David Gilmore

3 exploits Active since Apr 2026
CVE-2026-7579 WRITEUP HIGH WRITEUP
AstrBotDevs AstrBot Dashboard auth.py hard-coded credentials
A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 7.3
CVE-2026-6636 WRITEUP MEDIUM WRITEUP
p2r3 convert API buildCache.js Bun.serve path traversal
A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.serve of the file buildCache.js of the component API. Performing a manipulation of the argument pathname results in path traversal. It is possible to initiate the attack remotely. The exploit is now public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3
CVE-2026-6635 WRITEUP HIGH WRITEUP
rowboatlabs rowboat tools_webhook app.py tool_call improper authentication
A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the function tool_call of the file apps/experimental/tools_webhook/app.py of the component tools_webhook. Such manipulation of the argument X-Tools-JWE leads to improper authentication. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 7.3