Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2026/05/17 3:31 p.m.21 views

AstrBot: File upload vulnerability in the function post_file of the file astrbot/dashboard/routes/chat.py

A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...

6.5CVSS6.2AI score0.00358EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:15 p.m.8 views

CVE-2026-8754

A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...

6.5CVSS6.2AI score0.00358EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2026/05/01 12:30 p.m.10 views

Use of Hard-coded Password

Overview AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Use of Hard-coded Password in the Dashboard process due to the use of hard-coded credentials in astrbot/dashboard/routes/auth.py. An attacker can gain unauthorized access and potentially compromise...

7.5CVSS7.1AI score0.00288EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/01 11:30 a.m.30 views

CVE-2026-7579 AstrBotDevs AstrBot Dashboard auth.py hard-coded credentials

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The...

7.5CVSS0.00288EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/01 11:30 a.m.3 views

CVE-2026-7579 AstrBotDevs AstrBot Dashboard auth.py hard-coded credentials

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The...

7.5CVSS6.6AI score0.00288EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/27 7:23 p.m.7 views

CVE-2026-6984

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

5.8CVSS4.8AI score0.00299EPSS
Exploits0References1
CVE
CVE
added 2026/04/25 3:30 p.m.18 views

CVE-2026-6984

AstrBotDevs AstrBot up to version 4.22.1 contains a vulnerability in the Dashboard API, specifically in the create_template function (astrbot/dashboard/routes/t2i.py). The issue is improper neutralization of special elements used in the template engine, enabling remote execution. Public exploit i...

5.8CVSS4.9AI score0.00299EPSS
Exploits0References5
Rows per page
Query Builder