| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-35490 | changedetection.io has an Authentication Bypass via Decorator Ordering | dgtlmoon | changedetection.io | Critical | 9.8 | 2026-04-07 14:55:24 | Deep Dive |
| CVE-2026-35000 | ChangeDetection.io < 0.54.7 SafeXPath3Parser Bypass Arbitrary File Read | dgtlmoon | ChangeDetection.io | Medium | 6.5 | 2026-04-01 18:09:36 | Deep Dive |
| CVE-2026-33981 | Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters | dgtlmoon | changedetection.io | 中危 | - | 2026-03-27 22:01:14 | Deep Dive |
| CVE-2026-29065 | changedetection.io: Zip Slip vulnerability in the backup restore functionality | dgtlmoon | changedetection.io | 中危 | - | 2026-03-06 06:54:28 | Deep Dive |
| CVE-2026-29039 | changedetection.io: XPath - Arbitrary File Read via unparsed-text() | dgtlmoon | changedetection.io | 中危 | - | 2026-03-06 06:54:16 | Deep Dive |
| CVE-2026-29038 | changedetection.io: Reflected XSS in RSS Tag Error Response | dgtlmoon | changedetection.io | Medium | 6.1 | 2026-03-06 06:53:57 | Deep Dive |
| CVE-2026-27696 | changedetection.io Vulnerable to Server-Side Request Forgery (SSRF) via Watch URLs | dgtlmoon | changedetection.io | High | 8.6 | 2026-02-25 04:16:23 | Deep Dive |
| CVE-2026-27645 | changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response | dgtlmoon | changedetection.io | Medium | 6.1 | 2026-02-25 04:06:58 | Deep Dive |
| CVE-2026-25527 | changedetection.io vulnerable to unauthenticated static path traversal | dgtlmoon | changedetection.io | Medium | 5.3 | 2026-02-19 14:18:19 | Deep Dive |
| CVE-2025-62780 | changedetection.io vulnerable to stored XSS in Watch update via API | dgtlmoon | changedetection.io | Low | 3.5 | 2025-11-10 21:18:53 | Deep Dive |
| CVE-2025-52558 | ChangeDetection.io XSS in watch overview | dgtlmoon | changedetection.io | - | - | 2025-06-23 20:52:24 | Deep Dive |
| CVE-2024-56509 | changedetection.io has Improper Input Validation Leading to LFR/Path Traversal | dgtlmoon | changedetection.io | High | 8.6 | 2024-12-27 15:56:04 | Deep Dive |
| CVE-2024-51998 | Path traversal using file URI scheme without supplying hostname in changedetection.io | dgtlmoon | changedetection.io | High | 8.6 | 2024-11-07 23:34:07 | Deep Dive |
| CVE-2024-51483 | changedetection.io Path Traversal vulnerability | dgtlmoon | changedetection.io | - | - | 2024-11-01 16:19:50 | Deep Dive |
| CVE-2024-34061 | Reflected cross site scripting in changedetection.io | dgtlmoon | changedetection.io | Medium | 4.3 | 2024-05-02 13:58:22 | Deep Dive |
| CVE-2024-32651 | Server Side Template Injection in Jinja2 allows Remote Command Execution | dgtlmoon | changedetection.io | Critical | 10.0 | 2024-04-25 23:49:29 | Deep Dive |
| CVE-2024-23329 | changedetection.io API endpoint is not secured with API token | dgtlmoon | changedetection.io | Low | 3.7 | 2024-01-19 19:49:55 | Deep Dive |