Lucene search
K

232 matches found

EUVD
EUVD
added 2026/06/25 6:3 p.m.7 views

EUVD-2026-39517

Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute...

8.8CVSS5.9AI score0.0033EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 6:3 p.m.14 views

CVE-2026-56767

Maxun before version 0.0.42 is affected by a cross-tenant insecure direct object reference in storage and webhook API handlers. Authenticated users can bypass ownership checks to read other users’ robots and OAuth tokens, including plaintext Google and Airtable tokens, and can modify, delete, or ...

8.8CVSS5.9AI score0.0033EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 6:3 p.m.20 views

CVE-2026-56767 Maxun < 0.0.42 - Cross-Tenant IDOR in Storage and Webhook API Handlers

Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute...

8.8CVSS0.0033EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:3 p.m.3 views

CVE-2026-56767 Maxun < 0.0.42 - Cross-Tenant IDOR in Storage and Webhook API Handlers

Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute...

8.7CVSS6AI score0.0033EPSS
Exploits0References7
NVD
NVD
added 2026/06/15 9:16 p.m.11 views

CVE-2025-68840

Unauthenticated Cross Site Scripting XSS in iRobots.txt SEO = 1.1.2 versions...

7.1CVSS0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49350

Unauthenticated Cross Site Scripting XSS in iRobots.txt SEO = 1.1.2 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 2:51 a.m.12 views

Malicious code in express-timer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b4fd1651a86f29904cbafe5a1d50f51a3108413ce0fef61fd92cfc61dedc683 express-timer is a destructive supply-chain attack masquerading as an Express security-headers helper. Three independent harm mechanisms fire on...

5.7AI score
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/21 7:28 p.m.14 views

Crawlee for Python: SSRF via sitemap-derived URLs

Overview - Vulnerability type: Blind SSRF - Affected components: src/crawlee/utils/sitemap.py, src/crawlee/utils/robots.py, src/crawlee/requestloaders/sitemaprequestloader.py, and all built-in HTTP clients. - Trigger: an attacker-controlled sitemap or robots.txt containing a URL that points to an...

2.3CVSS6.4AI score0.00286EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/21 7:28 p.m.34 views

GHSA-3R75-XC34-5F44 Crawlee for Python: SSRF via sitemap-derived URLs

Overview - Vulnerability type: Blind SSRF - Affected components: src/crawlee/utils/sitemap.py, src/crawlee/utils/robots.py, src/crawlee/requestloaders/sitemaprequestloader.py, and all built-in HTTP clients. - Trigger: an attacker-controlled sitemap or robots.txt containing a URL that points to an...

2.3CVSS6.4AI score0.00286EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.16 views

PT-2026-42667

Name of the Vulnerable Software and Affected Versions Crawlee versions 1.0.0 through 1.6.9 Description Crawlee is subject to a blind Server-Side Request Forgery SSRF when processing sitemap-derived URLs or robots.txt directives. The issue occurs when an attacker-controlled sitemap or robots.txt...

2.3CVSS6.3AI score0.00286EPSS
Exploits0References7
ICS
ICS
added 2026/05/14 6:0 a.m.10 views

Universal Robots Polyscope 5

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and execute code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for...

9.8CVSS5.9AI score0.01829EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.12 views

CVE-2026-8153

OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS...

9.8CVSS6AI score0.01829EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/05/11 1:21 p.m.27 views

Yarbo responds to robot flaws that could mow down their owners

A researcher found that Yarbo yard robots came with a host of vulnerabilities which, among others, allowed an attacker to harvest WiFi passwords. Security researcher Andreas Makris found he could remotely hijack thousands of Yarbo yard robots worldwide, and proved it by having his mower run him...

5.7AI score
Exploits0
EUVD
EUVD
added 2026/05/08 12:31 p.m.11 views

EUVD-2026-28548

OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.21.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS...

9.8CVSS6AI score0.01829EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 11:45 a.m.58 views

CVE-2026-8153

CVE-2026-8153 describes an OS command injection in the Dashboard Server interface of Universal Robots’ PolyScope (versions prior to 5.21.1). The vulnerability allows an unauthenticated attacker over the network to craft commands that execute code on the robot’s OS, with critical impact (CVSS v3.1...

9.8CVSS6AI score0.01829EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 11:45 a.m.11 views

CVE-2026-8153

OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS...

9.8CVSS6AI score0.01829EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/08 11:45 a.m.45 views

CVE-2026-8153 Command injection in Dashboard Server interface

OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS...

9.8CVSS0.01829EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.16 views

PT-2026-38911

Name of the Vulnerable Software and Affected Versions Universal Robots PolyScope versions prior to 5.25.1 Description OS command injection in the Dashboard Server interface allows an unauthenticated attacker with network access to the Dashboard Server port to craft commands that execute arbitrary...

9.8CVSS6.2AI score0.01829EPSS
Exploits0References24
Akamai Blog
Akamai Blog
added 2026/03/23 1:0 p.m.6 views

Farming at the Edge: Where Autonomous Robots and Edge Compute Meet

...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/09 12:0 a.m.4 views

Cybersecurity AI: Hacking Consumer Robots in the AI Era

Is robot cybersecurity broken by AI? Consumer robots -- from autonomous lawnmowers to powered exoskeletons and window cleaners -- are rapidly entering homes and workplaces, yet their security remains rooted in assumptions of specialized attacker expertise. This paper presents evidence that...

5.8AI score
Exploits0
Rows per page
Query Builder