Lucene search
+L

106 matches found

EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-45377

A vulnerability was determined in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This impacts the function matchesAllowlist/extractBin of the file internal/tools/execapproval.go. Executing a manipulation can lead to incorrectly-resolved name. The attack may be performed from remote. The exploit has...

6.5CVSS6.1AI score
Exploits0References8
EUVD
EUVD
added 1 hour ago4 views

EUVD-2026-45378

A vulnerability was found in nextlevelbuilder GoClaw up to 3.13.2. This affects the function RequestApproval of the file internal/tools/execapproval.go of the component WebSocket Approval Endpoint. Performing a manipulation results in incorrect authorization. The attack is possible to be carried...

6.5CVSS6.1AI score
Exploits0References8
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-45382

A vulnerability was identified in nextlevelbuilder GoClaw up to 3.13.2. Affected is the function isSafeBin of the file internal/tools/execapproval.go. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be...

6.5CVSS6.2AI score
Exploits0References8
EUVD
EUVD
added 1 hour ago5 views

EUVD-2026-45384

A weakness has been identified in nextlevelbuilder GoClaw up to 3.13.2. Affected by this issue is the function ToolsInvokeHandler.ServeHTTP of the file internal/http/toolsinvoke.go of the component Invoke Endpoint. This manipulation causes missing authorization. The attack can be initiated...

6.5CVSS6.3AI score
Exploits0References8
CVE
CVE
added 2 hours ago8 views

CVE-2026-16124

The CVE concerns nextlevelbuilder GoClaw (up to version 3.15.0-beta.32) where the CheckSSRF/isPrivateIP function in web_fetch/internal/tools/web_shared.go enables server-side request forgery. Remote exploitation is possible and the exploit has been publicly disclosed. A fix is available in versio...

6.5CVSS6.1AI score
Exploits0References9
CVE
CVE
added 2 hours ago7 views

CVE-2026-16123

The vulnerability CVE-2026-16123 affects nextlevelbuilder GoClaw up to version 3.13.2. It resides in ToolsInvokeHandler.ServeHTTP (internal/http/tools_invoke.go, Invoke Endpoint) and is caused by a manipulation that leads to missing authorization. This allows remote exploitation, with a public ex...

6.5CVSS6.3AI score
Exploits0References7
CVE
CVE
added 2 hours ago6 views

CVE-2026-16122

Nextlevelbuilder GoClaw up to 3.13.2 is affected by CVE-2026-16122. The vulnerability is in extractBin/RequestApproval/matchesAllowlist of internal/tools/exec_approval.go and allows manipulation that results in incorrect authorization. The exploit has been released publicly and may be used for at...

4.8CVSS4.8AI score
Exploits0References7
NVD
NVD
added 3 hours ago5 views

CVE-2026-16120

A vulnerability was determined in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This impacts the function matchesAllowlist/extractBin of the file internal/tools/execapproval.go. Executing a manipulation can lead to incorrectly-resolved name. The attack may be performed from remote. The exploit has...

6.5CVSS
Exploits0References7
NVD
NVD
added 3 hours ago5 views

CVE-2026-16119

A vulnerability was found in nextlevelbuilder GoClaw up to 3.13.2. This affects the function RequestApproval of the file internal/tools/execapproval.go of the component WebSocket Approval Endpoint. Performing a manipulation results in incorrect authorization. The attack is possible to be carried...

6.5CVSS
Exploits0References7
CVE
CVE
added 3 hours ago5 views

CVE-2026-16121

GoClaw (nextlevelbuilder) vulnerable up to version 3.13.2 due to a flaw in isSafeBin (internal/tools/exec_approval.go / internal/tools/exec approval.go) that enables improper authorization. The issue can be triggered remotely and a public exploit exists; no remediation details are provided in the...

