VYPR

CWE-184

Incomplete List of Disallowed Inputs

BaseDraft

Description

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

Hierarchy (View 1000)

Children

Related attack patterns (CAPEC)

CAPEC-120 · CAPEC-15 · CAPEC-182 · CAPEC-3 · CAPEC-43 · CAPEC-6 · CAPEC-71 · CAPEC-73 · CAPEC-85

CVEs mapped to this weakness (119)

page 3 of 6
  • CVE-2026-43532HigMay 5, 2026
    risk 0.43cvss 7.7epss 0.00

    OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media.

  • CVE-2026-26274MedApr 21, 2026
    risk 0.43cvss 6.6epss 0.00

    October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safe_mode is enabled. Backend users with Developer permissions could use…

  • CVE-2026-31952HigApr 24, 2026
    risk 0.42cvss 7.6epss 0.00

    Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API routes inside the CMS responsible for Filtering DataSets. This allows an…

  • CVE-2026-34426HigApr 2, 2026
    risk 0.42cvss 7.6epss 0.00

    OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval…

  • CVE-2025-1484MedMay 30, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a request that will cause…

  • CVE-2016-7076MedMay 29, 2018
    risk 0.42cvss 6.4epss 0.00

    sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly…

  • CVE-2026-44287MedMay 29, 2026
    risk 0.41cvss 6.3epss 0.00

    FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() with the regex /\bimport\s*\(/.test(code). JavaScript syntax accepts a block comment between import and (; the…

  • CVE-2026-54513higJun 23, 2026
    risk 0.39cvss epss 0.01

    ## Summary `BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray()` allowlists any array type based only on `clazz.isArray()`, without validating the array's component (element) type against the configured allowlist. A PTV built with `allowIfSubTypeIsArray()` plus an…

  • CVE-2026-54512higJun 23, 2026
    risk 0.39cvss epss 0.01

    `jackson-databind`'s `PolymorphicTypeValidator` (PTV) is the primary safety mechanism guarding polymorphic deserialization. When polymorphic typing is enabled and a type identifier contains generic parameters (i.e. the type ID string contains `<`),…

  • CVE-2026-54090higJun 12, 2026
    risk 0.39cvss epss 0.00

    > [!NOTE] > **This feature has been disabled by default for all installations from v2.33.8 onwards, including for existent installations**. To exploit this vulnerability, the instance administrator must turn on a feature and ignore all the warnings about known vulnerabilities.…

  • CVE-2026-45037HigMay 15, 2026
    risk 0.39cvss 7.1epss 0.00

    Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to…

  • CVE-2026-41361HigApr 23, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections.

  • CVE-2026-41392MedApr 28, 2026
    risk 0.37cvss 6.7epss 0.00

    OpenClaw before 2026.3.31 contains an exec allowlist bypass vulnerability allowing attackers to inherit allowlist trust via shell init-file wrapper invocations. Attackers can exploit shell options like --rcfile, --init-file, and --startup-file to load attacker-chosen…

  • CVE-2026-53861MedJun 16, 2026
    risk 0.36cvss 6.6epss 0.00

    OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses combined POSIX inline-command flags. Attackers can execute shell content outside the intended allowlist check by using combined flag forms, potentially allowing…

  • CVE-2026-44462MedMay 28, 2026
    risk 0.35cvss 6.4epss 0.00

    Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining (${var@P}), allowing arbitrary command execution under an allowlisted command prefix. This vulnerability is fixed in 0.229.0.

  • CVE-2026-41369MedApr 28, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can exploit this by injecting malicious environment variables to override…

  • CVE-2026-35000MedApr 1, 2026
    risk 0.35cvss 6.5epss 0.00

    ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation that allows attackers to read arbitrary local files by using unblocked XPath 3.0/3.1 functions such as json-doc() and similar file-access primitives.…

  • CVE-2026-32022MedMar 19, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand…

  • CVE-2026-4509MedMar 21, 2026
    risk 0.34cvss 6.3epss 0.00

    A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The attack may be launched remotely. The…

  • CVE-2026-39315MedApr 9, 2026
    risk 0.33cvss 6.1epss 0.00

    Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe() is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content in safely. Internally, the hasDangerousProtocol() function in…