or path traversal sequence to the upload operation of a browser...

7.1CVSS6.1AI score0.00408EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.9 views

PT-2026-20372

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description Authenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool's upload action. The server passes these paths ...

7.1CVSS5.8AI score0.00408EPSS
Exploits0References11
OSV
OSV
added 2025/03/20 12:32 p.m.13 views

GHSA-38MG-WM59-G64X composio allows Server-Side Request Forgery (SSRF) in BROWSERTOOL

A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allows an attacker to read the contents of any file in the system by exploiting the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS actions...

6.8CVSS5.9AI score0.00679EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.6 views

Composio 安全漏洞

Composio is a production-ready toolset for AI agents open-sourced by Composio. A security vulnerability exists in Composio version v0.4.4, which stems from the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS operations that do not validate user input, potentially leading to a server-side reques...

7.5CVSS6.5AI score0.00679EPSS
Exploits1References1
Kitploit
Kitploit
added 2024/03/27 11:30 a.m.38 views

Noia - Simple Mobile Applications Sandbox File Browser Tool

Noia is a web-based tool whose main aim is to ease the process of browsing mobile applications sandbox and directly previewing SQLite databases, images, and more. Powered by frida.re. Please note that I'm not a programmer, but I'm probably above the median in code-savyness. Try it out, open an...

7.4AI score
Exploits0References1
CNVD
CNVD
added 2021/12/12 12:0 a.m.15 views

Fortinet FortiClientEms Information Disclosure Vulnerability

Fortinet FortiClientEms is a centralized central management system from Fortinet, Inc. An information disclosure vulnerability exists in Fortinet FortiClientEms, which stems from a lack of encryption of sensitive data in FortiClientEMS. An authenticated attacker could view sensitive information i...

6.8CVSS1.3AI score0.00392EPSS
Exploits0References1
Rows per page
Query Builder