Lucene search
+L

29 matches found

CVE
CVE
added 11 hours ago9 views

CVE-2026-16085

The vulnerability CVE-2026-16085 affects Sipeed PicoClaw up to version 0.2.9. It resides in the function NewContextBuilder in pkg/agent/context.go, where manipulation can cause inclusion of functionality from an untrusted control sphere. The attack is local, and the exploit has been publicly disc...

5.3CVSS5.2AI score
Exploits0References6
EUVD
EUVD
added 11 hours ago5 views

EUVD-2026-45368

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. Affected is the function NewContextBuilder of the file pkg/agent/context.go. Such manipulation leads to inclusion of functionality from untrusted control sphere. The attack needs to be performed locally. The exploit has be...

5.3CVSS5.2AI score
Exploits0References6
CVE
CVE
added 11 hours ago6 views

CVE-2026-16083

Affected software: Sipeed PicoClaw up to version 0.2.9, specifically the LINE Webhook component (webhook.ParseRequest in pkg/channels/line/line.go). Vulnerability: Authentication bypass via capture-replay. Remote exploitable condition reported; exploit released publicly. Impact: Authentication by...

6.9CVSS5.5AI score
Exploits0References6
Cvelist
Cvelist
added 11 hours ago9 views

CVE-2026-16083 Sipeed PicoClaw LINE Webhook line.go webhook.ParseRequest authentication replay

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This affects the function webhook.ParseRequest of the file pkg/channels/line/line.go of the component LINE Webhook. The manipulation results in authentication bypass by capture-replay. The attack may be launched remotely. The...

6.9CVSS
Exploits0References6
EUVD
EUVD
added 11 hours ago8 views

EUVD-2026-45359

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This affects the function webhook.ParseRequest of the file pkg/channels/line/line.go of the component LINE Webhook. The manipulation results in authentication bypass by capture-replay. The attack may be launched remotely. The...

6.9CVSS5.5AI score
Exploits0References6
EUVD
EUVD
added 12 hours ago6 views

EUVD-2026-45358

A vulnerability was identified in Sipeed PicoClaw up to 0.2.9. The impacted element is the function ExecTool.executeRun of the file pkg/agent/pipelineexecute.go. The manipulation of the argument cwe leads to time-of-check time-of-use. The attack must be carried out locally. The exploit is publicl...

5.3CVSS5.4AI score
Exploits0References6
CVE
CVE
added 12 hours ago6 views

CVE-2026-16081

The CVE-2026-16081 vulnerability affects Sipeed PicoClaw versions up to 0.2.9, with the root cause in an unspecified function within web/backend/api/auth.go. A manipulation can lead to cross-site request forgery (CSRF) and can be triggered remotely. Public exploitation has been disclosed, and a p...

5.3CVSS4.6AI score
Exploits0References8
ATTACKERKB
ATTACKERKB
added 12 hours ago5 views

CVE-2026-16081

A vulnerability was determined in Sipeed PicoClaw up to 0.2.9. The affected element is an unknown function of the file web/backend/api/auth.go. Executing a manipulation can lead to cross-site request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

5.3CVSS4.5AI score
Exploits0References8Affected Software1
NVD
NVD
added 2026/07/10 3:16 a.m.6 views

CVE-2026-15320

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The...

5.5CVSS0.00234EPSS
Exploits0References6
NVD
NVD
added 2026/07/10 3:16 a.m.7 views

CVE-2026-15319

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/accesscontrol.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit...

7.5CVSS0.00323EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/10 2:0 a.m.8 views

CVE-2026-15320

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The...

5.5CVSS5.9AI score0.00234EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/07/10 2:0 a.m.36 views

CVE-2026-15320 Sipeed PicoClaw pico.go rt.ReloadConfig authorization

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The...

5.5CVSS0.00234EPSS
Exploits0References6
OSV
OSV
added 2026/07/10 2:0 a.m.4 views

CVE-2026-15320 Sipeed PicoClaw pico.go rt.ReloadConfig authorization

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The...

5.3CVSS6AI score0.00234EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/10 1:45 a.m.8 views

EUVD-2026-42775

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/accesscontrol.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit...

7.5CVSS6.4AI score0.00323EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/10 1:45 a.m.11 views

CVE-2026-15319

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/accesscontrol.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit...

7.5CVSS6.4AI score0.00323EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/07/10 1:30 a.m.8 views

EUVD-2026-42765

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/10 1:30 a.m.35 views

CVE-2026-15318 Sipeed PicoClaw MQTT Channel mqtt.go authorization

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...

6.5CVSS0.00214EPSS
Exploits0References6
OSV
OSV
added 2026/07/10 1:30 a.m.2 views

CVE-2026-15318 Sipeed PicoClaw MQTT Channel mqtt.go authorization

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...

5.3CVSS6.3AI score0.00214EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/10 1:30 a.m.9 views

CVE-2026-15318

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/07/10 12:0 a.m.11 views

EUVD-2026-42757

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation results in server-side request forgery. The attack can be...

7.5CVSS6.2AI score0.00247EPSS
Exploits0References6
Rows per page
Query Builder