Changedetection.io@* Security Vulnerabilities and Issues — Changedetection.io@* CVE List

Lucene search

DgtlmoonChangedetection.io*

7 matches found

CVE•added 2024/01/19 8:15 p.m.•204 views

CVE-2024-23329

changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint /api/v1/watch//history can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party fir...

3.7CVSS4AI score0.00345EPSS

CVE•added 2024/04/26 12:15 a.m.•157 views

CVE-2024-32651

changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction...

10CVSS9.8AI score0.92333EPSS

CVE•added 2024/05/02 2:15 p.m.•53 views

CVE-2024-34061

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notification_urls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when ...

4.3CVSS5.9AI score0.18523EPSS

CVE•added 2024/12/27 4:15 p.m.•46 views

CVE-2024-56509

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read (LFR) or path traversal attacks. These vulnerabilities occur when user input is ...

8.6CVSS8.5AI score0.00111EPSS

CVE•added 2024/11/08 12:15 a.m.•45 views

CVE-2024-51998

changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOW_FILE_URI false or not defined. The...

8.6CVSS8.5AI score0.00045EPSS

CVE•added 2024/11/01 5:15 p.m.•37 views

CVE-2024-51483

changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked. Version 0.47.5 fixes the is...

6.9CVSS6.7AI score0.12064EPSS

CVE•added 2025/06/23 9:15 p.m.•10 views

CVE-2025-52558

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change detection watches were not being filtered resulting in a cross-site scripting (XSS) vulnerability. This ...

7CVSS5.7AI score0.0002EPSS