Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-184

CWE-184

Incomplete List of Disallowed Inputs

Parent: CWE-693 - Protection Mechanism Failure

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

102 vulnerabilities with CWE-184

CVE-2026-32940 CRITICAL

SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183)

CVE-2026-32022 MEDIUM

OpenClaw < 2026.2.21 - Arbitrary File Read via grep -e Flag Policy Bypass

CVE-2026-32017 HIGH

OpenClaw < 2026.2.19 - Arbitrary File Write via Short-Option Bypass in exec Allowlist

CVE-2026-32747 MEDIUM

SiYuan: Incomplete sensitive path blocklist in globalCopyFiles allows reading /proc and Docker secrets

CVE-2026-31993 MEDIUM

OpenClaw < 2026.2.22 - Allowlist Parsing Mismatch in system.run Shell Chains

CVE-2026-31992 HIGH

OpenClaw < 2026.2.23 - Allowlist Exec-Guard Bypass via env -S

CVE-2026-22175 HIGH

OpenClaw < 2026.2.23 - Exec Approval Bypass via Unrecognized Multiplexer Shell Wrappers

CVE-2026-32128 MEDIUM

FastGPT <=4.14.7 - Auth Bypass

CVE-2026-28783 CRITICAL

Craft CMS <5.9.0-beta.1/4.17.0-beta.1 - RCE

CVE-2026-28363 CRITICAL

OpenClaw <2026.2.23 - Command Injection

CVE-2026-1773 HIGH

IEC 60870-5-104 - DoS

CVE-2026-25951 HIGH

Frangoteam Fuxa < 1.2.11 - Path Traversal

CVE-2026-22609 HIGH

Fickling <0.1.7 - Code Injection

CVE-2026-22608 HIGH

Fickling <0.1.7 - RCE

CVE-2026-22607 HIGH

Fickling <0.1.6 - Code Injection

CVE-2026-22606 HIGH

Fickling <0.1.6 - Code Injection

CVE-2025-69277 MEDIUM

libsodium <ad3004e - Memory Corruption

CVE-2025-67748 HIGH

Trailofbits Fickling < 0.1.6 - Insecure Deserialization

CVE-2025-67747 HIGH

Fickling <0.1.6 - Code Injection

CVE-2025-67716 MEDIUM

Auth0 Next.js SDK <4.13.0 - Info Disclosure

CVE-2025-61924 LOW

PrestaShop Checkout <4.4.1, 5.0.5 - Info Disclosure

CVE-2025-58361 CRITICAL

Promptcraft Forge Studio - XSS

CVE-2025-58353 HIGH

Promptcraft Forge Studio - XSS

CVE-2025-48732 HIGH

WWBN AVideo <14.4 - RCE

CVE-2025-24388 LOW

OTRS <8 - Command Injection

Previous Page 2 of 5 Next

Details

Vulnerabilities 102

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy