CWE-184— Incomplete List of Disallowed Inputs
105 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-184page 3 of 3
- CVE-2026-44993MEDIUMCVSS 5.4EG 5.42026-05-11
OpenClaw before 2026.4.20 contains a message classification vulnerability in Feishu card-action callbacks that misclassifies direct messages as group conversations. Attackers can bypass dmPolicy enforcement by triggering card-action flows …
- CVE-2026-45006HIGHCVSS 8.8EG 8.82026-05-11
OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete deny…
- CVE-2026-45037HIGHCVSS 7.1EG 7.12026-05-15
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This all…
- CVE-2026-45741HIGHCVSS 7.5EG 7.52026-05-29
Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixes ### Summary `IsPublicIP` in `pkg/gotenberg/outbound.go` incorrectly classifies IPv6 6to4 / NAT64 / deprecated site-local addresses as public…
- CVE-2026-48557HIGHCVSS 8.8EG 8.82026-05-29
Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer(). The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg …
Map vulnerabilities like CWE-184 to your infrastructure
EchelonGraph correlates every CVE — across CWE-184 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →