Lucene search
+L

10 matches found

CVE
CVE
added yesterday11 views

CVE-2026-16198

The CVE affects Sipeed PicoClaw ≤ 0.2.9, specifically the First Run Setup’s web/backend/middleware/access_control.go where manipulation of the allowed_cidrs argument enables authentication bypass via an alternate channel. The issue can be triggered remotely and has high attack complexity with no ...

6.3CVSS5.1AI score
Exploits0References8
Cvelist
Cvelist
added yesterday34 views

CVE-2026-16197 Sipeed PicoClaw Group Message feishu_64.go handleMessageReceive authorization

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. The affected element is the function handleMessageReceive of the file pkg/channels/feishu/feishu64.go of the component Group Message Handler. Such manipulation leads to missing authorization. The attack can be launched...

6.5CVSS
Exploits0References6
EUVD
EUVD
added yesterday7 views

EUVD-2026-45367

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. This impacts the function webfetch of the file pkg/tools/integration/web.go. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been made available to the public and...

7.5CVSS6.9AI score0.00401EPSS
Exploits0References8
EUVD
EUVD
added yesterday12 views

EUVD-2026-45357

A vulnerability was determined in Sipeed PicoClaw up to 0.2.9. The affected element is an unknown function of the file web/backend/api/auth.go. Executing a manipulation can lead to cross-site request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

5.3CVSS4.5AI score0.00166EPSS
Exploits0References8
NVD
NVD
added 2026/07/10 2:16 a.m.11 views

CVE-2026-15318

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...

6.5CVSS0.00214EPSS
Exploits0References6
CVE
CVE
added 2026/07/10 1:30 a.m.11 views

CVE-2026-15318

CVE-2026-15318 affects Sipeed PicoClaw up to version 0.2.9. The vulnerability lies in the MQTT Channel Handler, specifically in the file pkg/channels/mqtt/mqtt.go, where manipulation of the client_id argument leads to incorrect authorization. The issue can be exploited remotely, and public exploi...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/27 12:0 a.m.9 views

CVE-2026-36045

picoclaw =v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component pkg/tools/shell.go. The guardCommand function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete...

5.9AI score0.01314EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 12:0 a.m.27 views

CVE-2026-36045

CVE-2026-36045 affects picoclaw up to v0.1.2 (and earlier). The issue is an OS command injection in the ExecTool component (pkg/tools/shell.go) caused by an incomplete denylist in guardCommand() that attempts to restrict shell execution. The vulnerability description is consistently reported acro...

7.3CVSS5.9AI score0.01314EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/25 4:45 p.m.6 views

EUVD-2026-25663

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...

7.5CVSS5.2AI score0.03132EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/25 12:0 a.m.11 views

PT-2026-35158

Name of the Vulnerable Software and Affected Versions PicoClaw versions prior to 0.2.5 Description A command injection flaw exists in the Web Launcher Management Plane component. A remote attacker can perform a manipulation via the '/api/gateway/restart' endpoint to execute arbitrary commands...

9.8CVSS7.4AI score0.03132EPSS
Exploits1References11
Rows per page
Query Builder