Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-55449

AstrBotDevs AstrBot 3.5.15 has AdvancedSystemforTextResponseandBotOperationsTool as the hardcoded private key used to sign a JWT...

7.3CVSS5.4AI score0.00281EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.12 views

CVE-2026-10211

A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected by this issue is the function normalizerwpath of the file astrbot/core/tools/computertools/fs.py. This manipulation causes incorrect authorization. It is possible to initiate the attack remotely. The exploit has been publicly...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 1:30 a.m.8 views

CVE-2026-10212

A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astrmainagent of the file astrbot/core/astrmainagent.py. Such manipulation of the argument sessionid leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly availab...

6.5CVSS6.4AI score0.00211EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/19 1:58 a.m.13 views

CVE-2026-8754

A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...

6.5CVSS5.4AI score0.00358EPSS
Exploits0References1
OSV
OSV
added 2026/05/17 3:31 p.m.9 views

GHSA-F63H-WC26-PMVC AstrBot: File upload vulnerability in the function post_file of the file astrbot/dashboard/routes/chat.py

A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function postfile of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely...

6.3CVSS6.2AI score0.00358EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/08 12:0 a.m.41 views

CVE-2025-55449

AstrBotDevs AstrBot 3.5.15 has AdvancedSystemforTextResponseandBotOperationsTool as the hardcoded private key used to sign a JWT...

0.00281EPSS
Exploits2References2
CVE
CVE
added 2026/05/08 12:0 a.m.65 views

CVE-2025-55449

AstrBot 3.5.15 is vulnerable to remote code execution via a hardcoded JWT signing key: Advanced_System_for_Text_Response_and_Bot_Operations_Tool. An attacker can forge a valid admin JWT and upload a malicious plugin through /api/plugin/install-upload, leading to arbitrary command execution (e.g.,...

7.3CVSS5.8AI score0.00281EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder