Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/03/28 11:9 p.m.2 views

CVE-2026-33981

changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the jq: and jqraw: include filter expressions allow use of the jq env builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated user or unauthenticated us...

8.3CVSS5.9AI score0.00018EPSS
Exploits1References1
Veracode
Veracodeadded 2026/03/28 5:23 a.m.3 views

Environment Variable Leak

changedetection.io is vulnerable to Environment Variable Leak. The vulnerability is due to the use of the jq env builtin in include filter expressions, where an authenticated user can leak sensitive environment variables including SALTEDPASS, PLAYWRIGHTDRIVERURL, HTTPPROXY, and any secrets passed...

8.3CVSS5.7AI score0.00018EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2026/03/27 10:1 p.m.12 views

CVE-2026-33981

Technical details for CVE-2026-33981 are not publicly available in the provided documents. No affected products, impact, or remediation are identifiable here. Monitor for updates .

8.3CVSS5.9AI score0.00018EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2026/03/27 10:1 p.m.19 views

CVE-2026-33981 Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters

changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the jq: and jqraw: include filter expressions allow use of the jq env builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated user or unauthenticated us...

8.3CVSS0.00018EPSS
Exploits1References3
NVD
NVDadded 2026/03/23 2:16 p.m.2 views

CVE-2026-4589

A vulnerability was identified in kalcaddle kodbox 1.64. The affected element is the function PathDriverUrl of the file /workspace/source-code/app/controller/explorer/editor.class.php of the component fileGet Endpoint. Such manipulation of the argument path leads to server-side request forgery. T...

6.5CVSS0.0005EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2022/09/02 12:0 a.m.2 views

PT-2022-20605 · Databasir · Databasir

Name of the Vulnerable Software and Affected Versions: Databasir versions 1.06 and earlier Description: The issue allows attackers to perform Server-Side Request Forgery SSRF by sending a single HTTP POST request to create a databaseType. This is achieved by supplying a jdbcDriverFileUrl that...

7.6CVSS7.5AI score0.00306EPSS
Exploits1References5
CNNVD
CNNVDadded 2022/09/02 12:0 a.m.3 views

Databasir 代码问题漏洞

Databasir is a team-oriented document management platform for relational database models. A code issue vulnerability exists in Databasir versions prior to 1.0.7 that stems from a server-side request forgery SSRF vulnerability by providing a jdbcDriverFileUrl that returns a non-200 response code,...

7.6CVSS7.5AI score0.00306EPSS
Exploits1References4
Rows per page
Query Builder