CVE-2026-33153

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint exposes a hidden ?debug=true query parameter that returns the complete raw SQL query being executed, including all table names, column names, JO...

CVE-2026-33153

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint exposes a hidden ?debug=true query parameter that returns the complete raw SQL query being executed, including all table names, column names, JO...

EUVD-2026-16317

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint exposes a hidden ?debug=true query parameter that returns the complete raw SQL query being executed, including all table names, column names, JO...

CVE-2026-33153 Tandoor Recipes's Unauthenticated Debug Parameter Leaks Full Raw SQL Queries Including Schema, Table Names, and Access Control Logic

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint exposes a hidden ?debug=true query parameter that returns the complete raw SQL query being executed, including all table names, column names, JO...

CVE-2026-33153 Tandoor Recipes's Unauthenticated Debug Parameter Leaks Full Raw SQL Queries Including Schema, Table Names, and Access Control Logic

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint exposes a hidden ?debug=true query parameter that returns the complete raw SQL query being executed, including all table names, column names, JO...

CVE-2026-33153

Tandoor Recipes prior to version 2.6.0 exposes a hidden query parameter ?debug=true in the Recipe API endpoint that returns the full raw SQL being executed, including table/column names, JOINs, WHERE conditions (reveling access control logic) and multi-tenant space IDs. This parameter remains ava...

CVE-2026-33153 Tandoor Recipes's Unauthenticated Debug Parameter Leaks Full Raw SQL Queries Including Schema, Table Names, and Access Control Logic

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint exposes a hidden ?debug=true query parameter that returns the complete raw SQL query being executed, including all table names, column names, JO...

CVE-2026-33153

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint exposes a hidden ?debug=true query parameter that returns the complete raw SQL query being executed, including all table names, column names, JO...

PT-2026-28472

Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions prior to 2.6.0 Description The application is designed for managing recipes, planning meals, and creating shopping lists. A hidden query parameter, ?debug=true, within the Recipe API endpoint reveals the complete raw S...

EUVD-2005-0461

Malware in sbrugna...

EUVD-2006-2754

Malware in sbrugna...

EUVD-2018-11736

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2022-50091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: locking/csdlock: Change csdlockdebug from earlyparam to setup The csdlockdebug kernel-boot...

CVE-2024-37571

Buffer Overflow vulnerability in SAS Broker 9.2 build 1495 allows attackers to cause denial of service or obtain sensitive information via crafted payload to the 'debug' parameter...

CVE-2024-13366

CVE-2024-13366 concerns the Sandbox plugin for WordPress, which is vulnerable to Reflected Cross-Site Scripting via the debug parameter in all versions up to 0.4 due to insufficient input sanitization and output escaping. The CVE description states this allows unauthenticated attackers to inject ...

CVE-2024-13366 Sandbox <= 0.4 - Reflected Cross-Site Scripting

The Sandbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'debug' parameter in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

PT-2025-2134 · WordPress · Sandbox

Name of the Vulnerable Software and Affected Versions: Sandbox plugin for WordPress versions up to and including 0.4 Description: The issue is related to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages through the...

PT-2024-27667 · Sas · Sas Broker

Name of the Vulnerable Software and Affected Versions: SAS Broker version 9.2 build 1495 Description: The issue allows attackers to cause denial of service or obtain sensitive information via a crafted payload to the debug parameter. Recommendations: For SAS Broker version 9.2 build 1495, conside...

CVE-2024-36950

In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until busresetwork has serviced and cleared the...

CVE-2024-36950

CVE-2024-36950 is a Linux kernel vulnerability resolved in the FireWire OHCI driver. The issue occurred in the interrupt handler when a bus reset interrupt could be unmasked and cause a freeze if the bus reset was not yet serviced. The fix masks bus reset interrupts in the IRQ handler and unmasks...