Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-184

CWE-184

Incomplete List of Disallowed Inputs

Parent: CWE-693 - Protection Mechanism Failure

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

122 vulnerabilities with CWE-184

CVE-2026-41361 HIGH

OpenClaw < 2026.3.28 - SSRF Guard Bypass via IPv6 Special-Use Ranges

CVE-2026-41332 MEDIUM

OpenClaw < 2026.3.28 - Code Execution via Missing Environment Variable Blocklist

CVE-2026-41264 CRITICAL

Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability

CVE-2026-41206 HIGH

PySpector <0.1.8 PluginSecurity.validate_plugin_code - Code Execution Bypass

CVE-2026-34415 CRITICAL

Xerte Online Toolkits File Upload RCE via elfinder Connector

CVE-2026-26274 MEDIUM

October: Safe Mode Bypass via Twig Database Write Operations

CVE-2026-26067 MEDIUM

October: Safe Mode Bypass via CSS Preprocessor Compilers

CVE-2026-25525 MEDIUM

OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module

CVE-2026-40077 LOW

Beszel <0.18.7 Hub API - Insecure Direct Object Reference

CVE-2026-39315 MEDIUM

Unhead <2.1.13 hasDangerousProtocol() - Protocol Filter Bypass

CVE-2026-34177 CRITICAL

VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf

CVE-2026-35410 MEDIUM

Directus <11.16.1 OAuth2/SAML Login - Open Redirect

CVE-2026-34426 HIGH

OpenClaw - Approval Bypass via Environment Variable Normalization

CVE-2026-34425 MEDIUM

OpenClaw - Shell-Bleed Protection Preflight Validation Bypass

CVE-2026-35000 MEDIUM

ChangeDetection.io < 0.54.7 SafeXPath3Parser Bypass Arbitrary File Read

CVE-2026-34430 HIGH

ByteDance DeerFlow LocalSandboxProvider Host Bash Escape

CVE-2026-33628 MEDIUM

Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items

CVE-2026-33396 CRITICAL

OneUptime has sandbox escape in Synthetic Monitor Playwright runtime allows project members to execute arbitrary commands on Probe

CVE-2026-4509 MEDIUM

PbootCMS File Upload file.php incomplete blacklist

CVE-2026-33139 HIGH

PySpector: Plugin Sandbox Bypass leads to Arbitrary Code Execution

CVE-2026-32940 CRITICAL

SiYuan <3.6.1 getDynamicIcon - Cross-Site Scripting

CVE-2026-32022 MEDIUM

OpenClaw < 2026.2.21 - Arbitrary File Read via grep -e Flag Policy Bypass

CVE-2026-32017 HIGH

OpenClaw < 2026.2.19 - Arbitrary File Write via Short-Option Bypass in exec Allowlist

CVE-2026-32747 MEDIUM

SiYuan: Incomplete sensitive path blocklist in globalCopyFiles allows reading /proc and Docker secrets

CVE-2026-31993 MEDIUM

OpenClaw < 2026.2.22 - Allowlist Parsing Mismatch in system.run Shell Chains

Previous Page 2 of 5 Next

Details

Vulnerabilities 122

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy