Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

dgtlmoon — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting dgtlmoon. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Dgtlmoon develops digital asset management solutions primarily serving creative industries and content-heavy organizations. Historically, their products have been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for the majority of their 17 recorded CVEs. While no major public security incidents have been documented, their vulnerability history suggests consistent challenges in input validation and access control. The company's security posture has shown gradual improvement over time, with more recent releases addressing earlier patterns of insecure direct object references and insufficient session management.

Top products by dgtlmoon: changedetection.io
CVE IDTitleCVSSSeverityPublished
CVE-2026-35490 changedetection.io has an Authentication Bypass via Decorator Ordering — changedetection.ioCWE-863 9.8 Critical2026-04-07
CVE-2026-35000 ChangeDetection.io < 0.54.7 SafeXPath3Parser Bypass Arbitrary File Read — ChangeDetection.ioCWE-184 6.5 Medium2026-04-01
CVE-2026-33981 Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters — changedetection.ioCWE-200 7.5 -2026-03-27
CVE-2026-29065 changedetection.io: Zip Slip vulnerability in the backup restore functionality — changedetection.ioCWE-22 6.5 -2026-03-06
CVE-2026-29039 changedetection.io: XPath - Arbitrary File Read via unparsed-text() — changedetection.ioCWE-94 6.5 -2026-03-06
CVE-2026-29038 changedetection.io: Reflected XSS in RSS Tag Error Response — changedetection.ioCWE-79 6.1 Medium2026-03-06
CVE-2026-27696 changedetection.io Vulnerable to Server-Side Request Forgery (SSRF) via Watch URLs — changedetection.ioCWE-918 8.6 High2026-02-25
CVE-2026-27645 changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response — changedetection.ioCWE-79 6.1 Medium2026-02-25
CVE-2026-25527 changedetection.io vulnerable to unauthenticated static path traversal — changedetection.ioCWE-22 5.3 Medium2026-02-19
CVE-2025-62780 changedetection.io vulnerable to stored XSS in Watch update via API — changedetection.ioCWE-79 3.5 Low2025-11-10
CVE-2025-52558 ChangeDetection.io XSS in watch overview — changedetection.ioCWE-79 5.4AIMediumAI2025-06-23
CVE-2024-56509 changedetection.io has Improper Input Validation Leading to LFR/Path Traversal — changedetection.ioCWE-200 8.6 High2024-12-27
CVE-2024-51998 Path traversal using file URI scheme without supplying hostname in changedetection.io — changedetection.ioCWE-22 8.6 High2024-11-07
CVE-2024-51483 changedetection.io Path Traversal vulnerability — changedetection.ioCWE-22 6.5AIMediumAI2024-11-01
CVE-2024-34061 Reflected cross site scripting in changedetection.io — changedetection.ioCWE-79 4.3 Medium2024-05-02
CVE-2024-32651 Server Side Template Injection in Jinja2 allows Remote Command Execution — changedetection.ioCWE-1336 10.0 Critical2024-04-25
CVE-2024-23329 changedetection.io API endpoint is not secured with API token — changedetection.ioCWE-863 3.7 Low2024-01-19

This page lists every published CVE security advisory associated with dgtlmoon. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.