Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-184 (不完整的黑名单) — Vulnerability Class 74

74 vulnerabilities classified as CWE-184 (不完整的黑名单). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-41361 OpenClaw < 2026.3.28 - SSRF Guard Bypass via IPv6 Special-Use Ranges — OpenClaw 7.1 High2026-04-23
CVE-2026-41332 OpenClaw < 2026.3.28 - Code Execution via Missing Environment Variable Blocklist — OpenClaw 5.3 Medium2026-04-23
CVE-2026-41264 Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability — Flowise 9.8AICriticalAI2026-04-23
CVE-2026-41206 PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code — PySpector 8.8AIHighAI2026-04-23
CVE-2026-34415 Xerte Online Toolkits File Upload RCE via elfinder Connector — xerteonlinetoolkits 9.8 Critical2026-04-22
CVE-2026-26274 October: Safe Mode Bypass via Twig Database Write Operations — october 6.6 Medium2026-04-21
CVE-2026-40077 Beszel has an IDOR in hub API endpoints that read system ID from URL parameter — beszel 3.5 Low2026-04-09
CVE-2026-39315 Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe() — unhead 6.1 Medium2026-04-09
CVE-2026-34177 VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf — lxd 9.1 Critical2026-04-09
CVE-2026-35410 Directus has an Open Redirect via Parser Bypass in OAuth2/SAML Authentication Flow — directus 6.1 Medium2026-04-06
CVE-2026-34426 OpenClaw - Approval Bypass via Environment Variable Normalization — OpenClaw 7.6 High2026-04-02
CVE-2026-34425 OpenClaw - Shell-Bleed Protection Preflight Validation Bypass — OpenClaw 5.4 Medium2026-04-02
CVE-2026-35000 ChangeDetection.io < 0.54.7 SafeXPath3Parser Bypass Arbitrary File Read — ChangeDetection.io 6.5 Medium2026-04-01
CVE-2026-34430 ByteDance DeerFlow LocalSandboxProvider Host Bash Escape — DeerFlow 8.8 High2026-04-01
CVE-2026-4509 PbootCMS File Upload file.php incomplete blacklist — PbootCMS 6.3 Medium2026-03-21
CVE-2026-33139 PySpector: Plugin Sandbox Bypass leads to Arbitrary Code Execution — PySpector 9.8 -2026-03-20
CVE-2026-32022 OpenClaw < 2026.2.21 - Arbitrary File Read via grep -e Flag Policy Bypass — OpenClaw 6.5 Medium2026-03-19
CVE-2026-32017 OpenClaw < 2026.2.19 - Arbitrary File Write via Short-Option Bypass in exec Allowlist — OpenClaw 7.1 High2026-03-19
CVE-2026-31993 OpenClaw < 2026.2.22 - Allowlist Parsing Mismatch in system.run Shell Chains — OpenClaw 4.8 Medium2026-03-19
CVE-2026-31992 OpenClaw < 2026.2.23 - Allowlist Exec-Guard Bypass via env -S — OpenClaw 7.1 High2026-03-19
CVE-2026-22175 OpenClaw < 2026.2.23 - Exec Approval Bypass via Unrecognized Multiplexer Shell Wrappers — OpenClaw 7.1 High2026-03-18
CVE-2026-32128 FastGPT Python Sandbox Bypass of File-Write Restriction — FastGPT 6.3 Medium2026-03-11
CVE-2026-28363 OpenClaw 安全漏洞 — OpenClaw 9.9 Critical2026-02-27
CVE-2026-1773 Hitachi Energy RTU500 安全漏洞 — RTU500 series CMU firmware 7.5AIHighAI2026-02-24
CVE-2026-22609 Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist — fickling 9.8 -2026-01-10
CVE-2026-22608 Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection — fickling 9.8 -2026-01-10
CVE-2026-22607 Fickling Blocklist Bypass: cProfile.run() — fickling 9.8 -2026-01-10
CVE-2026-22606 Fickling has a bypass via runpy.run_path() and runpy.run_module() — fickling 9.8 -2026-01-10
CVE-2025-69277 libsodium 安全漏洞 — libsodium 4.5 Medium2025-12-31
CVE-2025-67748 Fickling has Code Injection vulnerability via pty.spawn() — fickling 9.1AICriticalAI2025-12-16

Vulnerabilities classified as CWE-184 (不完整的黑名单) represent 74 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.