Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2025/11/07 6:30 p.m.10 views

AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64

AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function encodeimagebs64. Since the encodeimagebs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimac...

6.5CVSS6.9AI score0.00308EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2025/11/07 12:0 a.m.24 views

CVE-2025-57697

AstrBot Project v3.5.22 contains an arbitrary file read vulnerability in the _encode_image_bs64 function (entities.py), where the function opens a user-provided image path and returns its content base64-encoded without validating the path. This path-traversal/unsafe file read leads to potential s...

6.5CVSS6.5AI score0.00308EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-20223

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00545EPSS
Exploits1References4
OSV
OSV
added 2025/07/07 12:21 p.m.6 views

CVE-2025-6209 Arbitrary File Read through Path Traversal in run-llama/llama_index

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

7.5CVSS6AI score0.00545EPSS
Exploits1References4
Rows per page
Query Builder