Lucene search
K

141 matches found

EUVD
EUVD
added yesterday8 views

EUVD-2026-43237

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.testmcpconnection of the file astrbot/dashboard/routes/tools.py of the component MCP Test Endpoint. The manipulation of the argument mcpserverconfig.url leads to...

6.5CVSS6.2AI score
Exploits0References5
CVE
CVE
added yesterday15 views

CVE-2026-15501

CVE-2026-15501 affects AstrBot (up to version 4.25.2). The vulnerability is in the function ToolsRoute.test_mcp_connection (astrbot/dashboard/routes/tools.py, MCP Test Endpoint), where manipulating mcp_server_config.url leads to server-side request forgery (SSRF). The attack is remotely exploitab...

6.5CVSS6.2AI score
Exploits0References5
EUVD
EUVD
added yesterday7 views

EUVD-2026-43222

A weakness has been identified in AstrBotDevs AstrBot up to 4.25.2. Affected by this vulnerability is the function getonlineplugins of the file astrbot/dashboard/routes/plugin.py of the component marketlist Endpoint. Executing a manipulation of the argument customregistry can lead to server-side...

6.5CVSS6.4AI score
Exploits0References6
CVE
CVE
added yesterday6 views

CVE-2026-15499

AstrBotDevs AstrBot (versions up to 4.25.2) contains a vulnerability in the function FutureTaskTool.call (astrbot/core/tools/cron_tools.py). Manipulating payload["note"] leads to improper authorization, enabling remote exploitation. Public exploit availability is reported. No remediation details ...

6.5CVSS6.3AI score
Exploits0References5
EUVD
EUVD
added yesterday7 views

EUVD-2026-43221

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/crontools.py of the component Scheduled Task Handler. Performing a manipulation of the argument payload"note" results in improper authorization...

6.5CVSS6.3AI score
Exploits0References5
Nuclei
Nuclei
added yesterday15 views

AstrBot <= 4.22.1 - Command Injection

AstrBot versions up to and including 4.22.1 contain a command injection vulnerability in the MCP server configuration endpoint. The /api/tools/mcp/add endpoint accepts arbitrary command and args fields that are passed directly to subprocess execution during the connection test, without any...

6.5CVSS6.9AI score0.02304EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-55449

AstrBotDevs AstrBot 3.5.15 has AdvancedSystemforTextResponseandBotOperationsTool as the hardcoded private key used to sign a JWT...

7.3CVSS5.4AI score0.00281EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.12 views

CVE-2026-10211

A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected by this issue is the function normalizerwpath of the file astrbot/core/tools/computertools/fs.py. This manipulation causes incorrect authorization. It is possible to initiate the attack remotely. The exploit has been publicly...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-10213

A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. This vulnerability affects unknown code of the file /api/skills/delete of the component API Endpoint. Performing a manipulation of the argument Name results in path traversal. The attack can be initiated remotely. The exploit has...

5.5CVSS5.6AI score0.00372EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-10210

A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function sanitizepromptdescription of the file astrbot/core/skills/skillmanager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and...

6.5CVSS6.1AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-10212

A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astrmainagent of the file astrbot/core/astrmainagent.py. Such manipulation of the argument sessionid leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly availab...

6.5CVSS6.3AI score0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 3:16 a.m.16 views

CVE-2026-10213

A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. This vulnerability affects unknown code of the file /api/skills/delete of the component API Endpoint. Performing a manipulation of the argument Name results in path traversal. The attack can be initiated remotely. The exploit has...

5.5CVSS0.00372EPSS
Exploits0References5
NVD
NVD
added 2026/06/01 2:16 a.m.13 views

CVE-2026-10211

A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected by this issue is the function normalizerwpath of the file astrbot/core/tools/computertools/fs.py. This manipulation causes incorrect authorization. It is possible to initiate the attack remotely. The exploit has been publicly...

6.5CVSS0.00201EPSS
Exploits0References5
NVD
NVD
added 2026/06/01 2:16 a.m.12 views

CVE-2026-10210

A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function sanitizepromptdescription of the file astrbot/core/skills/skillmanager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and...

6.5CVSS0.00228EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/01 1:45 a.m.51 views

CVE-2026-10213 AstrBotDevs AstrBot API Endpoint delete path traversal

A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. This vulnerability affects unknown code of the file /api/skills/delete of the component API Endpoint. Performing a manipulation of the argument Name results in path traversal. The attack can be initiated remotely. The exploit has...

5.5CVSS0.00372EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/01 1:45 a.m.11 views

CVE-2026-10213 AstrBotDevs AstrBot API Endpoint delete path traversal

A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. This vulnerability affects unknown code of the file /api/skills/delete of the component API Endpoint. Performing a manipulation of the argument Name results in path traversal. The attack can be initiated remotely. The exploit has...

5.5CVSS5.5AI score0.00372EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/01 1:45 a.m.11 views

EUVD-2026-33534

A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. This vulnerability affects unknown code of the file /api/skills/delete of the component API Endpoint. Performing a manipulation of the argument Name results in path traversal. The attack can be initiated remotely. The exploit has...

5.5CVSS5.7AI score0.00372EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/01 1:45 a.m.7 views

CVE-2026-10213

A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. This vulnerability affects unknown code of the file /api/skills/delete of the component API Endpoint. Performing a manipulation of the argument Name results in path traversal. The attack can be initiated remotely. The exploit has...

5.5CVSS5.7AI score0.00372EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/01 1:45 a.m.29 views

CVE-2026-10213

AstrBotDevs AstrBot 4.23.6 contains a path traversal flaw in the API endpoint /api/skills/delete. Manipulating the Name argument reportedly allows traversal of the filesystem. The issue is exploitable remotely, and an exploit has been released publicly. Vendor response is noted as none. The descr...

5.5CVSS5.7AI score0.00372EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/01 1:30 a.m.47 views

CVE-2026-10212 AstrBotDevs AstrBot astr_main_agent.py astr_main_agent authorization

A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astrmainagent of the file astrbot/core/astrmainagent.py. Such manipulation of the argument sessionid leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly availab...

6.5CVSS0.00211EPSS
Exploits0References5
Rows per page
Query Builder