Lucene search
K

108 matches found

Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28583

Name of the Vulnerable Software and Affected Versions changedetection.io versions prior to 0.54.7 Description The jq: and jqraw: include filter expressions in changedetection.io allow the use of the jq env builtin, which reads all process environment variables and stores them as the watch snapsho...

8.3CVSS5.9AI score0.00475EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/03/07 7:59 a.m.5 views

CVE-2026-29038

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting XSS vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body...

6.1CVSS5.6AI score0.00282EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/07 7:59 a.m.6 views

CVE-2026-29065

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. This issue has been patched in version 0.54.4...

9.3CVSS5.8AI score0.00527EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/07 7:59 a.m.4 views

CVE-2026-29039

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...

9.3CVSS5.8AI score0.00484EPSS
Exploits1References1
Veracode
Veracode
added 2026/03/07 5:8 a.m.6 views

Path Traversal

changedetection.io is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during the backup restore process, which allows an attacker to upload a crafted ZIP archive containing path traversal sequences and overwrite arbitrary files on the system...

9.3CVSS5.9AI score0.00527EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/03/06 7:16 a.m.7 views

CVE-2026-29039

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...

9.3CVSS0.00484EPSS
Exploits1References3
OSV
OSV
added 2026/03/06 6:54 a.m.3 views

CVE-2026-29065 changedetection.io: Zip Slip vulnerability in the backup restore functionality

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. This issue has been patched in version 0.54.4...

9.3CVSS5.8AI score0.00527EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/06 6:54 a.m.5 views

CVE-2026-29039

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...

9.3CVSS5.8AI score0.00484EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/06 6:54 a.m.7 views

CVE-2026-29039 changedetection.io: XPath - Arbitrary File Read via unparsed-text()

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...

9.3CVSS5.8AI score0.00484EPSS
Exploits1References3
OSV
OSV
added 2026/03/06 6:53 a.m.3 views

CVE-2026-29038 changedetection.io: Reflected XSS in RSS Tag Error Response

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting XSS vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body...

6.1CVSS5.6AI score0.00282EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.9 views

changedetection.io 代码注入漏洞

changedetection.io is a website-based application developed by dgtlmoon, designed for code inspection, monitoring, and notification. Versions of changedetection.io prior to 0.54.4 contained a code injection vulnerability. This vulnerability stemmed from unvalidated or uncleaned XPath expressions,...

9.3CVSS5.9AI score0.00484EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/04 8:59 p.m.3 views

Arbitrary Code Injection

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Arbitrary Code Injection via the unparsed-text function in XPath expressions processed by the application. An attacker can access and read arbitrary files from the...

9.3CVSS5.9AI score0.00484EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/04 8:59 p.m.7 views

changedetection.io vulnerable to XPath - Arbitrary File Read via unparsed-text()

Summary - The changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which implements XPath 3.0/3.1 specification. - XPath 3.0 includes the unparsed-text function...

9.3CVSS6AI score0.00484EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/02/25 7:8 p.m.7 views

EUVD-2026-8622

changedetection.io is Vulnerable to SSRF via Watch URLs...

8.6CVSS5.2AI score0.00445EPSS
Exploits1References3
OSV
OSV
added 2026/02/25 7:7 p.m.5 views

GHSA-MW8M-398G-H89W changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response

Summary Three security vulnerabilities were identified in changedetection.io through source code review and live validation against a locally deployed Docker instance. All vulnerabilities were confirmed exploitable on the latest version 0.53.6 it was additionally validated at scale against 500...

6.1CVSS5.8AI score0.00445EPSS
Exploits1References4
OSV
OSV
added 2026/02/25 4:16 a.m.5 views

CVE-2026-27696 changedetection.io Vulnerable to Server-Side Request Forgery (SSRF) via Watch URLs

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private,...

8.6CVSS5.7AI score0.00445EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/25 4:16 a.m.4 views

CVE-2026-27696 changedetection.io Vulnerable to Server-Side Request Forgery (SSRF) via Watch URLs

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private,...

8.6CVSS5.5AI score0.00445EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/25 4:16 a.m.23 views

CVE-2026-27696 changedetection.io Vulnerable to Server-Side Request Forgery (SSRF) via Watch URLs

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private,...

8.6CVSS0.00445EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/25 4:16 a.m.6 views

CVE-2026-27696

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private,...

8.6CVSS5.5AI score0.00445EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/02/25 4:6 a.m.34 views

CVE-2026-27645

CVE-2026-27645 : In affected changedetection.io versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Because Flask returns text/html by default for plain string responses, the browser may parse and execu...

6.1CVSS5.4AI score0.00445EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder