Lucene search
+L

10 matches found

NVD
NVD
added yesterday6 views

CVE-2026-16016

A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function runtask of the file executor/app/api/v1/task.py. The manipulation of the argument callbackurl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is...

7.5CVSS
Exploits0References6
NVD
NVD
added yesterday7 views

CVE-2026-16015

A vulnerability was determined in poco-ai poco-claw up to 0.5.4. This vulnerability affects the function createtask of the file executormanager/app/api/v1/tasks.py of the component executormanager API. Executing a manipulation can lead to missing authentication. The exploit has been publicly...

6.3CVSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-16016

A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function runtask of the file executor/app/api/v1/task.py. The manipulation of the argument callbackurl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is...

7.5CVSS7AI score
Exploits0References5Affected Software1
Cvelist
Cvelist
added yesterday13 views

CVE-2026-16016 poco-ai poco-claw task.py run_task server-side request forgery

A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function runtask of the file executor/app/api/v1/task.py. The manipulation of the argument callbackurl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is...

7.5CVSS
Exploits0References6
CVE
CVE
added yesterday8 views

CVE-2026-16016

The CVE-2026-16016 entry affects Poco AI’s poco-claw up to version 0.5.4. Affected component: run_task in executor/app/api/v1/task.py. Root cause: manipulation of the callback_url argument enables server-side request forgery (SSRF). Impact: remote exploitation with potential access to internal re...

7.5CVSS7AI score
Exploits0References6
EUVD
EUVD
added yesterday7 views

EUVD-2026-45172

A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function runtask of the file executor/app/api/v1/task.py. The manipulation of the argument callbackurl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is...

7.5CVSS7AI score
Exploits0References6
Cvelist
Cvelist
added yesterday18 views

CVE-2026-16015 poco-ai poco-claw executor_manager API tasks.py create_task missing authentication

A vulnerability was determined in poco-ai poco-claw up to 0.5.4. This vulnerability affects the function createtask of the file executormanager/app/api/v1/tasks.py of the component executormanager API. Executing a manipulation can lead to missing authentication. The exploit has been publicly...

6.3CVSS
Exploits0References13
EUVD
EUVD
added yesterday7 views

EUVD-2026-45171

A vulnerability was determined in poco-ai poco-claw up to 0.5.4. This vulnerability affects the function createtask of the file executormanager/app/api/v1/tasks.py of the component executormanager API. Executing a manipulation can lead to missing authentication. The exploit has been publicly...

6.3CVSS5.9AI score
Exploits0References13
NVD
NVD
added 4 days ago7 views

CVE-2026-15622

A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function getworkspacefile of the file executormanager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument userid can lead to authorization bypass. The attack may be launched...

6.9CVSS0.00353EPSS
Exploits0References8
OSV
OSV
added 4 days ago4 views

CVE-2026-15622 poco-ai poco-claw Workspace API workspace.py get_workspace_file authorization

A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function getworkspacefile of the file executormanager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument userid can lead to authorization bypass. The attack may be launched...

6.9CVSS5.9AI score0.00353EPSS
Exploits0References10
Rows per page
Query Builder