CVE-2025-68840

Unauthenticated Cross Site Scripting XSS in iRobots.txt SEO = 1.1.2 versions...

PT-2026-49350

Unauthenticated Cross Site Scripting XSS in iRobots.txt SEO = 1.1.2 versions...

Malicious code in express-timer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b4fd1651a86f29904cbafe5a1d50f51a3108413ce0fef61fd92cfc61dedc683 express-timer is a destructive supply-chain attack masquerading as an Express security-headers helper. Three independent harm mechanisms fire on...

GHSA-3R75-XC34-5F44 Crawlee for Python: SSRF via sitemap-derived URLs

Overview - Vulnerability type: Blind SSRF - Affected components: src/crawlee/utils/sitemap.py, src/crawlee/utils/robots.py, src/crawlee/requestloaders/sitemaprequestloader.py, and all built-in HTTP clients. - Trigger: an attacker-controlled sitemap or robots.txt containing a URL that points to an...

Crawlee for Python: SSRF via sitemap-derived URLs

Overview - Vulnerability type: Blind SSRF - Affected components: src/crawlee/utils/sitemap.py, src/crawlee/utils/robots.py, src/crawlee/requestloaders/sitemaprequestloader.py, and all built-in HTTP clients. - Trigger: an attacker-controlled sitemap or robots.txt containing a URL that points to an...

PT-2026-42667

Name of the Vulnerable Software and Affected Versions Crawlee versions 1.0.0 through 1.6.9 Description Crawlee is subject to a blind Server-Side Request Forgery SSRF when processing sitemap-derived URLs or robots.txt directives. The issue occurs when an attacker-controlled sitemap or robots.txt...

Universal Robots Polyscope 5

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and execute code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for...

CVE-2026-8153

OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS...

Yarbo responds to robot flaws that could mow down their owners

A researcher found that Yarbo yard robots came with a host of vulnerabilities which, among others, allowed an attacker to harvest WiFi passwords. Security researcher Andreas Makris found he could remotely hijack thousands of Yarbo yard robots worldwide, and proved it by having his mower run him...

EUVD-2026-28548

OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.21.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS...

CVE-2026-8153 Command injection in Dashboard Server interface

OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS...

CVE-2026-8153

CVE-2026-8153 describes an OS command injection in the Dashboard Server interface of Universal Robots’ PolyScope (versions prior to 5.21.1). The vulnerability allows an unauthenticated attacker over the network to craft commands that execute code on the robot’s OS, with critical impact (CVSS v3.1...

CVE-2026-8153

OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS...

PT-2026-38911

Name of the Vulnerable Software and Affected Versions Universal Robots PolyScope versions prior to 5.25.1 Description OS command injection in the Dashboard Server interface allows an unauthenticated attacker with network access to the Dashboard Server port to craft commands that execute arbitrary...

Farming at the Edge: Where Autonomous Robots and Edge Compute Meet

...

Cybersecurity AI: Hacking Consumer Robots in the AI Era

Is robot cybersecurity broken by AI? Consumer robots -- from autonomous lawnmowers to powered exoskeletons and window cleaners -- are rapidly entering homes and workplaces, yet their security remains rooted in assumptions of specialized attacker expertise. This paper presents evidence that...

CVE-2025-62148

Cross-Site Request Forgery CSRF vulnerability in Eugen Bobrowski Robots.txt rewrite robotstxt-rewrite allows Cross Site Request Forgery.This issue affects Robots.txt rewrite: from n/a through = 1.6.1...

CVE-2025-62148 WordPress Robots.txt rewrite plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Eugen Bobrowski Robots.txt rewrite robotstxt-rewrite allows Cross Site Request Forgery.This issue affects Robots.txt rewrite: from n/a through = 1.6.1...

EUVD-2025-206020

Cross-Site Request Forgery CSRF vulnerability in Eugen Bobrowski Robots.Txt rewrite allows Cross Site Request Forgery.This issue affects Robots.Txt rewrite: from n/a through 1.6.1...

WordPress plugin Robots.Txt rewrite 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...