CVE-2026-27696
- EPSS 0.04%
- Veröffentlicht 25.02.2026 04:16:22
- Zuletzt bearbeitet 26.02.2026 15:34:26
changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery (SSRF) because the URL validation function `is_safe_valid_url()` does not validate t...
CVE-2026-27645
- EPSS 0.03%
- Veröffentlicht 25.02.2026 04:06:58
- Zuletzt bearbeitet 25.02.2026 16:51:33
changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Since Flask returns text/ht...
CVE-2026-25527
- EPSS 0.06%
- Veröffentlicht 19.02.2026 14:18:18
- Zuletzt bearbeitet 19.02.2026 19:54:04
changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the `/static/<group>/<filename>` route accepts `group=".."`, which causes `send_from_directory("static/..", filename)` to execute. This moves the ba...
CVE-2024-23329
- EPSS 0.45%
- Veröffentlicht 19.01.2024 20:15:13
- Zuletzt bearbeitet 19.02.2026 17:44:46
changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint `/api/v1/watch/<uuid>/history` can be accessed by any unauthorized user. As a result any unauthorized user can check on...
CVE-2023-24769
- EPSS 0.75%
- Veröffentlicht 17.02.2023 22:15:14
- Zuletzt bearbeitet 19.02.2026 17:44:46
Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL...