GHSA-H3RR-9WQJ-V3C6 AstrBot has Incomplete Filtering of Special Elements

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

EUVD-2026-25660

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

PT-2026-35155

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create template of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The...

CVE-2026-6117

A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function installpluginupload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack can be executed...

CVE-2026-6118

A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function addmcpserver of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection. The attack is possible to be carried out...

CVE-2026-6119 AstrBotDevs AstrBot API Endpoint post_data.get server-side request forgery

A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function postdata.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used...

PT-2026-32149

A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install plugin upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack can be executed...

AstrBot 命令注入漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework created by AstrBot. Versions of AstrBot 4.22.1 and earlier contained a command injection vulnerability. This vulnerability stemmed from the improper handling of the command parameter in the addmcpserver function within...

WordPress Word Balloon Plugin <= 4.22.1 is vulnerable to Backdoor

Software Word Balloon Type Plugin Vulnerable versions = 4.22.1 Fixed in 4.22.2 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8a74f733243a Credits Sansec.io Required privilege Unauthenticated Published 3 July, 202...

WordPress Plugin Relevanssi 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Relevanssi plugin <= 4.22.1 - Missing Authorization to Unauthenticated Count Option Update vulnerability

Missing Authorization to Unauthenticated Count Option Update vulnerability discovered by Thura Moe Myint mgthuramoemyint in WordPress Plugin Relevanssi versions = 4.22.1...