Webtechnologies

Changedetection

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2026-43891

Exploit
  • EPSS 0.35%
  • Veröffentlicht 12.05.2026 16:56:33
  • Zuletzt bearbeitet 15.05.2026 14:20:12

changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. W...

7.5

CVE-2026-41895

  • EPSS 0.27%
  • Veröffentlicht 12.05.2026 16:52:23
  • Zuletzt bearbeitet 13.05.2026 22:39:00

changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpath_filter() switches to XML mode for XML/RSS content and creates etree.XMLParser(strip_cdata=False) without explicitly disabling external entity resolu...

9.8

CVE-2026-35490

Exploit
  • EPSS 0.54%
  • Veröffentlicht 07.04.2026 14:55:24
  • Zuletzt bearbeitet 14.04.2026 20:27:38

changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @login_optionally_required decorator is placed before (outer to) @blueprint.route() instead of after it. In Flask, @route() must be the outermost decorator ...

6.5

CVE-2026-35000

  • EPSS 0.28%
  • Veröffentlicht 01.04.2026 18:09:35
  • Zuletzt bearbeitet 21.04.2026 00:15:47

ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation that allows attackers to read arbitrary local files by using unblocked XPath 3.0/3.1 functions such as json-doc() and similar...

6.5

CVE-2026-33981

Exploit
  • EPSS 0.48%
  • Veröffentlicht 27.03.2026 22:01:13
  • Zuletzt bearbeitet 02.04.2026 15:24:05

changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the `jq:` and `jqraw:` include filter expressions allow use of the jq `env` builtin, which reads all process environment variables and stores them as the watch ...

9.1

CVE-2026-29065

Exploit
  • EPSS 0.53%
  • Veröffentlicht 06.03.2026 07:16:02
  • Zuletzt bearbeitet 10.03.2026 20:00:57

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. This issue has...

6.1

CVE-2026-29038

Exploit
  • EPSS 0.28%
  • Veröffentlicht 06.03.2026 07:16:01
  • Zuletzt bearbeitet 10.03.2026 19:38:06

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting (XSS) vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The tag_uuid path parameter is...

7.5

CVE-2026-29039

Exploit
  • EPSS 0.48%
  • Veröffentlicht 06.03.2026 07:16:01
  • Zuletzt bearbeitet 10.03.2026 19:37:32

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the include_filters field. These XPath expressions a...

8.6

CVE-2026-27696

Exploit
  • EPSS 0.45%
  • Veröffentlicht 25.02.2026 04:16:22
  • Zuletzt bearbeitet 26.02.2026 15:34:26

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery (SSRF) because the URL validation function `is_safe_valid_url()` does not validate t...

6.1

CVE-2026-27645

Exploit
  • EPSS 0.45%
  • Veröffentlicht 25.02.2026 04:06:58
  • Zuletzt bearbeitet 25.02.2026 16:51:33

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Since Flask returns text/ht...