104 matches found
CVE-2025-61587
CVE-2025-61587 affects Weblate (web-based localization tool). Open redirect in versions 5.13.2 and below via the redir parameter when Weblate is configured with Anubis and REDIRECT_DOMAINS is not set. An attacker can craft a URL on the legitimate domain that redirects victims to attacker-controll...
CVE-2025-61587 Weblate integration with Anubis can lead to Open Redirect via redir parameter
Weblate is a web based localization tool. An open redirect exists in versions 5.13.2 and below via the redir parameter on .within.website when Weblate is configured with Anubis and REDIRECTDOMAINS is not set. An attacker can craft a URL on the legitimate domain that redirects a victim to an...
WordPress Anubis theme <= 1.25 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Anubis versions = 1.25...
Cross-Site Scripting (XSS)
github.com/techarohq/anubis is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of the ?redir= parameter in the /.within.website/x/cmd/anubis/api/pass-challenge route, which allows an attacker to craft malicious pass-challenge pages that execute arbitrary...
CVE-2025-54414
Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in order to protect upstream resources from scraper bots. In versions 1.21.2 and below, attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...
CVE-2025-54414
Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in order to protect upstream resources from scraper bots. In versions 1.21.2 and below, attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...
CVE-2025-54414 Anubis accepts crafted redirect URLs in pass-challenge 'Try Again' buttons
Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in order to protect upstream resources from scraper bots. In versions 1.21.2 and below, attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...
CVE-2025-54414 Anubis accepts crafted redirect URLs in pass-challenge 'Try Again' buttons
Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in order to protect upstream resources from scraper bots. In versions 1.21.2 and below, attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...
CVE-2025-54414
CVE-2025-54414 affects TecharoHQ Anubis Web AI Firewall Utility (versions 1.21.2 and earlier). The vulnerability arises from malicious pass-challenge pages that can cause a user to execute arbitrary JavaScript or trigger nonstandard URL schemes via the PassChallenge flow, specifically the route /...
Anubis 安全漏洞
Anubis is a tool for Xe Iaso Individual Developers. A security vulnerability exists in Anubis 1.21.2 and earlier versions that originates from a malicious pass-challenge page could lead to the execution of arbitrary JavaScript code...
PT-2025-30951 · Anubis · Anubis
Name of the Vulnerable Software and Affected Versions: Anubis versions 1.21.2 and below Description: Anubis is a Web AI Firewall Utility designed to protect upstream resources from scraper bots. Attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...
Anubis Ransomware Encrypts and Wipes Files, Making Recovery Impossible Even After Payment
An emerging ransomware strain has been discovered incorporating capabilities to encrypt files as well as permanently erase them, a development that has been described as a "rare dual-threat." "The ransomware features a 'wipe mode,' which permanently erases files, rendering recovery impossible eve...
FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites
The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis not to be confused with an Android banking trojan of the same name that can grant them remote access to compromised Windows systems. "This malware allows attackers to execute remote shell...
SUSE CVE-2025-24369
Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce suc...
Bot Protection Bypass
Anubis is vulnerable to Bot Protection Bypass. The vulnerability is due to insufficient validation due to allowing attackers to specify a nonce and set the challenge difficulty to zero, effectively bypassing the bot protection mechanism...
CVE-2025-24369
Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce suc...
CVE-2025-24369
CVE-2025-24369 concerns the Anubis bot-protection tool (github.com/Xe/x). The issue: an attacker can bypass the bot-checking defense by requesting a challenge and then submitting it with a client-specified difficulty value of 0, effectively defeating the PoW hurdle. The root cause; behavior is mi...
CVE-2025-24369 Anubis has a bot protection bypass when a sophisticated attacker asks to pass a challenge of difficulty 0
Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce suc...
CVE-2025-24369 Anubis has a bot protection bypass when a sophisticated attacker asks to pass a challenge of difficulty 0
Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce suc...
CVE-2025-24369 Anubis has a bot protection bypass when a sophisticated attacker asks to pass a challenge of difficulty 0
Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce suc...