Lucene search
+L

9 matches found

RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.8 views

CVE-2026-43891

changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application...

7.5CVSS5.8AI score0.00354EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/05 9:16 p.m.13 views

changedetection.io has an Arbitrary Local File Read via a crafted backup restore

Details The vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into th...

7.5CVSS5.9AI score0.00354EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.12 views

PT-2026-28531

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description The objects/playlistsVideos.json.php endpoint does not enforce authentication or authorization checks, allowing access to the full video contents of any playlist by its ID. While private...

5.3CVSS5.9AI score0.00295EPSS
Exploits1References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in watch-history-kcl (npm)

The package watch-history-kcl was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-38803 Malicious code in watch-history-kcl (npm)

The package watch-history-kcl was found to contain malicious code...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 8:44 a.m.3 views

CVE-2024-23329

changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint /api/v1/watch//history can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party...

3.7CVSS6.7AI score0.00587EPSS
Exploits1References1
NVD
NVD
added 2024/01/19 8:15 p.m.25 views

CVE-2024-23329

changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint /api/v1/watch//history can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party...

3.7CVSS4AI score0.00587EPSS
Exploits1References2
PyPA
PyPA
added 2024/01/19 8:15 p.m.8 views

PYSEC-2024-15

changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint /api/v1/watch//history can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party...

3.7CVSS6.7AI score0.00587EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2024/01/19 7:49 p.m.32 views

CVE-2024-23329 changedetection.io API endpoint is not secured with API token

changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint /api/v1/watch//history can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party...

3.7CVSS4.3AI score0.00587EPSS
Exploits1References2
Rows per page
Query Builder