Lucene search
+L

56 matches found

CVE
CVE
added yesterday5 views

CVE-2026-16198

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. The impacted element is an unknown function of the file web/backend/middleware/accesscontrol.go of the component First Run Setup. Performing a manipulation of the argument allowedcidrs results in authentication bypass using alternate...

6.3CVSS5.1AI score
Exploits0References8
Cvelist
Cvelist
added yesterday5 views

CVE-2026-16197 Sipeed PicoClaw Group Message feishu_64.go handleMessageReceive authorization

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. The affected element is the function handleMessageReceive of the file pkg/channels/feishu/feishu64.go of the component Group Message Handler. Such manipulation leads to missing authorization. The attack can be launched...

6.5CVSS
Exploits0References6
CVE
CVE
added yesterday7 views

CVE-2026-16197

Sipeed PicoClaw

6.5CVSS6.2AI score
Exploits0References6
Cvelist
Cvelist
added yesterday6 views

CVE-2026-16196 Sipeed PicoClaw web_fetch web.go isPrivateOrRestrictedIP server-side request forgery

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Impacted is the function isPrivateOrRestrictedIP of the file pkg/tools/integration/web.go of the component webfetch. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been made...

6.5CVSS
Exploits0References8
Cvelist
Cvelist
added yesterday5 views

CVE-2026-16195 Sipeed PicoClaw Group Message wecom.go dispatchIncoming authorization

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This issue affects the function dispatchIncoming of the file pkg/channels/wecom/wecom.go of the component Group Message Handler. The manipulation results in incorrect authorization. It is possible to launch the attack remotely. T...

6.5CVSS
Exploits0References6
CVE
CVE
added yesterday7 views

CVE-2026-16195

The CVE-2026-16195 entry concerns Sipeed PicoClaw up to version 0.2.9. The vulnerability lies in dispatchIncoming within pkg/channels/wecom/wecom.go of the Group Message Handler, where manipulation leads to incorrect authorization. Attack could be launched remotely, and public exploits have been ...

6.5CVSS6.2AI score
Exploits0References6
CVE
CVE
added yesterday9 views

CVE-2026-16085

The vulnerability CVE-2026-16085 affects Sipeed PicoClaw up to version 0.2.9. It resides in the function NewContextBuilder in pkg/agent/context.go, where manipulation can cause inclusion of functionality from an untrusted control sphere. The attack is local, and the exploit has been publicly disc...

5.3CVSS5.2AI score0.00142EPSS
Exploits0References6
EUVD
EUVD
added yesterday6 views

EUVD-2026-45367

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. This impacts the function webfetch of the file pkg/tools/integration/web.go. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been made available to the public and...

7.5CVSS6.9AI score0.00401EPSS
Exploits0References8
CVE
CVE
added yesterday7 views

CVE-2026-16083

Affected software: Sipeed PicoClaw up to version 0.2.9, specifically the LINE Webhook component (webhook.ParseRequest in pkg/channels/line/line.go). Vulnerability: Authentication bypass via capture-replay. Remote exploitable condition reported; exploit released publicly. Impact: Authentication by...

6.9CVSS5.5AI score0.0043EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday10 views

CVE-2026-16083 Sipeed PicoClaw LINE Webhook line.go webhook.ParseRequest authentication replay

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This affects the function webhook.ParseRequest of the file pkg/channels/line/line.go of the component LINE Webhook. The manipulation results in authentication bypass by capture-replay. The attack may be launched remotely. The...

6.9CVSS0.0043EPSS
Exploits0References6
EUVD
EUVD
added yesterday8 views

EUVD-2026-45359

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This affects the function webhook.ParseRequest of the file pkg/channels/line/line.go of the component LINE Webhook. The manipulation results in authentication bypass by capture-replay. The attack may be launched remotely. The...

6.9CVSS5.5AI score0.0043EPSS
Exploits0References6
EUVD
EUVD
added yesterday6 views

EUVD-2026-45358

A vulnerability was identified in Sipeed PicoClaw up to 0.2.9. The impacted element is the function ExecTool.executeRun of the file pkg/agent/pipelineexecute.go. The manipulation of the argument cwe leads to time-of-check time-of-use. The attack must be carried out locally. The exploit is publicl...

5.3CVSS5.4AI score0.00091EPSS
Exploits0References6
CVE
CVE
added yesterday7 views

CVE-2026-16081

The CVE-2026-16081 vulnerability affects Sipeed PicoClaw versions up to 0.2.9, with the root cause in an unspecified function within web/backend/api/auth.go. A manipulation can lead to cross-site request forgery (CSRF) and can be triggered remotely. Public exploitation has been disclosed, and a p...

5.3CVSS4.6AI score0.00166EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-16081

A vulnerability was determined in Sipeed PicoClaw up to 0.2.9. The affected element is an unknown function of the file web/backend/api/auth.go. Executing a manipulation can lead to cross-site request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

5.3CVSS4.5AI score0.00166EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added yesterday6 views

EUVD-2026-45357

A vulnerability was determined in Sipeed PicoClaw up to 0.2.9. The affected element is an unknown function of the file web/backend/api/auth.go. Executing a manipulation can lead to cross-site request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

5.3CVSS4.5AI score0.00166EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60994

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This issue affects the function dispatchIncoming of the file pkg/channels/wecom/wecom.go of the component Group Message Handler. The manipulation results in incorrect authorization. It is possible to launch the attack remotely. T...

6.5CVSS5.1AI score
Exploits0References6
NVD
NVD
added 2026/07/10 3:16 a.m.7 views

CVE-2026-15319

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/accesscontrol.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit...

7.5CVSS0.00323EPSS
Exploits0References7
NVD
NVD
added 2026/07/10 3:16 a.m.6 views

CVE-2026-15320

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The...

5.5CVSS0.00234EPSS
Exploits0References6
NVD
NVD
added 2026/07/10 2:16 a.m.8 views

CVE-2026-15318

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...

6.5CVSS0.00214EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/10 2:0 a.m.8 views

CVE-2026-15320

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The...

5.5CVSS5.9AI score0.00234EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder