| CVE-2026-43891 |
high |
7.5 |
7.5 |
|
|
|
17d ago |
changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vu… |
| CVE-2026-41895 |
high |
7.5 |
7.5 |
|
|
|
17d ago |
changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpath_filter() switches to XML mode for XML/RSS content and creates etree.XMLParser(strip_cdata=False) … |
| CVE-2026-35490 |
unknown |
— |
— |
|
|
|
2mo ago |
changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @login_optionally_required decorator is placed before (outer to) @blueprint.route() instead of after it. … |
| CVE-2026-33981 |
unknown |
— |
— |
|
|
|
2mo ago |
Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters |
| CVE-2026-29065 |
unknown |
— |
— |
|
|
|
3mo ago |
changedetection.io has Zip Slip vulnerability in the backup restore functionality |
| CVE-2026-29039 |
unknown |
— |
— |
|
|
|
3mo ago |
changedetection.io vulnerable to XPath - Arbitrary File Read via unparsed-text() |
| CVE-2026-29038 |
unknown |
— |
— |
|
|
|
3mo ago |
changedetection.io has Reflected XSS in its RSS Tag Error Response |
| CVE-2026-27696 |
unknown |
— |
— |
|
|
|
3mo ago |
changedetection.io is Vulnerable to SSRF via Watch URLs |
| CVE-2026-27645 |
unknown |
— |
— |
|
|
|
3mo ago |
changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response |
| CVE-2025-62780 |
unknown |
— |
— |
|
|
|
7mo ago |
changedetection.io is a free open source web page change detection tool. A Stored Cross Site Scripting is present in changedetection.io Watch update API in versions prior to 0.50.34 due to insufficie… |
| CVE-2025-52558 |
unknown |
— |
— |
|
|
|
11mo ago |
ChangeDetection.io XSS in watch overview |
| CVE-2024-56509 |
unknown |
— |
— |
|
|
|
1y ago |
changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal |
| CVE-2024-51998 |
unknown |
— |
— |
|
|
|
2y ago |
changedetection.io path traversal using file URI scheme without supplying hostname |
| CVE-2024-51483 |
unknown |
— |
— |
|
|
|
2y ago |
changedetection.io Path Traversal |
| CVE-2024-32651 |
unknown |
— |
— |
|
|
|
2y ago |
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution |
| CVE-2024-34061 |
unknown |
— |
— |
|
|
|
2y ago |
changedetection.io Cross-site Scripting vulnerability |
| CVE-2024-23329 |
unknown |
— |
— |
|
|
|
2y ago |
changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint `/api/v1/watch/<uuid>/history` can be accessed by any unauthorized u… |
| CVE-2023-24769 |
unknown |
— |
— |
|
|
|
3y ago |
Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts … |