78 matches found
CVE-2026-15627
A vulnerability was identified in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This vulnerability affects the function handleNavigate of the file pkg/browser/tool.go. Such manipulation of the argument args.targetUrl leads to information disclosure. The attack may be performed from remote. The...
CVE-2026-15626
A vulnerability was determined in nextlevelbuilder GoClaw 3.13.3-beta.3. This affects the function writeFile of the file internal/providers/acp/toolbridge.go of the component ACP ToolBridge Workspace Handler. This manipulation causes path traversal. The attack is possible to be carried out...
CVE-2026-15627
The CVE-2026-15627 vulnerability affects the GoClaw component of nextlevelbuilder up to version 3.13.3-beta.3. It targets the handleNavigate function in pkg/browser/tool.go, where manipulation of the args.targetUrl parameter leads to information disclosure. The issue is exploitable remotely, and ...
EUVD-2026-43616
A vulnerability was identified in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This vulnerability affects the function handleNavigate of the file pkg/browser/tool.go. Such manipulation of the argument args.targetUrl leads to information disclosure. The attack may be performed from remote. The...
CVE-2026-15624
A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/createvideobyteplus.go of the component invoke Endpoint. The manipulation of the argument output.videourl leads to server-side...
CVE-2026-15625
A vulnerability was found in nextlevelbuilder GoClaw 3.11.3. Affected by this issue is the function ExecApprovalManager.CheckCommand of the file internal/tools/execapproval.go. The manipulation results in incomplete blacklist. The attack can be executed remotely. The exploit has been made public...
CVE-2026-15626
CVE-2026-15626 affects nextlevelbuilder GoClaw 3.13.3-beta.3, specifically the ACP ToolBridge Workspace Handler’s writeFile function in internal/providers/acp/tool_bridge.go. The issue enables path traversal, allowing remote exploitation. Public exploit details exist. Affected product/version and...
EUVD-2026-43615
A vulnerability was determined in nextlevelbuilder GoClaw 3.13.3-beta.3. This affects the function writeFile of the file internal/providers/acp/toolbridge.go of the component ACP ToolBridge Workspace Handler. This manipulation causes path traversal. The attack is possible to be carried out...
CVE-2026-15625
The vulnerability CVE-2026-15625 affects nextlevelbuilder GoClaw 3.11.3. It targets the function ExecApprovalManager.CheckCommand in internal/tools/exec_approval.go, causing an incomplete blacklist. This enables a remote attack and has a publicly available exploit, with PoC maturity. Impact metri...
CVE-2026-15625 nextlevelbuilder GoClaw exec_approval.go ExecApprovalManager.CheckCommand incomplete blacklist
A vulnerability was found in nextlevelbuilder GoClaw 3.11.3. Affected by this issue is the function ExecApprovalManager.CheckCommand of the file internal/tools/execapproval.go. The manipulation results in incomplete blacklist. The attack can be executed remotely. The exploit has been made public...
EUVD-2026-43614
A vulnerability was found in nextlevelbuilder GoClaw 3.11.3. Affected by this issue is the function ExecApprovalManager.CheckCommand of the file internal/tools/execapproval.go. The manipulation results in incomplete blacklist. The attack can be executed remotely. The exploit has been made public...
CVE-2026-15624
Summary: CVE-2026-15624 affects nextlevelbuilder GoClaw 3.13.3-beta.3. The vulnerability is in the function bytePlusDownloadVideo (internal/tools/create_video_byteplus.go) of the invoke Endpoint. By manipulating the argument output.video_url, an attacker can trigger a server-side request forgery....
EUVD-2026-43613
A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/createvideobyteplus.go of the component invoke Endpoint. The manipulation of the argument output.videourl leads to server-side...
CVE-2026-14716
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads to incorrect authorization. The attack may be launched...
CVE-2026-14716
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads to incorrect authorization. The attack may be launched...
EUVD-2026-41730
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads to incorrect authorization. The attack may be launched...
CVE-2026-14716
CVE-2026-14716 affects nextlevelbuilder GoClaw up to version 3.13.0-beta.2. The vulnerability is in MethodRouter.Handle (internal/gateway/router.go) of the WebSocket RPC Handler, where an input manipulation can bypass authorization. It is a remote-risk scenario with a publicly disclosed exploit. ...
CVE-2026-14716 nextlevelbuilder GoClaw WebSocket RPC router.go MethodRouter.Handle authorization
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads to incorrect authorization. The attack may be launched...
PT-2026-55770
Name of the Vulnerable Software and Affected Versions nextlevelbuilder GoClaw versions prior to 3.13.0-beta.3 Description An issue exists in the WebSocket RPC Handler component within the MethodRouter.Handle function of the internal/gateway/router.go file. This flaw allows for remote manipulation...
CVE-2026-10583
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/ttsconfig.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate t...