6.5CVSS6.2AI score
Exploits0References7
Cvelist
Cvelist
added 3 hours ago9 views

CVE-2026-16120 nextlevelbuilder GoClaw exec_approval.go extractBin name resolution

A vulnerability was determined in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This impacts the function matchesAllowlist/extractBin of the file internal/tools/execapproval.go. Executing a manipulation can lead to incorrectly-resolved name. The attack may be performed from remote. The exploit has...

6.5CVSS
Exploits0References7
CVE
CVE
added 3 hours ago9 views

CVE-2026-16120

CVE-2026-16120 affects nextlevelbuilder GoClaw up to version 3.13.3-beta.3. The vulnerability targets the function matchesAllowlist/extractBin in internal/tools/exec_approval.go, where manipulation can cause an incorrectly-resolved name. The attack can be performed remotely, and public exploitati...

6.5CVSS6.1AI score
Exploits0References7
ATTACKERKB
ATTACKERKB
added 3 hours ago4 views

CVE-2026-16120

A vulnerability was determined in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This impacts the function matchesAllowlist/extractBin of the file internal/tools/execapproval.go. Executing a manipulation can lead to incorrectly-resolved name. The attack may be performed from remote. The exploit has...

6.5CVSS6.1AI score
Exploits0References7
Cvelist
Cvelist
added 4 hours ago5 views

CVE-2026-16119 nextlevelbuilder GoClaw WebSocket Approval Endpoint exec_approval.go RequestApproval authorization

A vulnerability was found in nextlevelbuilder GoClaw up to 3.13.2. This affects the function RequestApproval of the file internal/tools/execapproval.go of the component WebSocket Approval Endpoint. Performing a manipulation results in incorrect authorization. The attack is possible to be carried...

6.5CVSS
Exploits0References7
CVE
CVE
added 4 hours ago3 views

CVE-2026-16119

CVE-2026-16119 affects nextlevelbuilder GoClaw up to 3.13.2, specifically the WebSocket Approval Endpoint’s internal/tools/exec_approval.go, function RequestApproval. A manipulation can cause incorrect authorization, and the attack can be carried out remotely. The exploit has been made public, wi...

6.5CVSS6.1AI score
Exploits0References7
ATTACKERKB
ATTACKERKB
added 4 hours ago3 views

CVE-2026-16119

A vulnerability was found in nextlevelbuilder GoClaw up to 3.13.2. This affects the function RequestApproval of the file internal/tools/execapproval.go of the component WebSocket Approval Endpoint. Performing a manipulation results in incorrect authorization. The attack is possible to be carried...

6.5CVSS6.1AI score
Exploits0References7Affected Software1
NVD
NVD
added 4 days ago8 views

CVE-2026-15627

A vulnerability was identified in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This vulnerability affects the function handleNavigate of the file pkg/browser/tool.go. Such manipulation of the argument args.targetUrl leads to information disclosure. The attack may be performed from remote. The...

5.3CVSS0.00246EPSS
Exploits0References7
NVD
NVD
added 4 days ago11 views

CVE-2026-15626

A vulnerability was determined in nextlevelbuilder GoClaw 3.13.3-beta.3. This affects the function writeFile of the file internal/providers/acp/toolbridge.go of the component ACP ToolBridge Workspace Handler. This manipulation causes path traversal. The attack is possible to be carried out...

6.5CVSS0.00294EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-15627

A vulnerability was identified in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This vulnerability affects the function handleNavigate of the file pkg/browser/tool.go. Such manipulation of the argument args.targetUrl leads to information disclosure. The attack may be performed from remote. The...

5.3CVSS5.9AI score0.00246EPSS
Exploits0References7
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43616

A vulnerability was identified in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This vulnerability affects the function handleNavigate of the file pkg/browser/tool.go. Such manipulation of the argument args.targetUrl leads to information disclosure. The attack may be performed from remote. The...

5.3CVSS5.9AI score0.00246EPSS
Exploits0References7
Rows per page
Query Builder