Important: Red Hat Security Advisory: OpenShift Container Platform 4.22.1 security and extras update

Red Hat OpenShift Container Platform release 4.22.1 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.22. Red Hat Product Security has rated this update as having a security impact of...

GHSA-H3RR-9WQJ-V3C6 AstrBot has Incomplete Filtering of Special Elements

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

EUVD-2026-25660

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

PT-2026-35155

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create template of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The...

CVE-2026-6117

A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function installpluginupload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack can be executed...

CVE-2026-6118

A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function addmcpserver of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection. The attack is possible to be carried out...

CVE-2026-6119 AstrBotDevs AstrBot API Endpoint post_data.get server-side request forgery

A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function postdata.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used...

AstrBot 命令注入漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework created by AstrBot. Versions of AstrBot 4.22.1 and earlier contained a command injection vulnerability. This vulnerability stemmed from the improper handling of the command parameter in the addmcpserver function within...

PT-2026-32149

A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install plugin upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack can be executed...

WordPress Word Balloon Plugin <= 4.22.1 is vulnerable to Backdoor

Software Word Balloon Type Plugin Vulnerable versions = 4.22.1 Fixed in 4.22.2 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8a74f733243a Credits Sansec.io Required privilege Unauthenticated Published 3 July, 202...

WordPress Plugin Relevanssi 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Relevanssi plugin <= 4.22.1 - Missing Authorization to Unauthenticated Count Option Update vulnerability

Missing Authorization to Unauthenticated Count Option Update vulnerability discovered by Thura Moe Myint mgthuramoemyint in WordPress Plugin Relevanssi versions = 4.22.1...