Lucene search
+L

172 matches found

Nuclei
Nuclei
added yesterday20 views

AstrBot <= 4.22.1 - Command Injection

AstrBot versions up to and including 4.22.1 contain a command injection vulnerability in the MCP server configuration endpoint. The /api/tools/mcp/add endpoint accepts arbitrary command and args fields that are passed directly to subprocess execution during the connection test, without any...

6.5CVSS7.1AI score0.02304EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2026-16077

A vulnerability was found in AstrBotDevs AstrBot up to 4.25.5. Impacted is the function normalizerwpath of the file astrbot/core/tools/computertools/fs.py of the component Filesystem Computer-Use Tool. Performing a manipulation results in link following. The attack is only possible with local...

5.3CVSS5.3AI score0.00168EPSS
Exploits0References5Affected Software1
CVE
CVE
added yesterday7 views

CVE-2026-16077

AstrBotDevs AstrBot up to 4.25.5 is affected by a vulnerability in the function _normalize_rw_path within astrbot/core/tools/computer_tools/fs.py of the Filesystem Computer-Use Tool. The issue arises from a manipulation that enables link following, with exploitation possible only from local acces...

5.3CVSS5.4AI score0.00168EPSS
Exploits0References5
EUVD
EUVD
added yesterday6 views

EUVD-2026-45356

A vulnerability was found in AstrBotDevs AstrBot up to 4.25.5. Impacted is the function normalizerwpath of the file astrbot/core/tools/computertools/fs.py of the component Filesystem Computer-Use Tool. Performing a manipulation results in link following. The attack is only possible with local...

5.3CVSS5.3AI score0.00168EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2026-16076

A vulnerability has been found in AstrBotDevs AstrBot up to 4.25.5. This issue affects the function OpenApiRoute.chatsend of the file astrbot/dashboard/routes/openapi.py of the component API. Such manipulation of the argument Username leads to authentication bypass by spoofing. It is possible to...

6.5CVSS6.1AI score0.00291EPSS
Exploits0References5Affected Software1
CVE
CVE
added yesterday11 views

CVE-2026-16076

AstrBot up to version 4.25.5 is affected by CVE-2026-16076. The vulnerability occurs in OpenApiRoute.chat_send (astrbot/dashboard/routes/open_api.py) where manipulation of the Username argument leads to authentication bypass by spoofing. The issue is exploitable remotely, the exploit is publicly ...

6.5CVSS6.2AI score0.00291EPSS
Exploits0References5
EUVD
EUVD
added yesterday9 views

EUVD-2026-45355

A vulnerability has been found in AstrBotDevs AstrBot up to 4.25.5. This issue affects the function OpenApiRoute.chatsend of the file astrbot/dashboard/routes/openapi.py of the component API. Such manipulation of the argument Username leads to authentication bypass by spoofing. It is possible to...

6.5CVSS6.2AI score0.00291EPSS
Exploits0References5
NVD
NVD
added yesterday9 views

CVE-2026-16075

A flaw has been found in AstrBotDevs AstrBot up to 4.25.5. This vulnerability affects the function OpenApiRoute.getchatsessions of the file astrbot/dashboard/routes/openapi.py of the component session-listing Endpoint. This manipulation of the argument Username causes authorization bypass. It is...

5.3CVSS0.00218EPSS
Exploits0References5
CVE
CVE
added yesterday12 views

CVE-2026-16075

CVE-2026-16075 affects AstrBotDevs AstrBot up to 4.25.5. The flaw is in the function OpenApiRoute.get_chat_sessions (file astrbot/dashboard/routes/open_api.py) of the session-listing Endpoint. By manipulating the Username argument, an authorization bypass is possible, and the issue can be exploit...

5.3CVSS4.9AI score0.00218EPSS
Exploits0References5
EUVD
EUVD
added yesterday9 views

EUVD-2026-45353

A flaw has been found in AstrBotDevs AstrBot up to 4.25.5. This vulnerability affects the function OpenApiRoute.getchatsessions of the file astrbot/dashboard/routes/openapi.py of the component session-listing Endpoint. This manipulation of the argument Username causes authorization bypass. It is...

5.3CVSS5.1AI score0.00218EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday12 views

PT-2026-60919

A flaw has been found in AstrBotDevs AstrBot up to 4.25.5. This vulnerability affects the function OpenApiRoute.get chat sessions of the file astrbot/dashboard/routes/open api.py of the component session-listing Endpoint. This manipulation of the argument Username causes authorization bypass. It ...

5.3CVSS4.9AI score0.00218EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-16074 AstrBotDevs AstrBot Plugin Update plugin.py update_all_plugins server-side request forgery

A vulnerability was detected in AstrBotDevs AstrBot up to 4.25.2. This affects the function updateplugin/updateallplugins of the file astrbot/dashboard/routes/plugin.py of the component Plugin Update Handler. The manipulation of the argument downloadurl/downloadurls/proxy results in server-side...

6.5CVSS0.00201EPSS
Exploits0References5
CVE
CVE
added 2 days ago10 views

CVE-2026-16074

CVE-2026-16074 affects AstrBot up to version 4.25.2. The vulnerability lies in the function update_plugin/update_all_plugins (file astrbot/dashboard/routes/plugin.py) where manipulation of the arguments download_url/download_urls/proxy enables server-side request forgery (SSRF). Exploitation may ...

6.5CVSS6.1AI score0.00201EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-45315

A vulnerability was detected in AstrBotDevs AstrBot up to 4.25.2. This affects the function updateplugin/updateallplugins of the file astrbot/dashboard/routes/plugin.py of the component Plugin Update Handler. The manipulation of the argument downloadurl/downloadurls/proxy results in server-side...

6.5CVSS6.1AI score0.00201EPSS
Exploits0References5
NVD
NVD
added 2 days ago8 views

CVE-2026-16073

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function Star.texttoimage/NetworkRenderStrategy.render of the file astrbot/core/star/base.py of the component T2I Feature. The manipulation leads to cross site scripting. The attack is...

5.1CVSS0.00191EPSS
Exploits0References5
CVE
CVE
added 2 days ago7 views

CVE-2026-16073

Technical details are not publicly available in the provided documents. Monitor for updates.

5.1CVSS3.4AI score0.00191EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-16073 AstrBotDevs AstrBot T2I Feature base.py NetworkRenderStrategy.render cross site scripting

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function Star.texttoimage/NetworkRenderStrategy.render of the file astrbot/core/star/base.py of the component T2I Feature. The manipulation leads to cross site scripting. The attack is...

5.1CVSS0.00191EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago10 views

EUVD-2026-45244

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function Star.texttoimage/NetworkRenderStrategy.render of the file astrbot/core/star/base.py of the component T2I Feature. The manipulation leads to cross site scripting. The attack is...

5.1CVSS3.6AI score0.00191EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-60836

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function Star.text to image/NetworkRenderStrategy.render of the file astrbot/core/star/base.py of the component T2I Feature. The manipulation leads to cross site scripting. The attack is...

5.1CVSS3.4AI score0.00191EPSS
Exploits0References5
NVD
NVD
added last week8 views

CVE-2026-15501

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.testmcpconnection of the file astrbot/dashboard/routes/tools.py of the component MCP Test Endpoint. The manipulation of the argument mcpserverconfig.url leads to...

6.5CVSS0.00206EPSS
Exploits0References5
Rows per page
Query Builder