VYPR
Vendor

Webtechnologies

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2026-35490CriApr 7, 2026
    risk 0.57cvss 9.8epss 0.01

    changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @login_optionally_required decorator is placed before (outer to) @blueprint.route() instead of after it. In Flask, @route() must be the outermost decorator because it registers the…

  • CVE-2026-43891HigMay 12, 2026
    risk 0.49cvss 7.5epss 0.00

    changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored,…

  • CVE-2026-41895HigMay 12, 2026
    risk 0.42cvss 7.5epss 0.00

    changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpath_filter() switches to XML mode for XML/RSS content and creates etree.XMLParser(strip_cdata=False) without explicitly disabling external entity resolution, external DTD loading,…

  • CVE-2026-35000MedApr 1, 2026
    risk 0.35cvss 6.5epss 0.00

    ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation that allows attackers to read arbitrary local files by using unblocked XPath 3.0/3.1 functions such as json-doc() and similar file-access primitives.…

  • CVE-2026-33981MedMar 27, 2026
    risk 0.35cvss 6.5epss 0.00

    changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the `jq:` and `jqraw:` include filter expressions allow use of the jq `env` builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated…