Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

changedetection.io — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in changedetection.io, with AI-generated Chinese analysis, references, and POCs.

Vendor: dgtlmoon

CVE IDTitleCVSSSeverityPublished
CVE-2026-35490 changedetection.io has an Authentication Bypass via Decorator Ordering CWE-863 9.8 Critical2026-04-07
CVE-2026-35000 ChangeDetection.io < 0.54.7 SafeXPath3Parser Bypass Arbitrary File Read CWE-184 6.5 Medium2026-04-01
CVE-2026-33981 Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters CWE-200 7.5 -2026-03-27
CVE-2026-29065 changedetection.io: Zip Slip vulnerability in the backup restore functionality CWE-22 6.5 -2026-03-06
CVE-2026-29039 changedetection.io: XPath - Arbitrary File Read via unparsed-text() CWE-94 6.5 -2026-03-06
CVE-2026-29038 changedetection.io: Reflected XSS in RSS Tag Error Response CWE-79 6.1 Medium2026-03-06
CVE-2026-27696 changedetection.io Vulnerable to Server-Side Request Forgery (SSRF) via Watch URLs CWE-918 8.6 High2026-02-25
CVE-2026-27645 changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response CWE-79 6.1 Medium2026-02-25
CVE-2026-25527 changedetection.io vulnerable to unauthenticated static path traversal CWE-22 5.3 Medium2026-02-19
CVE-2025-62780 changedetection.io vulnerable to stored XSS in Watch update via API CWE-79 3.5 Low2025-11-10
CVE-2025-52558 ChangeDetection.io XSS in watch overview CWE-79 5.4AIMediumAI2025-06-23
CVE-2024-56509 changedetection.io has Improper Input Validation Leading to LFR/Path Traversal CWE-200 8.6 High2024-12-27
CVE-2024-51998 Path traversal using file URI scheme without supplying hostname in changedetection.io CWE-22 8.6 High2024-11-07
CVE-2024-51483 changedetection.io Path Traversal vulnerability CWE-22 6.5AIMediumAI2024-11-01
CVE-2024-34061 Reflected cross site scripting in changedetection.io CWE-79 4.3 Medium2024-05-02
CVE-2024-32651 Server Side Template Injection in Jinja2 allows Remote Command Execution CWE-1336 10.0 Critical2024-04-25
CVE-2024-23329 changedetection.io API endpoint is not secured with API token CWE-863 3.7 Low2024-01-19

All 17 known CVE vulnerabilities affecting changedetection.io with full Chinese analysis, references, and POCs where available.