Fallos del tipo CWE-184
134 resultadosCVE-2026-32940CRITICALSiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183)EPSS 0.3%CVE-2026-32128MEDIUMFastGPT Python Sandbox Bypass of File-Write RestrictionEPSS 0.3%CVE-2026-31993MEDIUMOpenClaw < 2026.2.22 - Allowlist Parsing Mismatch in system.run Shell ChainsEPSS 0.3%CVE-2026-4509MEDIUMPbootCMS File Upload file.php incomplete blacklistEPSS 0.3%CVE-2026-42590HIGHGotenberg: ExifTool group-prefix syntax bypasses dangerous-tag blocklistEPSS 0.3%CVE-2026-43578CRITICALOpenClaw 2026.3.31 < 2026.4.10 - Privilege Escalation via Missed Async Exec Completion Events in Heartbeat Owner DowngradeEPSS 0.3%CVE-2026-39315MEDIUMUnhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe()EPSS 0.3%CVE-2026-35000HIGHChangeDetection.io < 0.54.7 SafeXPath3Parser Bypass Arbitrary File ReadEPSS 0.3%CVE-2026-44993LOWOpenClaw < 2026.4.20 - Direct Message Misclassification in Feishu Card ActionsEPSS 0.3%CVE-2023-45593MEDIUMA CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLsEPSS 0.3%CVE-2025-58361CRITICALPromptcraft Forge Studio's incomplete URL check is vulnerable to XSS via SVGEPSS 0.3%CVE-2026-53855HIGHOpenClaw < 2026.4.2 - Shell Positional Parameters Bypass in Inline-Eval ChecksEPSS 0.3%CVE-2026-34426MEDIUMOpenClaw - Approval Bypass via Environment Variable NormalizationEPSS 0.3%CVE-2026-43532MEDIUMOpenClaw 2026.4.7 < 2026.4.10 - Sandbox Media Normalization Bypass via Discord Event Cover ImageEPSS 0.3%CVE-2026-32022MEDIUMOpenClaw < 2026.2.21 - Arbitrary File Read via grep -e Flag Policy BypassEPSS 0.3%CVE-2026-32017MEDIUMOpenClaw < 2026.2.19 - Arbitrary File Write via Short-Option Bypass in exec AllowlistEPSS 0.3%CVE-2026-35410MEDIUMDirectus has an Open Redirect via Parser Bypass in OAuth2/SAML Authentication FlowEPSS 0.3%CVE-2026-53864HIGHOpenClaw < 2026.5.26 - Insufficient Environment Variable Sanitization in Node.js Control VariablesEPSS 0.2%CVE-2025-61924LOWPrestaShop Checkout Target PayPal merchant account hijacking from backofficeEPSS 0.2%CVE-2026-26067MEDIUMOctober: Safe Mode Bypass via CSS Preprocessor CompilersEPSS 0.2%