CVE-2026-41895
The CVE-2026-41895 entry concerns changedetection.io and documents an XXE vulnerability in its XML/RSS handling. In version 0.54.9 and earlier, xpath_filter() switches to XML mode and constructs etree.XMLParser(strip_cdata=False) without explicitly disabling external entity resolution, external D...