OpenProject < 12.5.4 - Project Identifiers Exposure

OpenProject versions before 12.5.6 generate a publicly accessible robots.txt file revealing project identifiers, even if the instance is set to 'Login required', letting attackers gather project info, exploit requires no authentication. id: CVE-2023-33960 info: name: OpenProject 12.5.4 - Project...

PT-2026-42590

Overview - Vulnerability type: Blind SSRF - Affected components: src/crawlee/ utils/sitemap.py, src/crawlee/ utils/robots.py, src/crawlee/request loaders/ sitemap request loader.py, and all built-in HTTP clients. - Trigger: an attacker-controlled sitemap or robots.txt containing a URL that points...

CVE-2019-20885

An issue was discovered in Mattermost Server before 5.8.0. It does not always generate a robots.txt file...

CVE-2023-25706

Cross-Site Request Forgery CSRF vulnerability in Pagup WordPress Robots.Txt optimization plugin = 1.4.5 versions...

CVE-2025-62148

Cross-Site Request Forgery CSRF vulnerability in Eugen Bobrowski Robots.txt rewrite robotstxt-rewrite allows Cross Site Request Forgery.This issue affects Robots.txt rewrite: from n/a through = 1.6.1...

CVE-2025-62148

CVE-2025-62148 is a CSRF vulnerability in the Robots.txt rewrite plugin for WordPress (robotstxt-rewrite). Affected versions are from unspecified baseline to and including 1.6.1. The description notes CSRF exposure but does not provide exploit paths, vulnerable functions, or a confirmed remediati...

CVE-2025-62148 WordPress Robots.txt rewrite plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Eugen Bobrowski Robots.txt rewrite robotstxt-rewrite allows Cross Site Request Forgery.This issue affects Robots.txt rewrite: from n/a through = 1.6.1...

WordPress Robots.txt rewrite plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Robots.txt rewrite versions = 1.6.1...

EUVD-2017-15705

Malware in sbrugna...

EUVD-2019-11422

Malware in sbrugna...

EUVD-2021-14822

Malware in sbrugna...

EUVD-2023-38091

Malicious code in bioql PyPI...

Perplexity AI ignores no-crawling rules on websites, crawls them anyway

Imagine putting up a no-trespassing sign for people walking their dogs, and then finding out that one person dresses up their Great Dane as a calf and walks it on your grounds. Well that's sort of what AI answer engine Perplexity has been doing, by evading the no-crawl directives of websites,...

CVE-2023-33960

OpenProject is web-based project management software. For any OpenProject installation, a robots.txt file is generated through the server to denote which routes shall or shall not be accessed by crawlers. These routes contain project identifiers of all public projects in the instance. Prior to...

CVE-2021-28121

Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt field...

CVE-2024-6797

The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6797

The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6797

The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6797

CVE-2024-6797 affects the DL Robots.txt WordPress plugin (versions ≤ 1.2). The vulnerability arises from insufficient sanitisation/escaping of certain settings, enabling Stored Cross-Site Scripting for high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). ...

CVE-2024-6797 DL Robots.txt <= 1.2 - Admin+ Stored XSS

The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...