Incomplete List of Disallowed Inputs

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the SafeXPath3Parser implementation. An attacker can access sensitive files from the local filesystem by leveraging unblock...

changedetection.io 安全漏洞

Changedetection.io is a website-based application developed by dgtlmoon, designed for change detection, monitoring, and notification. Version 0.54.7 of ChangeDetection.io contained a security vulnerability, which stemmed from a protection bypass in the SafeXPath3Parser implementation. This...

CVE-2026-33981 Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters

changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the jq: and jqraw: include filter expressions allow use of the jq env builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated user or unauthenticated us...

CVE-2026-33981 Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters

changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the jq: and jqraw: include filter expressions allow use of the jq env builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated user or unauthenticated us...

CVE-2026-33981

changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the jq: and jqraw: include filter expressions allow use of the jq env builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated user or unauthenticated us...