Lucene search
+L

104 matches found

CVE
CVE
added 2025/10/01 10:1 p.m.18 views

CVE-2025-61587

CVE-2025-61587 affects Weblate (web-based localization tool). Open redirect in versions 5.13.2 and below via the redir parameter when Weblate is configured with Anubis and REDIRECT_DOMAINS is not set. An attacker can craft a URL on the legitimate domain that redirects victims to attacker-controll...

6.1CVSS6.3AI score0.00365EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/10/01 10:1 p.m.9 views

CVE-2025-61587 Weblate integration with Anubis can lead to Open Redirect via redir parameter

Weblate is a web based localization tool. An open redirect exists in versions 5.13.2 and below via the redir parameter on .within.website when Weblate is configured with Anubis and REDIRECTDOMAINS is not set. An attacker can craft a URL on the legitimate domain that redirects a victim to an...

2.1CVSS6.6AI score0.00365EPSS
Exploits1References6
Patchstack
Patchstack
added 2025/08/22 1:2 p.m.5 views

WordPress Anubis theme <= 1.25 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Anubis versions = 1.25...

8.1CVSS7AI score0.00431EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2025/08/11 10:10 a.m.9 views

Cross-Site Scripting (XSS)

github.com/techarohq/anubis is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of the ?redir= parameter in the /.within.website/x/cmd/anubis/api/pass-challenge route, which allows an attacker to craft malicious pass-challenge pages that execute arbitrary...

5.1CVSS6.7AI score0.0048EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/28 4:32 a.m.26 views

CVE-2025-54414

Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in order to protect upstream resources from scraper bots. In versions 1.21.2 and below, attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...

5.1CVSS7.9AI score0.0048EPSS
Exploits0References1
NVD
NVD
added 2025/07/26 4:16 a.m.39 views

CVE-2025-54414

Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in order to protect upstream resources from scraper bots. In versions 1.21.2 and below, attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...

5.1CVSS0.0048EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/26 3:30 a.m.8 views

CVE-2025-54414 Anubis accepts crafted redirect URLs in pass-challenge 'Try Again' buttons

Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in order to protect upstream resources from scraper bots. In versions 1.21.2 and below, attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...

5.1CVSS7.1AI score0.0048EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/26 3:30 a.m.47 views

CVE-2025-54414 Anubis accepts crafted redirect URLs in pass-challenge 'Try Again' buttons

Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in order to protect upstream resources from scraper bots. In versions 1.21.2 and below, attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...

5.1CVSS0.0048EPSS
Exploits0References3
CVE
CVE
added 2025/07/26 3:30 a.m.63 views

CVE-2025-54414

CVE-2025-54414 affects TecharoHQ Anubis Web AI Firewall Utility (versions 1.21.2 and earlier). The vulnerability arises from malicious pass-challenge pages that can cause a user to execute arbitrary JavaScript or trigger nonstandard URL schemes via the PassChallenge flow, specifically the route /...

5.1CVSS7.1AI score0.0048EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/26 12:0 a.m.7 views

Anubis 安全漏洞

Anubis is a tool for Xe Iaso Individual Developers. A security vulnerability exists in Anubis 1.21.2 and earlier versions that originates from a malicious pass-challenge page could lead to the execution of arbitrary JavaScript code...

5.1CVSS6.6AI score0.0048EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/07/26 12:0 a.m.9 views

PT-2025-30951 · Anubis · Anubis

Name of the Vulnerable Software and Affected Versions: Anubis versions 1.21.2 and below Description: Anubis is a Web AI Firewall Utility designed to protect upstream resources from scraper bots. Attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...

5.1CVSS7AI score0.0048EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2025/06/16 2:21 p.m.13 views

Anubis Ransomware Encrypts and Wipes Files, Making Recovery Impossible Even After Payment

An emerging ransomware strain has been discovered incorporating capabilities to encrypt files as well as permanently erase them, a development that has been described as a "rare dual-threat." "The ransomware features a 'wipe mode,' which permanently erases files, rendering recovery impossible eve...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/02 6:52 a.m.14 views

FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites

The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis not to be confused with an Android banking trojan of the same name that can grant them remote access to compromised Windows systems. "This malware allows attackers to execute remote shell...

7.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2025/02/05 3:47 a.m.7 views

SUSE CVE-2025-24369

Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce suc...

2.3CVSS6.9AI score0.004EPSS
Exploits0References3
Veracode
Veracode
added 2025/01/31 5:27 a.m.344 views

Bot Protection Bypass

Anubis is vulnerable to Bot Protection Bypass. The vulnerability is due to insufficient validation due to allowing attackers to specify a nonce and set the challenge difficulty to zero, effectively bypassing the bot protection mechanism...

2.3CVSS6.5AI score0.004EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2025/01/27 11:15 p.m.10 views

CVE-2025-24369

Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce suc...

2.3CVSS0.004EPSS
Exploits0References4
CVE
CVE
added 2025/01/27 10:57 p.m.74 views

CVE-2025-24369

CVE-2025-24369 concerns the Anubis bot-protection tool (github.com/Xe/x). The issue: an attacker can bypass the bot-checking defense by requesting a challenge and then submitting it with a client-specified difficulty value of 0, effectively defeating the PoW hurdle. The root cause; behavior is mi...

2.3CVSS7AI score0.004EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/01/27 10:57 p.m.8 views

CVE-2025-24369 Anubis has a bot protection bypass when a sophisticated attacker asks to pass a challenge of difficulty 0

Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce suc...

2.3CVSS6.5AI score0.004EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/01/27 10:57 p.m.27 views

CVE-2025-24369 Anubis has a bot protection bypass when a sophisticated attacker asks to pass a challenge of difficulty 0

Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce suc...

2.3CVSS0.004EPSS
Exploits0References4
OSV
OSV
added 2025/01/27 10:57 p.m.9 views

CVE-2025-24369 Anubis has a bot protection bypass when a sophisticated attacker asks to pass a challenge of difficulty 0

Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce suc...

2.3CVSS6.7AI score0.004EPSS
Exploits0References6
Rows per page
Query Builder