Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-184

CWE-184

Incomplete List of Disallowed Inputs

Parent: CWE-693 - Protection Mechanism Failure

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

122 vulnerabilities with CWE-184

CVE-2024-52595 HIGH

lxml_html_clean < 0.4.0 - Cross-Site Scripting via Improper Context-Switching Tag Handling

CVE-2024-51745 CRITICAL

Wasmtime < 24.0.2 - Unauthenticated Filesystem Sandbox Bypass via Superscript Digit Device Filenames

CVE-2024-32152 LOW

Anki < 24.6 - Arbitrary File Creation via LaTeX Blocklist Bypass

CVE-2024-5217 CRITICAL KEV

ServiceNow Washington DC and Vancouver - Unauthenticated Remote Code Execution

CVE-2024-5178 MEDIUM

ServiceNow Now Platform - Sensitive File Read via Unauthorized Access

CVE-2024-30103 HIGH

Microsoft Outlook - Remote Code Execution

CVE-2024-23336 MEDIUM

MyBB < 1.8.38 - Server-Side Request Forgery via Incomplete Disallowed Remote Addresses List

CVE-2024-20278 MEDIUM

Cisco IOS XE - Privilege Escalation

CVE-2024-28246 MEDIUM

KaTeX 0.11.0-0.16.9 - Cross-Site Scripting via Uppercase Protocol Bypass

CVE-2023-45593 MEDIUM

AiLux imx6 <imx6_1.0.7-2 - Info Disclosure

CVE-2023-45133 CRITICAL

Babel traverse <7.23.2 and 8.0.0-alpha.4 - Code Execution via path.evaluate

CVE-2023-3374 CRITICAL

Unisign Bookreen <3.0.0 - Privilege Escalation

CVE-2023-40037 MEDIUM

Apache NiFi 1.21.0-1.23.0 - Authenticated Connection URL Validation Bypass via Custom Input Formatting

CVE-2023-23844 HIGH

SolarWinds Platform - Privilege Escalation

CVE-2023-34253 HIGH

Grav < 1.7.42 - Authenticated Remote Code Execution via Template Injection Denylist Bypass

CVE-2023-34252 HIGH

Grav < 1.7.42 - Authenticated Remote Code Execution via Twig Filter Array Bypass

CVE-2023-2017 HIGH

Shopware 6 <= v6.4.20.0,v6.5.0.0-rc1 <= v6.5.0.0-rc4 - Code Injection

CVE-2023-29003 HIGH

SvelteKit < 1.15.1 - CSRF Protection Bypass via Content-Type Header

CVE-2022-50238 HIGH

Windows < Server 2025 - Incomplete Driver Blocklist Synchronization

CVE-2022-34888 LOW

Lenovo ThinkAgile VX3331 Firmware < 1.80_afbt20n - Authenticated Internal Service Access via Remote Mount Feature

CVE-2022-43396 HIGH

Blacklist Bypass - Command Injection

CVE-2022-23536 MEDIUM

Cortex <1.14.0 - Local File Inclusion

CVE-2022-32763 MEDIUM

Lansweeper 10.1.1.0 - Cross-Site Scripting via SanitizeHtml Bypass

CVE-2022-35962 HIGH

Zulip Mobile <27.189 - Info Disclosure

CVE-2022-38179 MEDIUM

JetBrains Ktor <2.1.0 - Code Injection

Previous Page 4 of 5 Next

Details

Vulnerabilities 122

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy