7 matches found
CVE-2026-8889
Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching 25,020 hashes and CIPA blocklist matching 12,352 hashes...
changedetection.io is Vulnerable to SSRF via Watch URLs
Summary Changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private, loopback, or link-local address ranges. An authenticated user or any user when no password is...
GHSA-3C45-4PJ5-CH7M changedetection.io is Vulnerable to SSRF via Watch URLs
Summary Changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private, loopback, or link-local address ranges. An authenticated user or any user when no password is...
CVE-2026-27696 changedetection.io Vulnerable to Server-Side Request Forgery (SSRF) via Watch URLs
changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private,...
CVE-2026-27696 changedetection.io Vulnerable to Server-Side Request Forgery (SSRF) via Watch URLs
changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private,...
CVE-2026-27696
CVE-2026-27696 affects changedetection.io prior to 0.54.1. The SSRF vulnerability arises because is_safe_valid_url() does not validate the resolved IP against private, loopback, or link-local ranges, allowing an authenticated user (or any user when no password is configured by default) to add wat...
CVE-2026-27696 changedetection.io Vulnerable to Server-Side Request Forgery (SSRF) via Watch URLs
changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private,...