Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-184

CWE-184

Incomplete List of Disallowed Inputs

Parent: CWE-693 - Protection Mechanism Failure

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

122 vulnerabilities with CWE-184

CVE-2026-31992 HIGH

OpenClaw < 2026.2.23 - Allowlist Exec-Guard Bypass via env -S

CVE-2026-22175 HIGH

OpenClaw < 2026.2.23 - Exec Approval Bypass via Unrecognized Multiplexer Shell Wrappers

CVE-2026-32128 MEDIUM

fastgpt < 4.14.7 - Arbitrary File Write via stdout File Descriptor Remapping

CVE-2026-28783 CRITICAL

Craft CMS <5.9.0-beta.1/4.17.0-beta.1 - RCE

CVE-2026-28363 CRITICAL

OpenClaw <2026.2.23 - Command Injection

CVE-2026-1773 HIGH

Hitachi Energy RTU500 Series Firmware 12.7.1-12.7.6 - Denial of Service via Invalid U-format Frame

CVE-2026-25951 HIGH

FUXA < 1.2.11 - Authenticated Path Traversal and Remote Code Execution via Nested Traversal Sequences

CVE-2026-22609 HIGH

fickling < 0.1.7 - Incomplete List of Disallowed Inputs in unsafe_imports()

CVE-2026-22608 HIGH

fickling < 0.1.7 - Remote Code Execution via Unblocked ctypes and pydoc Modules

CVE-2026-22607 HIGH

fickling <= 0.1.6 - Incomplete List of Disallowed Inputs in cProfile Module Handling

CVE-2026-22606 HIGH

fickling < 0.1.7 - Incomplete List of Disallowed Inputs in runpy Module Handling

CVE-2025-69277 MEDIUM

libsodium <ad3004e - Memory Corruption

CVE-2025-67748 HIGH

fickling < 0.1.6 - Unsafe Pickle Misclassification via pty Module Import Bypass

CVE-2025-67747 HIGH

fickling < 0.1.6 - Arbitrary Code Execution via Marshal and Types Module Bypass

CVE-2025-67716 MEDIUM

Auth0 Next.js SDK <4.13.0 - Info Disclosure

CVE-2025-61924 LOW

PrestaShop Checkout <4.4.1, 5.0.5 - Info Disclosure

CVE-2025-58361 CRITICAL

promptcraft-forge-studio - Cross-Site Scripting via Incomplete URL Scheme Validation

CVE-2025-58353 HIGH

promptcraft-forge-studio - Cross-Site Scripting via Regex Blacklist Bypass

CVE-2025-48732 HIGH

WWBN AVideo 14.4 and dev master - Remote Code Execution via .phar File Request

CVE-2025-24388 LOW

OTRS 7.0.x 8.0.x 2023.x 2024.x 2025.x and ((OTRS)) Community Edition 6.0.x - Authenticated Parameter Injection

CVE-2025-1484 MEDIUM

Hitachi Energy Asset Suite 9.6.4.4-9.6.4.5 - Stored Cross-Site Scripting via Media Upload Component

CVE-2025-46417 HIGH

Picklescan <0.0.25 - Info Disclosure

CVE-2025-29822 HIGH

Microsoft Office OneNote - Info Disclosure

CVE-2025-1716 CRITICAL

picklescan <0.0.21 - Code Injection

CVE-2024-54149 HIGH

Winter CMS <1.2.7, 1.1.11, 1.0.476 - Auth Bypass

Previous Page 3 of 5 Next

Details

Vulnerabilities 122

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy