EUVD-2022-37573

Malicious code in bioql PyPI...

EUVD-2022-37565

Malicious code in bioql PyPI...

CVE-2022-34621

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference IDOR vulnerability which allows attackers to modify user passwords and other attributes via modification of the userid parameter...

CVE-2022-34621

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference IDOR vulnerability which allows attackers to modify user passwords and other attributes via modification of the userid parameter...

CVE-2022-34615

Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks...

CVE-2022-34624

Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request...

Design/Logic Flaw

Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks...

CVE-2022-34621

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference IDOR vulnerability which allows attackers to modify user passwords and other attributes via modification of the userid parameter...

CVE-2022-34615

Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks...

PT-2022-22252 · Mealie · Mealie

Name of the Vulnerable Software and Affected Versions: Mealie version 1.0.0beta3 Description: The issue allows attackers to perform a man-in-the-middle attack via a crafted GET request, as download tokens are not terminated after a user logs out. Recommendations: For Mealie version 1.0.0beta3, as...

PT-2022-22250 · Mealie · Mealie

Name of the Vulnerable Software and Affected Versions: Mealie version 1.0.0beta3 Description: The issue allows attackers to modify user passwords and other attributes via modification of the user id parameter. This is due to an Insecure Direct Object Reference IDOR vulnerability. Recommendations:...

Mealie 安全漏洞

Mealie is a self-hosted recipe manager and meal planner by Hayden Individual Developers in the United States. A security vulnerability exists in Mealie version 1.0.0beta3, which stems from the use of weak passwords, allowing an attacker to gain unauthorized access to the application via a brute...

CVE-2022-34625

CVE-2022-34625 affects Mealie 1.0.0beta3 with a Server-Side Template Injection via a crafted Jinja2 template, enabling arbitrary code execution. CVSS v3.1: 7.2 (HIGH) base score; AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. Impact: High on confidentiality, integrity, and availability. Affected product/ve...

CVE-2022-34613

Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file...

CVE-2022-34618

A stored cross-site scripting XSS vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field...

CVE-2022-34613

Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file...

Design/Logic Flaw

Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file...

CVE-2022-34613

Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file...

PT-2022-22245 · Mealie · Mealie

Name of the Vulnerable Software and Affected Versions: Mealie version 1.0.0beta3 Description: The issue allows attackers to execute arbitrary code via a crafted file, exploiting an arbitrary file upload vulnerability. Recommendations: For Mealie version 1.0.0beta3, as a temporary workaround,...

Mealie 代码注入漏洞

Mealie is a self-hosted recipe manager and meal planner by an individual developer in Hayden, USA. A code injection vulnerability exists in Mealie version 1.0.0beta3. An attacker can exploit this vulnerability to execute arbitrary code via a specially crafted Jinja2 template...