Open redirect vulnerability

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines whether a URL is safe to redirect to in the default login flow: A URL containing relative path segments ./ or ../ is validated before the servlet container collapses those segments into a protocol-relative URL starting with...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via insufficient validation of user-supplied URLs in the Focus component. An attacker can cause the server to send HTTP requests to internal or external destinations by supplying crafted URLs. This can...

CVE-2026-27696

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private,...

CVE-2026-27696

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private,...

PT-2026-21867

Name of the Vulnerable Software and Affected Versions changedetection.io versions prior to 0.54.1 Description changedetection.io is a web page change detection tool susceptible to Server-Side Request Forgery SSRF. The is safe valid url function does not properly validate the resolved IP address o...