Lucene search
+L

60 matches found

EUVD
EUVD
added 3 hours ago7 views

EUVD-2026-45406

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This issue affects the function dispatchIncoming of the file pkg/channels/wecom/wecom.go of the component Group Message Handler. The manipulation results in incorrect authorization. It is possible to launch the attack remotely. T...

6.5CVSS6.2AI score
Exploits0References7
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-45408

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. The affected element is the function handleMessageReceive of the file pkg/channels/feishu/feishu64.go of the component Group Message Handler. Such manipulation leads to missing authorization. The attack can be launched...

6.5CVSS6.1AI score
Exploits0References7
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-45407

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Impacted is the function isPrivateOrRestrictedIP of the file pkg/tools/integration/web.go of the component webfetch. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been made...

6.5CVSS6.1AI score
Exploits0References9
EUVD
EUVD
added 3 hours ago6 views

EUVD-2026-45409

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. The impacted element is an unknown function of the file web/backend/middleware/accesscontrol.go of the component First Run Setup. Performing a manipulation of the argument allowedcidrs results in authentication bypass using alternate...

6.3CVSS5.1AI score
Exploits0References9
CVE
CVE
added yesterday7 views

CVE-2026-16198

The CVE affects Sipeed PicoClaw ≤ 0.2.9, specifically the First Run Setup’s web/backend/middleware/access_control.go where manipulation of the allowed_cidrs argument enables authentication bypass via an alternate channel. The issue can be triggered remotely and has high attack complexity with no ...

6.3CVSS5.1AI score
Exploits0References8
Cvelist
Cvelist
added yesterday10 views

CVE-2026-16197 Sipeed PicoClaw Group Message feishu_64.go handleMessageReceive authorization

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. The affected element is the function handleMessageReceive of the file pkg/channels/feishu/feishu64.go of the component Group Message Handler. Such manipulation leads to missing authorization. The attack can be launched...

6.5CVSS
Exploits0References6
CVE
CVE
added yesterday9 views

CVE-2026-16197

Sipeed PicoClaw

6.5CVSS6.2AI score
Exploits0References6
Cvelist
Cvelist
added yesterday11 views

CVE-2026-16196 Sipeed PicoClaw web_fetch web.go isPrivateOrRestrictedIP server-side request forgery

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Impacted is the function isPrivateOrRestrictedIP of the file pkg/tools/integration/web.go of the component webfetch. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been made...

6.5CVSS
Exploits0References8
CVE
CVE
added yesterday7 views

CVE-2026-16195

The CVE-2026-16195 entry concerns Sipeed PicoClaw up to version 0.2.9. The vulnerability lies in dispatchIncoming within pkg/channels/wecom/wecom.go of the Group Message Handler, where manipulation leads to incorrect authorization. Attack could be launched remotely, and public exploits have been ...

6.5CVSS6.2AI score
Exploits0References6
Cvelist
Cvelist
added yesterday10 views

CVE-2026-16195 Sipeed PicoClaw Group Message wecom.go dispatchIncoming authorization

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This issue affects the function dispatchIncoming of the file pkg/channels/wecom/wecom.go of the component Group Message Handler. The manipulation results in incorrect authorization. It is possible to launch the attack remotely. T...

6.5CVSS
Exploits0References6
CVE
CVE
added yesterday9 views

CVE-2026-16085

The vulnerability CVE-2026-16085 affects Sipeed PicoClaw up to version 0.2.9. It resides in the function NewContextBuilder in pkg/agent/context.go, where manipulation can cause inclusion of functionality from an untrusted control sphere. The attack is local, and the exploit has been publicly disc...

5.3CVSS5.2AI score0.00142EPSS
Exploits0References6
EUVD
EUVD
added yesterday7 views

EUVD-2026-45367

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. This impacts the function webfetch of the file pkg/tools/integration/web.go. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been made available to the public and...

7.5CVSS6.9AI score0.00401EPSS
Exploits0References8
Cvelist
Cvelist
added yesterday14 views

CVE-2026-16083 Sipeed PicoClaw LINE Webhook line.go webhook.ParseRequest authentication replay

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This affects the function webhook.ParseRequest of the file pkg/channels/line/line.go of the component LINE Webhook. The manipulation results in authentication bypass by capture-replay. The attack may be launched remotely. The...

6.9CVSS0.0043EPSS
Exploits0References6
EUVD
EUVD
added yesterday8 views

EUVD-2026-45359

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This affects the function webhook.ParseRequest of the file pkg/channels/line/line.go of the component LINE Webhook. The manipulation results in authentication bypass by capture-replay. The attack may be launched remotely. The...

6.9CVSS5.5AI score0.0043EPSS
Exploits0References6
CVE
CVE
added yesterday7 views

CVE-2026-16083

Affected software: Sipeed PicoClaw up to version 0.2.9, specifically the LINE Webhook component (webhook.ParseRequest in pkg/channels/line/line.go). Vulnerability: Authentication bypass via capture-replay. Remote exploitable condition reported; exploit released publicly. Impact: Authentication by...

6.9CVSS5.5AI score0.0043EPSS
Exploits0References6
EUVD
EUVD
added yesterday7 views

EUVD-2026-45358

A vulnerability was identified in Sipeed PicoClaw up to 0.2.9. The impacted element is the function ExecTool.executeRun of the file pkg/agent/pipelineexecute.go. The manipulation of the argument cwe leads to time-of-check time-of-use. The attack must be carried out locally. The exploit is publicl...

5.3CVSS5.4AI score0.00091EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-16081

A vulnerability was determined in Sipeed PicoClaw up to 0.2.9. The affected element is an unknown function of the file web/backend/api/auth.go. Executing a manipulation can lead to cross-site request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

5.3CVSS4.5AI score0.00166EPSS
Exploits0References8Affected Software1
CVE
CVE
added yesterday7 views

CVE-2026-16081

The CVE-2026-16081 vulnerability affects Sipeed PicoClaw versions up to 0.2.9, with the root cause in an unspecified function within web/backend/api/auth.go. A manipulation can lead to cross-site request forgery (CSRF) and can be triggered remotely. Public exploitation has been disclosed, and a p...

5.3CVSS4.6AI score0.00166EPSS
Exploits0References8
EUVD
EUVD
added yesterday6 views

EUVD-2026-45357

A vulnerability was determined in Sipeed PicoClaw up to 0.2.9. The affected element is an unknown function of the file web/backend/api/auth.go. Executing a manipulation can lead to cross-site request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

5.3CVSS4.5AI score0.00166EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60994

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This issue affects the function dispatchIncoming of the file pkg/channels/wecom/wecom.go of the component Group Message Handler. The manipulation results in incorrect authorization. It is possible to launch the attack remotely. T...

6.5CVSS5.1AI score
Exploits0References6
Rows per page
Query Builder