Lucene search
K

34 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-15319

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/accesscontrol.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit...

7.5CVSS0.00323EPSS
Exploits0References7
NVD
NVD
added 4 days ago6 views

CVE-2026-15320

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The...

5.5CVSS0.00234EPSS
Exploits0References6
NVD
NVD
added 4 days ago5 views

CVE-2026-15318

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...

6.5CVSS0.00214EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-15320 Sipeed PicoClaw pico.go rt.ReloadConfig authorization

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The...

5.5CVSS0.00234EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-15320

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The...

5.5CVSS5.9AI score0.00234EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42776

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The...

5.5CVSS5.9AI score0.00234EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42775

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/accesscontrol.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit...

7.5CVSS6.4AI score0.00323EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 4 days ago9 views

CVE-2026-15319

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/accesscontrol.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit...

7.5CVSS6.4AI score0.00323EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-15318 Sipeed PicoClaw MQTT Channel mqtt.go authorization

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...

6.5CVSS0.00214EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42765

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-15318

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References6Affected Software1
CVE
CVE
added 4 days ago7 views

CVE-2026-15318

CVE-2026-15318 affects Sipeed PicoClaw up to version 0.2.9. The vulnerability lies in the MQTT Channel Handler, specifically in the file pkg/channels/mqtt/mqtt.go, where manipulation of the client_id argument leads to incorrect authorization. The issue can be exploited remotely, and public exploi...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42757

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation results in server-side request forgery. The attack can be...

7.5CVSS6.2AI score0.00247EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-15317 Sipeed PicoClaw Guarded Web Fetch Flow web.go WebFetchTool.Execute server-side request forgery

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation results in server-side request forgery. The attack can be...

7.5CVSS0.00247EPSS
Exploits0References6
CVE
CVE
added 4 days ago11 views

CVE-2026-15317

Sipeed PicoClaw

7.5CVSS6.2AI score0.00247EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/28 2:14 p.m.12 views

CVE-2026-36045

picoclaw =v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component pkg/tools/shell.go. The guardCommand function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete...

7.3CVSS5.9AI score0.01314EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 3:33 p.m.4 views

GHSA-CV2P-68F4-F4PW picoclaw is vulnerable to OS command injection via the ExecTool component

picoclaw =v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component pkg/tools/shell.go. The guardCommand function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete...

7.3CVSS5.9AI score0.01314EPSS
Exploits0References5
NVD
NVD
added 2026/05/27 2:16 p.m.14 views

CVE-2026-36045

picoclaw =v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component pkg/tools/shell.go. The guardCommand function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete...

7.3CVSS0.01314EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 12:0 a.m.42 views

CVE-2026-36045

picoclaw =v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component pkg/tools/shell.go. The guardCommand function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete...

0.01314EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

PicoClaw 安全漏洞

PicoClaw is a super-lightweight personal AI assistant tool developed by Sipeed. Versions of PicoClaw up to v0.1.2 contained security vulnerabilities. These vulnerabilities stemmed from the guardCommand function in the ExecTool component, which used incomplete 8 regular expression blacklists to...

7.3CVSS5.8AI score0.01314EPSS
Exploits0References3
Rows per page
Query Builder