13 matches found
CVE-2026-29038
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting XSS vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body...
CVE-2026-29065
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. This issue has been patched in version 0.54.4...
CVE-2026-29038
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting XSS vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body...
CVE-2026-29065
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. This issue has been patched in version 0.54.4...
CVE-2026-29065 changedetection.io: Zip Slip vulnerability in the backup restore functionality
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. This issue has been patched in version 0.54.4...
CVE-2026-29065 changedetection.io: Zip Slip vulnerability in the backup restore functionality
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. This issue has been patched in version 0.54.4...
CVE-2026-29039 changedetection.io: XPath - Arbitrary File Read via unparsed-text()
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...
CVE-2026-29039 changedetection.io: XPath - Arbitrary File Read via unparsed-text()
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...
CVE-2026-29039
Changedetection.io prior to 0.54.4 is vulnerable to an Arbitrary File Read via XPath in include_filters, where unparsed-text() can read files accessible to the application. Affected component is the XPath-based content filter processing using the elementpath parser. Impact includes reading sensit...
CVE-2026-29038
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting XSS vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body...
CVE-2026-29038 changedetection.io: Reflected XSS in RSS Tag Error Response
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting XSS vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body...
changedetection.io 代码注入漏洞
changedetection.io is a website-based application developed by dgtlmoon, designed for code inspection, monitoring, and notification. Versions of changedetection.io prior to 0.54.4 contained a code injection vulnerability. This vulnerability stemmed from unvalidated or uncleaned XPath expressions,...
Arbitrary Code Injection
Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Arbitrary Code Injection via the unparsed-text function in XPath expressions processed by the application. An attacker can access and read arbitrary files from the...