Lucene search
K

7 matches found

nvd
nvd
added 2026/06/03 7:16 p.m.12 views

CVE-2026-8889

Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching 25,020 hashes and CIPA blocklist matching 12,352 hashes...

7.5CVSS0.00249EPSS
Exploits0References1
osv
osv
added 2026/02/25 7:8 p.m.4 views

GHSA-3C45-4PJ5-CH7M changedetection.io is Vulnerable to SSRF via Watch URLs

Summary Changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private, loopback, or link-local address ranges. An authenticated user or any user when no password is...

8.6CVSS5.8AI score0.00445EPSS
Exploits1References4
github
github
added 2026/02/25 7:8 p.m.11 views

changedetection.io is Vulnerable to SSRF via Watch URLs

Summary Changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private, loopback, or link-local address ranges. An authenticated user or any user when no password is...

8.6CVSS5.6AI score0.00445EPSS
Exploits1References4Affected Software1
vulnrichment
vulnrichment
added 2026/02/25 4:16 a.m.4 views

CVE-2026-27696 changedetection.io Vulnerable to Server-Side Request Forgery (SSRF) via Watch URLs

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private,...

8.6CVSS5.5AI score0.00445EPSS
Exploits1References2
osv
osv
added 2026/02/25 4:16 a.m.5 views

CVE-2026-27696 changedetection.io Vulnerable to Server-Side Request Forgery (SSRF) via Watch URLs

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private,...

8.6CVSS5.7AI score0.00445EPSS
Exploits1References4
cvelist
cvelist
added 2026/02/25 4:16 a.m.26 views

CVE-2026-27696 changedetection.io Vulnerable to Server-Side Request Forgery (SSRF) via Watch URLs

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private,...

8.6CVSS0.00445EPSS
Exploits1References2
cve
cve
added 2026/02/25 4:16 a.m.22 views

CVE-2026-27696

CVE-2026-27696 affects changedetection.io prior to 0.54.1. The SSRF vulnerability arises because is_safe_valid_url() does not validate the resolved IP against private, loopback, or link-local ranges, allowing an authenticated user (or any user when no password is configured by default) to add wat...

8.6CVSS5.5AI score0.00445EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder