Lucene search
+L

8 matches found

EUVD
EUVD
added 7 hours ago6 views

EUVD-2026-45367

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. This impacts the function webfetch of the file pkg/tools/integration/web.go. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been made available to the public and...

7.5CVSS6.9AI score
Exploits0References8
EUVD
EUVD
added 8 hours ago5 views

EUVD-2026-45357

A vulnerability was determined in Sipeed PicoClaw up to 0.2.9. The affected element is an unknown function of the file web/backend/api/auth.go. Executing a manipulation can lead to cross-site request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

5.3CVSS4.5AI score
Exploits0References8
NVD
NVD
added 2026/07/10 2:16 a.m.7 views

CVE-2026-15318

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...

6.5CVSS0.00214EPSS
Exploits0References6
CVE
CVE
added 2026/07/10 1:30 a.m.9 views

CVE-2026-15318

CVE-2026-15318 affects Sipeed PicoClaw up to version 0.2.9. The vulnerability lies in the MQTT Channel Handler, specifically in the file pkg/channels/mqtt/mqtt.go, where manipulation of the client_id argument leads to incorrect authorization. The issue can be exploited remotely, and public exploi...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References6
CVE
CVE
added 2026/05/27 12:0 a.m.26 views

CVE-2026-36045

CVE-2026-36045 affects picoclaw up to v0.1.2 (and earlier). The issue is an OS command injection in the ExecTool component (pkg/tools/shell.go) caused by an incomplete denylist in guardCommand() that attempts to restrict shell execution. The vulnerability description is consistently reported acro...

7.3CVSS5.9AI score0.01314EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 12:0 a.m.8 views

CVE-2026-36045

picoclaw =v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component pkg/tools/shell.go. The guardCommand function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete...

5.9AI score0.01314EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/25 4:45 p.m.6 views

EUVD-2026-25663

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...

7.5CVSS5.2AI score0.03132EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/25 12:0 a.m.10 views

PT-2026-35158

Name of the Vulnerable Software and Affected Versions PicoClaw versions prior to 0.2.5 Description A command injection flaw exists in the Web Launcher Management Plane component. A remote attacker can perform a manipulation via the '/api/gateway/restart' endpoint to execute arbitrary commands...

9.8CVSS7.4AI score0.03132EPSS
Exploits1References11
Rows per page
Query Builder